[Freeipa-users] unable to delete a replica server
Ludwig Krispenz
lkrispen at redhat.com
Fri Aug 12 07:13:08 UTC 2016
Hi Torsten,
I haven't seen which version you are using. There was a bug in ipa where
it attempted to delete a master before all services were deleted:
https://fedorahosted.org/freeipa/ticket/5019
You can delete the services below the master by using ldapmodify, but I
am not sure if this will be sufficient.
Ludwig
On 08/12/2016 08:06 AM, Torsten Harenberg wrote:
> Am 11.08.16 um 17:58 schrieb Rob Crittenden:
>> Torsten Harenberg wrote:
>>> Hi,
>>>
>>> we have three ipa servers
>>>
>>> - ipa
>>> - ipa2
>>> - ipacentos7
>>>
>>> We wanted to re-install ipa2 from scratch as this server gave us strange
>>> issues in the past (for example, you have to do a "ipactl stop && ipactl
>>> start" after boot to have everything running - a step which is not
>>> needed on the other two).
>>>
>>> However, the ipa-replica-manage del ipa2.pleiades.uni-wuppertal.de gave
>>> an error at the end (it scrolled out of the terminal, but ended with
>>> "unexpected error: Not allowed on non-leaf entry").
>>>
>>> It seems to be impossible to get rid of this replica now:
>>>
>>> [root at ipa ~]# ipa-replica-manage -v -f -c del
>>> ipa2.pleiades.uni-wuppertal.de
>>> Directory Manager password:
>>>
>>> Cleaning a master is irreversible.
>>> This should not normally be require, so use cautiously.
>>> Continue to clean master? [no]: yes
>>> unexpected error: Not allowed on non-leaf entry
>>> [root at ipa ~]# ipa-replica-manage list
>>> Directory Manager password:
>>>
>>> ipacentos7.pleiades.uni-wuppertal.de: master
>>> ipa.pleiades.uni-wuppertal.de: master
>>> ipa2.pleiades.uni-wuppertal.de: master
>>> [root at ipa ~]#
>>>
>>> [root at ipa ~]# ipa-csreplica-manage -v del ipa2.pleiades.uni-wuppertal.de
>>> Directory Manager password:
>>>
>>> Deleted replication agreement from 'ipa.pleiades.uni-wuppertal.de' to
>>> 'ipa2.pleiades.uni-wuppertal.de'
>>> [root at ipa ~]# ipa-replica-manage list
>>> Directory Manager password:
>>>
>>> ipacentos7.pleiades.uni-wuppertal.de: master
>>> ipa.pleiades.uni-wuppertal.de: master
>>> ipa2.pleiades.uni-wuppertal.de: master
>>> [root at ipa ~]#
>>>
>>> Any ideas how to proceed from here?
>> Seems like an error that LDAP is throwing. There might be details in
>> /var/log/dirsrv/slapd-REALM/{access|errors}
>>
>> It sounds like when IPA tried to delete some entry it failed because
>> that entry has children. The logs should help pinpoint which entry it is
>> failing on.
>>
>> rob
>
> Hmm.. unfortunately, there is nothing which tells us here something. The
> last entries in error containing "ipa2" are
>
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:54:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:12:59:59 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:09:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [11/Aug/2016:13:39:46 +0200] attrlist_replace - attr_replace
> (nsslapd-referral, ldap://ipa2.pleiades.uni-wuppertal.de:389/o%3Dipaca)
> failed.
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#
>
> And those stopped after issuing the ipa-replica-manage del command for
> the first time.
>
> Surprisingly, these messages are in the log even for the freshly
> installed "ipacentos7" replica:
>
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]# tail -3 errors
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [12/Aug/2016:07:24:43 +0200] attrlist_replace - attr_replace
> (nsslapd-referral,
> ldap://ipacentos7.pleiades.uni-wuppertal.de:389/o%3Dipaca) failed.
> [root at ipa slapd-PLEIADES-UNI-WUPPERTAL-DE]#
>
> The log in access is a bit delayed, but when executing this:
>
> [root at ipa ~]# ipa-replica-manage -v -f -c del
> ipa2.pleiades.uni-wuppertal.de
> Directory Manager password:
>
> Cleaning a master is irreversible.
> This should not normally be require, so use cautiously.
> Continue to clean master? [no]: yes
> unexpected error: Not allowed on non-leaf entry
> [root at ipa ~]#
>
> we get a lengthy log like that one here, but these can be completely
> unrelated:
>
>
> [root at ipa ~]# tail -f /var/log/dirsrv/slapd-PLEIADES-UNI-WUPPERTAL-DE/access
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=31 SRCH
> base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=31 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=32 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:74197518-2952-11e5-99a3-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:36:39 +0200] conn=44409 op=32 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:48 +0200] conn=44381 op=14 UNBIND
> [12/Aug/2016:07:36:48 +0200] conn=44381 op=14 fd=78 closed - U1
> [12/Aug/2016:07:36:50 +0200] conn=44423 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:36:50 +0200] conn=44423 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:51 +0200] conn=44511 op=10 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=postfix)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType"
> [12/Aug/2016:07:36:51 +0200] conn=44511 op=10 RESULT err=0 tag=101
> nentries=0 etime=0
>
>
> *** STARTING COMMAND
>
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=atlasprd020)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=16 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=17 SRCH
> base="cn=ipausers,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=17 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=18 SRCH
> base="cn=atlasprd,cn=groups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=18 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=19 SRCH
> base="ipaUniqueID=925abf6e-2a1a-11e5-8ed3-00163e040d17,cn=hbac,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0
> filter="(&(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=19 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=20 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:1f9346aa-2951-11e5-9d7e-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:36:54 +0200] conn=44489 op=20 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=44536 fd=78 slot=78 connection from
> 132.195.124.203 to 132.195.124.12
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=0 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="* altServer namingContexts
> supportedControl supportedExtension supportedFeatures
> supportedLDAPVersion supportedSASLMechanisms
> domaincontrollerfunctionality defaultnamingcontext lastusn
> highestcommittedusn aci"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=0 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723627 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723627 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723628 SRCH
> base="cn=ipaConfig,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs="ipaConfigString ipaKrbAuthzData
> ipaUserAuthType"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723628 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723629 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723629 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723630 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723630 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723631 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723631 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723632 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723632 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723633 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723633 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723634 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723634 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723635 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723635 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723636 SRCH
> base="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
> gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
> ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
> ipaNTHomeDirectoryDrive"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723636 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723637 SRCH
> base="cn=lustre3.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723637 RESULT err=32 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723638 MOD
> dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723638 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57ad81dc000000040000
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723639 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723639 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723640 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723640 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723641 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723641 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723642 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/lustre3.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723642 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723643 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:36:55 +0200] conn=2 op=723643 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=1 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=2 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=3 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=3 RESULT err=0 tag=97
> nentries=0 etime=0
> dn="fqdn=lustre3.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=4 SRCH
> base="ou=SUDOers,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=lustre3.pleiades.uni-wuppertal.de)(sudoHost=lustre3)(sudoHost=132.195.124.203)(sudoHost=132.195.124.0/23)(sudoHost=fe80::da9d:67ff:fe60:9400)(sudoHost=fe80::/64)(sudoHost=+*)(|(sudoHost=*\5C*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))"
> attrs="objectClass cn sudoCommand sudoHost sudoUser sudoOption sudoRunAs
> sudoRunAsUser sudoRunAsGroup sudoNotBefore sudoNotAfter sudoOrder entryusn"
> [12/Aug/2016:07:36:55 +0200] conn=44536 op=4 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=8 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=8 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=9 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=9 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=10 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44533 op=10 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=27 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=27 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=28 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=28 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=29 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:06 +0200] conn=44390 op=29 RESULT err=0 tag=101
> nentries=0 etime=0
>
> [...]
>
> [12/Aug/2016:07:37:08 +0200] conn=44382 op=27 fd=184 closed - U1
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:09 +0200] conn=44428 op=16 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=21 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=pnilsson)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=21 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=22 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=zp)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=22 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=23 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uid=atlact1)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=23 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=24 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=def-cg)(|(objectClass=ipaUserGroup)(objectClass=posixGroup))(cn=*)(&(gidNumber=*)(!(gidNumber=0))))"
> attrs="objectClass posixgroup cn userPassword gidNumber member
> ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44489 op=24 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:11 +0200] conn=44383 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:11 +0200] conn=44383 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
>
> [...]
>
> [12/Aug/2016:07:37:14 +0200] conn=44538 fd=184 slot=184 connection from
> 132.195.124.25 to 132.195.124.12
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=0 SRCH base="" scope=0
> filter="(objectClass=*)" attrs="* altServer namingContexts
> supportedControl supportedExtension supportedFeatures
> supportedLDAPVersion supportedSASLMechanisms
> domaincontrollerfunctionality defaultnamingcontext lastusn
> highestcommittedusn aci"
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=0 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=44539 fd=216 slot=216 SSL connection
> from 132.195.124.12 to 132.195.124.12
> [12/Aug/2016:07:37:14 +0200] conn=44539 TLS1.2 128-bit AES
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=0 BIND dn="cn=directory
> manager" method=128 version=3
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723644 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=1 SRCH base="cn=mapping
> tree,cn=config" scope=2
> filter="(&(|(&(objectClass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=dc=pleiades,dc=uni-wuppertal,dc=de))(objectClass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=ipa2.pleiades.uni-wuppertal.de))"
> attrs=ALL
> [12/Aug/2016:07:37:14 +0200] conn=44539 op=1 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723644 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723645 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723645 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723646 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723646 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723647 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723647 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723648 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723648 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723649 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723649 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723650 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723650 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723651 SRCH
> base="cn=global_policy,cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="krbMaxPwdLife krbMinPwdLife
> krbPwdMinDiffChars krbPwdMinLength krbPwdHistoryLength krbPwdMaxFailure
> krbPwdFailureCountInterval krbPwdLockoutDuration"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723651 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723652 SRCH
> base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
> gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier
> ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory
> ipaNTHomeDirectoryDrive"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723652 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723653 SRCH
> base="cn=wnfg005.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723653 RESULT err=32 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723654 MOD
> dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723654 RESULT err=0 tag=103
> nentries=0 etime=0 csn=57ad81ef000000040000
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723655 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=krbtgt/PLEIADES.UNI-WUPPERTAL.DE at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723656 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)(krbPrincipalName=ldap/ipa.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723655 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723657 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723657 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723658 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/wnfg005.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE))"
> attrs="krbPrincipalName krbCanonicalName ipaKrbPrincipalAlias
> krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbExtraData
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723656 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723659 SRCH
> base="cn=PLEIADES.UNI-WUPPERTAL.DE,cn=kerberos,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=krbticketpolicyaux)"
> attrs="krbMaxTicketLife krbMaxRenewableAge krbTicketFlags"
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723659 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=2 op=723658 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:14 +0200] conn=44538 op=1 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=1 RESULT err=14 tag=97
> nentries=0 etime=1, SASL bind in progress
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=2 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=2 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=3 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=3 RESULT err=0 tag=97
> nentries=0 etime=0
> dn="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=4 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipaHost)(fqdn=wnfg005.pleiades.uni-wuppertal.de))"
> attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=4 RESULT err=0 tag=101
> nentries=1 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=5 SRCH
> base="fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=5 RESULT err=0 tag=101
> nentries=1 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=6 SRCH
> base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipasudocmdgrp)(entryusn>=1))" attrs="objectClass
> ipaUniqueID cn member entryusn"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=6 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=7 SRCH
> base="cn=sudo,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=wnfg005.pleiades.uni-wuppertal.de,cn=computers,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de)(memberHost=cn=worker_nodes,cn=hostgroups,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de))(entryusn>=1))"
> attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs
> ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser
> sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory
> userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory
> ipaSudoRunAsExtUser ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup entryusn"
> [12/Aug/2016:07:37:15 +0200] conn=44538 op=7 RESULT err=0 tag=101
> nentries=0 etime=0 notes=P pr_idx=0
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=26 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(uidNumber=51437)(objectClass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))"
> attrs="objectClass uid userPassword uidNumber gidNumber gecos
> homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID
> ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange
> shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag
> krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService
> accountexpires useraccountcontrol nsAccountLock host logindisabled
> loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType
> usercertificate;binary"
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=26 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=27 SRCH base="cn=Default
> Trust View,cn=views,cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2
> filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:IPA:pleiades.uni-wuppertal.de:93718aaa-2951-11e5-9bdf-00163e040d17))"
> attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44422 op=27 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=2 SRCH
> base="dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(krbPrincipalName=*/ipa2.pleiades.uni-wuppertal.de at PLEIADES.UNI-WUPPERTAL.DE)"
> attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=2 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=3 MOD
> dn="cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=4 MOD
> dn="cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=3 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000200040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=4 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000300040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=5 MOD
> dn="cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=6 SRCH
> base="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=2 filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=6 RESULT err=0 tag=101
> nentries=7 etime=0 notes=U
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=5 RESULT err=16 tag=103
> nentries=0 etime=0 csn=57ad81f0000400040000
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=7 SRCH base="cn=schema"
> scope=0 filter="(objectClass=*)" attrs="attributeTypes objectClasses"
> [12/Aug/2016:07:37:15 +0200] conn=44539 op=7 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=14 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=dccp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=14 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=15 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=udplite)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=15 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=16 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:16 +0200] conn=44442 op=16 RESULT err=0 tag=101
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=8 DEL
> dn="cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=8 RESULT err=66 tag=107
> nentries=0 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=9 SRCH
> base="cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=9 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=10 SRCH
> base="cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=10 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=11 SRCH
> base="cn=certificates,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de"
> scope=0 filter="(objectClass=*)" attrs="aci"
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=11 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=12 SRCH
> base="cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(dnaHostname=ipa2.pleiades.uni-wuppertal.de)" attrs=ALL
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=12 RESULT err=0 tag=101
> nentries=0 etime=0 notes=U
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=13 SRCH
> base="cn=default,ou=profile,dc=pleiades,dc=uni-wuppertal,dc=de" scope=0
> filter="(objectClass=*)" attrs=ALL
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=13 RESULT err=0 tag=101
> nentries=1 etime=0
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=14 UNBIND
> [12/Aug/2016:07:37:16 +0200] conn=44539 op=14 fd=216 closed - U1
>
> [...]
>
> [12/Aug/2016:07:37:22 +0200] conn=44405 op=30 SRCH
> base="cn=accounts,dc=pleiades,dc=uni-wuppertal,dc=de" scope=2
> filter="(&(cn=ntp)(ipServiceProtocol=sctp)(objectClass=ipService))"
> attrs="objectClass cn ipServicePort ipServiceProtocol entryusn"
> [12/Aug/2016:07:37:22 +0200] conn=44405 op=30 RESULT err=0 tag=101
> nentries=0 etime=0
>
> Using a LDAP Browser we saw that there is a "full" (at least it has
> entries like CA etc.) entry:
>
> cn=ipa2.pleiades.uni-wuppertal.de,cn=masters,cn=ipa,cn=etc,dc=pleiades,dc=uni-wuppertal,dc=de
>
> Would it be safe to delete that to get rid of the problem?
>
> Thanks for your help!!!! Really appreciate that.
>
> Torsten
>
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
More information about the Freeipa-users
mailing list