From taraksinha09 at gmail.com  Sun Jan  1 15:29:37 2017
From: taraksinha09 at gmail.com (tarak sinha)
Date: Sun, 1 Jan 2017 20:59:37 +0530
Subject: [Freeipa-users] IPA Client not able to remove
Message-ID: <CACg_jASDKi6_BCXT4eRMwx9gEo_YyH4ndKd5tus7dcb=evw-_Q@mail.gmail.com>

Hi FreeIPA Team,



I am not able to remove the IPA client host entry from Web UI and command
line as well. While trying to add it?s showing ?Host is already exist?.
Please give me some suggestion to get rid if this issue.



#ipa host-del xxx.example.com --updatedns

ipa: ERROR: xxx.example.com: host not found

#ipa host-show xxx.example.com

ipa: ERROR: xxx.example.com: host not found






*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170101/ca0f0d99/attachment.htm>

From rcritten at redhat.com  Mon Jan  2 01:58:30 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Sun, 1 Jan 2017 20:58:30 -0500
Subject: [Freeipa-users] IPA Client not able to remove
In-Reply-To: <CACg_jASDKi6_BCXT4eRMwx9gEo_YyH4ndKd5tus7dcb=evw-_Q@mail.gmail.com>
References: <CACg_jASDKi6_BCXT4eRMwx9gEo_YyH4ndKd5tus7dcb=evw-_Q@mail.gmail.com>
Message-ID: <5869B3C6.3070701@redhat.com>

tarak sinha wrote:
> Hi FreeIPA Team,
> 
>  
> 
> I am not able to remove the IPA client host entry from Web UI and
> command line as well. While trying to add it?s showing ?Host is already
> exist?. Please give me some suggestion to get rid if this issue.
> 
>  
> 
> #ipa host-del xxx.example.com <http://xxx.example.com> --updatedns
> 
> ipa: ERROR: xxx.example.com <http://xxx.example.com>: host not found
> 
> #ipa host-show xxx.example.com <http://xxx.example.com>
> 
> ipa: ERROR: xxx.example.com <http://xxx.example.com>: host not found

It sounds like it is a replication conflict entry. You can confirm by
doing something like 'ipa host-find xxx.example.com --all' and look at
the DN. If it has nsuniqueid in the DN then it is a conflict entry. See
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
but given you want to remove it you can do so via ldapdelete.

rob



From rcritten at redhat.com  Mon Jan  2 02:16:29 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Sun, 1 Jan 2017 21:16:29 -0500
Subject: [Freeipa-users] Ipa cert automatic renew Failing.
In-Reply-To: <CAOnKmVST9h=Z9kQLHT7rOGG_ns7Lt6W5JkvSTZDjunN2adCZ=w@mail.gmail.com>
References: <CAOnKmVS=iuAqZRU6chu9gFLEvfzcYfULHpZZGFFD+8-OYH09XA@mail.gmail.com>
	<c4ade004-798c-4def-37f8-3fd30c6963c1@redhat.com>
	<CAOnKmVQKeTesv-W73P-PS+iYkF-P02No5y=MiosOhAQP51F_uA@mail.gmail.com>
	<689e233d-1c18-eae0-2841-3a5374f7b205@redhat.com>
	<CAOnKmVQGnxT+uNzJM2ayi-5YmhS_C=f6JgVcULQUwrLo5x_vKQ@mail.gmail.com>
	<CAOnKmVST9h=Z9kQLHT7rOGG_ns7Lt6W5JkvSTZDjunN2adCZ=w@mail.gmail.com>
Message-ID: <5869B7FD.90403@redhat.com>

Lucas Diedrich wrote:
> OK!, i got it, i just executed the second script:
> 
> "sudo /usr/libexec/ipa/certmonger/renew_ra_cert "subsystemCert
> cert-pki-ca"", and fixed that problem, there another script called
> renew_ra_cert_pre, should i run this too?

No, it should be run BEFORE renew_ra_cert, but since that has executed
successfully there is no point.

rob

> 
> Thanks.
> 
> Em seg, 26 de dez de 2016 ?s 17:26, Lucas Diedrich
> <lucas.diedrich at gmail.com <mailto:lucas.diedrich at gmail.com>> escreveu:
> 
>     Florence, at first i thought the problem was fixed, but it wasn't
>     complety.
> 
>     So now, i'm at the CA Master, and when i try to see some
>     certificates it prompts me this "[root at ipa2 ~]# ipa cert-show 1
>     ipa: ERROR: Certificate operation cannot be completed: EXCEPTION
>     (Invalid Credential.)
>     "
>     The same thing show over the Web Interface, i searched a little bit
>     and found that probably it didn't updated the *ipara* user, but
>     can't confirm that, any sugestions?
> 
>     Thanks,
> 
>     Em qui, 22 de dez de 2016 ?s 11:13, Florence Blanc-Renaud
>     <flo at redhat.com <mailto:flo at redhat.com>> escreveu:
> 
>         On 12/22/2016 01:15 PM, Lucas Diedrich wrote:
>         > Florence, for some creepy reason the cert from pkidbuser is
>         different
>         > from subsystem certs, and this pkidbuser is outdated now, but
>         i can't
>         > manage one way to re-issue it. I had to change the CA server
>         because of
>         > that, and the Selinux in the old CA Server was disabled, on
>         the new one
>         > is in Permissive mode but doesn't a warning in
>         /var/log/audit/audit.log.
>         >
>         > This is the pkidbuser cert:
>         https://paste.fedoraproject.org/511023/24084431/
>         > This is the subsystem cert:
>         https://paste.fedoraproject.org/511025/14824085/
>         > The ca.subsystem.cert matches the pkidbuser cert.
>         >
>         > lucasdiedrich.
>         >
>         Hi,
> 
>         you can try to manually call the post-save command that certmonger
>         should have issued after putting the certificate in
>         /etc/pki/pki-tomcat/alias:
>         on the renewal master:
>         $ sudo /usr/libexec/ipa/certmonger/stop_pkicad
>         $ sudo /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert
>         cert-pki-ca"
> 
>         Then check the journal log that should display the following if
>         everything goes well:
>         $ sudo journalctl --since today | grep renew_ca_cert
>         [...] renew_ca_cert[6478]: Updating entry
>         uid=CA-ipaserver.domain.com-8443,ou=people,o=ipaca
>         [...] renew_ca_cert[6478]: Updating entry
>         uid=pkidbuser,ou=people,o=ipaca
>         [...] renew_ca_cert[6478]: Starting pki_tomcatd
>         [...] renew_ca_cert[6478]: Started pki_tomcatd
> 
>         If the operation does not succeed, you will have to check the LDAP
>         server logs in /etc/dirsrv/slapd-DOMAIN/access.
> 
>         HTH,
>         Flo.
> 
>         > Em qui, 22 de dez de 2016 ?s 06:54, Florence Blanc-Renaud
>         > <flo at redhat.com <mailto:flo at redhat.com> <mailto:flo at redhat.com
>         <mailto:flo at redhat.com>>> escreveu:
>         >
>         >     On 12/21/2016 07:52 PM, Lucas Diedrich wrote:
>         >     > Hello guys,
>         >     >
>         >     > I'm having some trouble with, whats is happening with my
>         server is
>         >     that
>         >     > i'm hiting an old BUG
>         >     > (https://bugzilla.redhat.com/show_bug.cgi?id=1033273).
>         Talking to
>         >     mbasti
>         >     > over irc he oriented me to send this to the email list.
>         >     >
>         >     > The problem is, i got on CA Master, so because of this
>         problem the CA
>         >     > Master certificates couldn't be renewd, so now i
>         promoted another
>         >     master
>         >     > to be the CA. And the problem still persist.
>         >     >
>         >     > This is the certs from my new CA
>         >     > (https://paste.fedoraproject.org/510617/14823448/),
>         >     > this is the certs from my old CA
>         >     > (https://paste.fedoraproject.org/510618/44871148/)
>         >     > This is the log then i restart pki-tomcat( "CA port 636
>         Error
>         >     > netscape.ldap.LDAPException: Authentication failed (49)")
>         >     > This is the log from dirsrv when i restart pki-tomcat
>         >     > (https://paste.fedoraproject.org/510614/23446801/)
>         >     >
>         >     > Basically my CA is not working anymore...
>         >     >
>         >     > Anyway, i tried lots of thing but couldn't fix this,
>         anyone has
>         >     some idea?
>         >     >
>         >     >
>         >     >
>         >     Hi,
>         >
>         >     Pki-tomcat is using the LDAP server as a data store,
>         meaning that it
>         >     needs to authenticate to LDAP. In order to do that,
>         pki-tomcat is using
>         >     the certificate 'subsystemCert cert-pki-ca' stored in
>         >     /etc/pki/pki-tomcat/alias. For the authentication to
>         succeed, the
>         >     certificate must be stored in a user entry
>         >     (uid=pkidbuser,ou=people,o=ipaca).
>         >
>         >     Can you check the content of this entry, especially the
>         usercertificate
>         >     attribute? It should match the certificate used by pki-tomcat:
>         >
>         >     $ certutil -L -d /etc/pki/pki-tomcat/alias -n 'subsystemCert
>         >     cert-pki-ca' -a
>         >     -----BEGIN CERTIFICATE-----
>         >     [...]
>         >     -----END CERTIFICATE-----
>         >
>         >     $ kinit admin
>         >     $ ldapsearch -Y GSSAPI -h `hostname` -p 389 -b
>         >     uid=pkidbuser,ou=people,o=ipaca "(objectclass=*)"
>         usercertificate
>         >     dn: uid=pkidbuser,ou=people,o=ipaca
>         >     usercertificate:: <content should match the output above>
>         >
>         >     The file /etc/pki/pki-tomcat/ca/CS.cfg should also contain
>         this
>         >     certificate in the directive ca.subsystem.cert.
>         >
>         >
>         >     A possible cause for the entries not being updated is the
>         bug 1366915
>         >     [1] linked to SE linux on RHEL7, or bug 1365188 [2] linked
>         to SE linux
>         >     on Fedora 24.
>         >
>         >     Flo
>         >
>         >     [1] https://bugzilla.redhat.com/show_bug.cgi?id=1366915
>         >     [2] https://bugzilla.redhat.com/show_bug.cgi?id=1365188
>         >
>         >
>         >
> 
> 
> 



From jhrozek at redhat.com  Mon Jan  2 08:26:57 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 2 Jan 2017 09:26:57 +0100
Subject: [Freeipa-users] Any good CLI methods for testing connectivity
 from IPA replica to remote AD servers?
In-Reply-To: <5863C3A9.6030703@sonsorol.org>
References: <5863C3A9.6030703@sonsorol.org>
Message-ID: <20170102082657.n4tulqmnlwr35pht@hendrix>

On Wed, Dec 28, 2016 at 08:52:41AM -0500, Chris Dagdigian wrote:
> 
> Hi folks,
> 
> I may have network blocks between one of my IPA replicas and the *many*
> remote AD servers that need to be queried but I can only see evidence of
> this in the authentication failures and the debug level logging.
> 
> Not sure how to test from the command line to verify connectivity or narrow
> down which ports may be getting blocked.
> 
> Are there any common CLI techniques, ldaps:// search queries or other
> commands that could be run from an IPA replica to confirm basic
> communication with a remote AD controller?

1) kinit with the trust keytab. The exact principals depend on your IPA
and Windows realm names, in my test setup it is:

# ls /var/lib/sss/keytabs/
win.trust.test.keytab
#kinit -kt /var/lib/sss/keytabs/win.trust.test.keytab 'IPA$@WIN.TRUST.TEST'
(the principal is taken from the keytab, see klist -k
/var/lib/sss/keytabs/win.trust.test.keytab)

2) search the DC
#ldapsearch -Y GSSAPI -H ldap://dc.win.trust.test -b dc=win,dc=trust,dc=test -s base 

btw at the moment it is not possible to set custom DCs to talk to. This
feature will come in the next version (sssd-1-15).



From jhrozek at redhat.com  Mon Jan  2 08:28:59 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 2 Jan 2017 09:28:59 +0100
Subject: [Freeipa-users] Unable to sudo with just one user on only a few
 servers
In-Reply-To: <204372224.4103019.1483170200550@mail.yahoo.com>
References: <204372224.4103019.1483170200550.ref@mail.yahoo.com>
	<204372224.4103019.1483170200550@mail.yahoo.com>
Message-ID: <20170102082859.zdf27c4ubw3nnekw@hendrix>

On Sat, Dec 31, 2016 at 07:43:20AM +0000, pgb205 wrote:
> I have followed troubleshooting procedure outlined hereTroubleshooting - FreeIPA
> 
>   
> |  
> |   
> |   
> |   |    |
> 
>    |
> 
>   |
> |  
> |   |  
> Troubleshooting - FreeIPA
>    |   |
> 
>   |
> 
>   |
> 
>  
> Additionally I have done contrast and compare with a working server for the following files/etc/hosts/etc/resolv.conf/etc/sudo-ldap.conf/etc/krb5.conf/etc/sssd.conf/etc/nssswitch.conf
> all are identical other than host specific information.
> In addition I have also enabled debug_level in sssd.conf in all stanzas, but noticed that sudo log is not being generated.I can however provide other logs.
> I have also enabled sudo_debug=2 in /etc/sudo-ldap.confbut not sure where to look for that log file.
> A and PTR records exist for problematic servers in FreeIPA DNS.
> As mentioned above the user-id can ?ssh just fine but not sudo for any command even though that id should be able to do ANY ANY.
> I have checked the the user-id is in the correct sudo groups that are applied for the host-groups for broken servers.
> To add to the oddity we somehow managed to fix the problem on several servers but as it was a lot blind trial and error we are not surewhat the corrective steps actually were.?
> Please let me know what else I can/should take a look at. I can also provide logs if needed.
> thanks

If the sudo log is not being generated at all, then I would assume that
sudo is not talking to sssd at all. Did you check the sudo logs (the
logs of the sudo binary, not the sssd-sudo responder) already?

The howto is here:
    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO



From flo at redhat.com  Mon Jan  2 09:23:34 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Mon, 2 Jan 2017 10:23:34 +0100
Subject: [Freeipa-users] section 2.3.6. Installing Without a CA - then
 how to update expired certificates in LDAP?
In-Reply-To: <0a7ca3db-c076-c3c1-ecc4-01c86e2eef8a@use.startmail.com>
References: <0a7ca3db-c076-c3c1-ecc4-01c86e2eef8a@use.startmail.com>
Message-ID: <9eb464de-ef7c-e290-81e1-9b52b04ddd2c@redhat.com>

On 12/24/2016 05:54 AM, Josh wrote:
> I discussed this problem once before and got partial answers but I would
> like to finally resolve it.
>
> Scenario:
>
> 1. Install IPA without a CA, according to section 2.3.6 as of now in
> latest RHEL7 Linux Domain Identity, Authentication and Policy Guide.
> 2. Install a client and note certificates it receives from IPA LDAP.
> 3. Near expiration term obtain a new set of certificates (server and
> intermediate), note that intermediate certificate common name has changed.
> 4. run "ipa-server-certinstall -d -w key cert" to update all
> certificates. command asks for directory manager password, I suppose it
> should update its contents but
> 5. Install another client and observe that it receives original
> certificates and no ipa command works.
> 6. ipa-certupdate, when run, pulls original set from LDAP as if nothing
> was updated.
>
> Workaround is to manually install new intermediate certificate on all
> systems /etc/ipa/nssdb by
> certutil -d /etc/ipa/nssdb/ -A -n "StartCom Class 1 DV Server CA -
> StartCom Ltd." -t C,, -i /tmp/1_Intermediate.crt
>
> In LDAP under cn=certificates,cn=ipa,cn=etc,dc=example,dc=org I still
> see previous version of intermediate certificate with a different common
> name:
> StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital
> Certificate Signing,O=StartCom Ltd.,C=IL
>
> Please help me replace it by any means.
>
> Best Regards,
> Josh.
>
Hi Josh,

As you write that "intermediate certificate common name has changed", I 
assume that the intermediate CA providing the new server certificates is 
different. In this case, the command ipa-cacert-manage install must be 
run to install the new intermediate CA *before* ipa-server-certinstall 
is run to install the new server certificates.

Please refer to Installing a CA Certificate Manually [1] or Using 3rd 
part certificates for HTTP/LDAP [2]. Do not forget to run ipa-certupdate 
on all the IPA servers/clients in order to install the new intermediate 
CA cert.

HTH,
Flo.

[1] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/manual-cert-install.html
[2] http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP



From flo at redhat.com  Mon Jan  2 09:45:04 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Mon, 2 Jan 2017 10:45:04 +0100
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
Message-ID: <3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>

On 12/31/2016 07:51 PM, Daniel Schimpfoessl wrote:
> Further attempts to fix the IPA server start has revealed that the ca
> admin getStatus is returning a server error (500).
>
> This has come up during restarts and ipa-server-upgrade.
>
> ipa: DEBUG: Waiting for CA to start...
> ipa: DEBUG: request POST
> http://wwgwho01.webwim.com:8080/ca/admin/ca/getStatus
> <http://wwgwho01.webwim.com:8080/ca/admin/ca/getStatus>
> ipa: DEBUG: request body ''
> ipa: DEBUG: response status 500
> ipa: DEBUG: response headers {'content-length': '2133',
> 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection':
> 'close', 'date': 'Sat, 31 Dec 2016 18:44:55 GMT', 'content-type':
> 'text/html;charset=utf-8'}
> ipa: DEBUG: response body '<html><head><title>Apache Tomcat/7.0.69 -
> Error report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 500 - Subsystem unavailable</h1><HR
> size="1" noshade="noshade"><p><b>type</b> Exception
> report</p><p><b>message</b> <u>Subsystem
> unavailable</u></p><p><b>description</b> <u>The server encountered an
> internal error that prevented it from fulfilling this
> request.</u></p><p><b>exception</b> <pre>javax.ws.rs
> <http://javax.ws.rs>.ServiceUnavailableException: Subsystem
> unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:745)\n</pre></p><p><b>note</b>
> <u>The full stack trace of the root cause is available in the Apache
> Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache
> Tomcat/7.0.69</h3></body></html>'
> ipa: DEBUG: The CA status is: check interrupted due to error: Retrieving
> CA status failed with status 500
> ipa: DEBUG: Waiting for CA to start...
> ipa: DEBUG: request POST
> http://wwgwho01.webwim.com:8080/ca/admin/ca/getStatus
> ipa: DEBUG: request body ''
> ipa: DEBUG: response status 500
> ipa: DEBUG: response headers {'content-length': '2133',
> 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection':
> 'close', 'date': 'Sat, 31 Dec 2016 18:44:56 GMT', 'content-type':
> 'text/html;charset=utf-8'}
> ipa: DEBUG: response body '<html><head><title>Apache Tomcat/7.0.69 -
> Error report</title><style><!--H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
> {color : black;}A.name {color : black;}HR {color : #525D76;}--></style>
> </head><body><h1>HTTP Status 500 - Subsystem unavailable</h1><HR
> size="1" noshade="noshade"><p><b>type</b> Exception
> report</p><p><b>message</b> <u>Subsystem
> unavailable</u></p><p><b>description</b> <u>The server encountered an
> internal error that prevented it from fulfilling this
> request.</u></p><p><b>exception</b>
> <pre>javax.ws.rs.ServiceUnavailableException: Subsystem
> unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints(ProxyRealm.java:145)\n\torg.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499)\n\torg.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)\n\torg.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)\n\torg.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)\n\torg.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)\n\tjava.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n\tjava.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n\torg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjava.lang.Thread.run(Thread.java:745)\n</pre></p><p><b>note</b>
> <u>The full stack trace of the root cause is available in the Apache
> Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache
> Tomcat/7.0.69</h3></body></html>'
> ipa: DEBUG: The CA status is: check interrupted due to error: Retrieving
> CA status failed with status 500
> ipa: DEBUG: Waiting for CA to start...
> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: IPA
> server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
> ipa-server-upgrade manually.
> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG:   File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>     return_value = self.run()
>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
> line 48, in run
>     raise admintool.ScriptError(str(e))
>
> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: The
> ipa-server-upgrade command failed, exception: ScriptError: CA did not
> start in 300.0s
> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: CA did
> not start in 300.0s
> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: The
> ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more
> information
>
>
> with following in the syslog
> Dec 31, 2016 12:48:51 PM org.apache.catalina.core.ContainerBase
> backgroundProcess
> WARNING: Exception processing realm
> com.netscape.cms.tomcat.ProxyRealm at 38406d47 background process
> javax.ws.rs <http://javax.ws.rs>.ServiceUnavailableException: Subsystem
> unavailable
> at com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:137)
> at
> org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1357)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1543)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1553)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1553)
> at
> org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1521)
> at java.lang.Thread.run(Thread.java:745)
>
>
> 2016-12-28 18:45 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
> <mailto:daniel at schimpfoessl.com>>:
>
>     Rob/Florence,
>
>     do you have any pointers on how to troubleshoot,
>     reinstall/configure, update or fix the PKI server to function properly?
>     Also if you know of any documentation or video that could be helpful.
>     I researched the typical suspects youtube and freeipa.org
>     <http://freeipa.org> without luck.
>
>     Daniel
>
>     2016-12-22 18:08 GMT-06:00 Daniel Schimpfoessl
>     <daniel at schimpfoessl.com <mailto:daniel at schimpfoessl.com>>:
>
>         I do not believe I changed the DM password. I know I had to
>         update the admin passwords regularly.
>
>         Only during the startup using ipactl start --force I am able to
>         connect to the service using the password for DM and it returns:
>
>         # extended LDIF
>         #
>         # LDAPv3
>         # base <> with scope baseObject
>         # filter: (objectclass=*)
>         # requesting: ALL
>         #
>
>         #
>         dn:
>         objectClass: top
>         namingContexts: cn=changelog
>         namingContexts: dc=myorg,dc=com
>         namingContexts: o=ipaca
>         defaultnamingcontext: dc=myorg,dc=com
>         supportedExtension: 2.16.840.1.113730.3.5.7
>         supportedExtension: 2.16.840.1.113730.3.5.8
>         supportedExtension: 2.16.840.1.113730.3.5.10
>         supportedExtension: 2.16.840.1.113730.3.8.10.3
>         supportedExtension: 2.16.840.1.113730.3.8.10.4
>         supportedExtension: 2.16.840.1.113730.3.8.10.4.1
>         supportedExtension: 1.3.6.1.4.1.4203.1.11.1
>         supportedExtension: 2.16.840.1.113730.3.8.10.1
>         supportedExtension: 2.16.840.1.113730.3.8.10.5
>         supportedExtension: 2.16.840.1.113730.3.5.3
>         supportedExtension: 2.16.840.1.113730.3.5.12
>         supportedExtension: 2.16.840.1.113730.3.5.5
>         supportedExtension: 2.16.840.1.113730.3.5.6
>         supportedExtension: 2.16.840.1.113730.3.5.9
>         supportedExtension: 2.16.840.1.113730.3.5.4
>         supportedExtension: 2.16.840.1.113730.3.6.5
>         supportedExtension: 2.16.840.1.113730.3.6.6
>         supportedExtension: 2.16.840.1.113730.3.6.7
>         supportedExtension: 2.16.840.1.113730.3.6.8
>         supportedExtension: 1.3.6.1.4.1.1466.20037
>         supportedControl: 2.16.840.1.113730.3.4.2
>         supportedControl: 2.16.840.1.113730.3.4.3
>         supportedControl: 2.16.840.1.113730.3.4.4
>         supportedControl: 2.16.840.1.113730.3.4.5
>         supportedControl: 1.2.840.113556.1.4.473
>         supportedControl: 2.16.840.1.113730.3.4.9
>         supportedControl: 2.16.840.1.113730.3.4.16
>         supportedControl: 2.16.840.1.113730.3.4.15
>         supportedControl: 2.16.840.1.113730.3.4.17
>         supportedControl: 2.16.840.1.113730.3.4.19
>         supportedControl: 1.3.6.1.1.13.1
>         supportedControl: 1.3.6.1.1.13.2
>         supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1
>         supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2
>         supportedControl: 1.2.840.113556.1.4.319
>         supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8
>         supportedControl: 1.3.6.1.4.1.4203.666.5.16
>         supportedControl: 2.16.840.1.113730.3.8.10.6
>         supportedControl: 2.16.840.1.113730.3.4.14
>         supportedControl: 2.16.840.1.113730.3.4.20
>         supportedControl: 1.3.6.1.4.1.1466.29539.12
>         supportedControl: 2.16.840.1.113730.3.4.12
>         supportedControl: 2.16.840.1.113730.3.4.18
>         supportedControl: 2.16.840.1.113730.3.4.13
>         supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
>         supportedSASLMechanisms: EXTERNAL
>         supportedSASLMechanisms: GSS-SPNEGO
>         supportedSASLMechanisms: GSSAPI
>         supportedSASLMechanisms: DIGEST-MD5
>         supportedSASLMechanisms: CRAM-MD5
>         supportedSASLMechanisms: ANONYMOUS
>         supportedLDAPVersion: 2
>         supportedLDAPVersion: 3
>         vendorName: 389 Project
>         vendorVersion: 389-Directory/1.3.4.0 <http://1.3.4.0> B2016.215.1556
>         dataversion: 020161222235947020161222235947020161222235947
>         netscapemdsuffix: cn=ldap://dc=wwgwho01,dc=myorg,dc=com:389
>         lastusn: 8690425
>         changeLog: cn=changelog
>         firstchangenumber: 2752153
>         lastchangenumber: 2752346
>
>         # search result
>         search: 2
>         result: 0 Success
>
>         # numResponses: 2
>         # numEntries: 1
>
>
>         2016-12-21 9:27 GMT-06:00 Rob Crittenden <rcritten at redhat.com
>         <mailto:rcritten at redhat.com>>:
>
>             Daniel Schimpfoessl wrote:
>             > Thanks for getting back to me.
>             >
>             > getcert list | grep expires shows dates years in the
>             future for all
>             > certificates
>             > Inline-Bild 1
>             >
>             > ipactl start --force
>             >
>             > Eventually the system started with:
>             >      Forced start, ignoring pki-tomcatd Service,
>             continuing normal
>             > operations.
>             >
>             > systemctl status ipa shows: failed
>
>             I don't think this is a certificate problem at all. I think
>             the timing
>             with your renewal is just coincidence.
>
>             Did you change your Directory Manager password at some point?
>
>             >
>             > ldapsearch -H ldaps://localhost:636 -D "cn=directory
>             manager" -w
>             > password -b "" -s base
>             > ldapsearch -H ldaps://localhost:636 -D "cn=directory
>             manager" -w
>             > *********** -b "" -s base
>             > Inline-Bild 2
>
>             You need the -x flag to indicate simple bind.
>
>             rob
>
>             > The logs have thousands of lines like it, what am I
>             looking for
>             > specifically?
>             >
>             > Daniel
>             >
>             >
>             > 2016-12-20 4:18 GMT-06:00 Florence Blanc-Renaud
>             <flo at redhat.com <mailto:flo at redhat.com>
>             > <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>             >
>             >     On 12/19/2016 07:15 PM, Daniel Schimpfoessl wrote:
>             >
>             >         Good day and happy holidays,
>             >
>             >         I have been running a freeIPA instance for a few years and been very
>             >         happy. Recently the certificate expired and I updated it using the
>             >         documented methods. At first all seemed fine. Added a Nagios
>             >         monitor for
>             >         the certificate expiration and restarted the server (single
>             >         server). I
>             >         have weekly snapshots, daily backups (using Amanda on the entire
>             >         disk).
>             >
>             >         One day the services relying on IPA failed to authenticate.
>             >         Looking at
>             >         the server the ipa service had stopped. Restarting the service
>             >         fails.
>             >         Restoring a few weeks old snapshot does not start either.
>             >         Resetting the
>             >         date to a few month back does not work either as httpd fails to
>             >         start .
>             >
>             >         I am at a loss.
>             >
>             >         Here a few details:
>             >         # ipa --version
>             >         VERSION: 4.4.0, API_VERSION: 2.213
>             >
>             >
>             >         # /usr/sbin/ipactl start
>             >         ...
>             >         out -> Failed to start pki-tomcatd Service
>             >         /var/log/pki/pki-tomcat/ca/debug -> Could not connect to LDAP server
>             >         host ipa.myorg.com <http://ipa.myorg.com>
>             <http://ipa.myorg.com> <http://ipa.myorg.com>
>             >         port 636 Error
>             >         netscape.ldap.LDAPException: Authentication failed (48)
>             >         2016-12-19T03:02:16Z DEBUG The CA status is: check interrupted
>             >         due to
>             >         error: Retrieving CA status failed with status 500
>             >
>             >         Any help would be appreciated as all connected services are now
>             >         down.
>             >
>             >         Thanks,
>             >
>             >         Daniel
>             >
>             >
>             >
>             >
>             >     Hi Daniel,
>             >
>             >     more information would be required to understand what
>             is going on.
>             >     First of all, which certificate did you renew? Can you
>             check with
>             >     $ getcert list
>             >     if other certificates also expired?
>             >
>             >     PKI fails to start and the error seems linked to the
>             SSL connection
>             >     with the LDAP server. You may want to check if the
>             LDAP server is
>             >     listening on the LDAPs port:
>             >     - start the stack with
>             >     $ ipactl start --force
>             >     - check the LDAPs port with
>             >     $ ldapsearch -H ldaps://localhost:636 -D "cn=directory
>             manager" -w
>             >     password -b "" -s base
>             >
>             >     The communication between PKI and the LDAP server is
>             authenticated
>             >     with the certificate 'subsystemCert cert-pki-ca'
>             located in
>             >     /etc/pki/pki-tomcat/alias, so you may also want to
>             check if it is
>             >     still valid.
>             >     The directory server access logs (in
>             >     /var/log/dirsrv/slapd-DOMAIN-COM/access) would also
>             show the
>             >     connection with logs similar to:
>             >
>             >     [...] conn=47 fd=84 slot=84 SSL connection from
>             10.34.58.150 to
>             >     10.34.58.150
>             >     [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>             >     Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>
>             <http://DOMAIN.COM>; issuer CN=Certificate
>             >     Authority,O=DOMAIN.COM <http://DOMAIN.COM>
>             <http://DOMAIN.COM>
>             >     [...] conn=47 TLS1.2 client bound as
>             uid=pkidbuser,ou=people,o=ipaca
>             >     [...] conn=47 op=0 BIND dn="" method=sasl version=3
>             mech=EXTERNAL
>             >     [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
>             >     dn="uid=pkidbuser,ou=people,o=ipaca"
>             >
>             >
>             >
>             >     HTH,
>             >     Flo
>             >
>             >
>             >
>             >
>
>
>
>
Hi Daniel,

the server error 500 means that PKI is not started. You can have a look 
at /var/log/pki/pki-tomcat/ca/debug, especially the logs generated when 
you try to start the service with
$ systemctl start pki-tomcatd at pki-tomcat.service

HTH,
Flo



From sjuhasz at chemaxon.com  Mon Jan  2 11:53:12 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Mon, 2 Jan 2017 12:53:12 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email
	and	display	attribute
In-Reply-To: <1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
Message-ID: <2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>

I would be really happy if anybody could assign an OID for the new objectcalss 
i want to use to store group mail and displayname attributes. 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
To: "Ludwig Krispenz" <lkrispen at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, December 21, 2016 4:39:32 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

That would be perfect solution. 

How do i do it? 

ldapmodify: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: ( <OID> 
NAME 'googleGroup' SUP groupofnames 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

What to use for <OID>? 

Then i just 
ipa config-mod --addattr=ipaGroupObjectClasses=googleGroup 

Then groupmail.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 

group.group.takes_params = group.group.takes_params + ( 
Str('mail?', 
cli_name='mail', 
label=_('mail'), 
), 
) 
group.group.default_attributes.append('mail') 

Then groupdisplayname.py 
from ipalib.plugins import group 
from ipalib.parameters import Str 
from ipalib import _ 


group.group.takes_params = group.group.takes_params + ( 
Str('displayname?', 
cli_name='displayname', 
label=_('dispalayname'), 
), 
) 
group.group.default_attributes.append('displayname') 

And finally update js somehow... 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Ludwig Krispenz" <lkrispen at redhat.com> 
To: freeipa-users at redhat.com 
Sent: Wednesday, December 21, 2016 3:34:03 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 


On 12/21/2016 02:07 PM, Sandor Juhasz wrote: 



Hi, 

i would like to modify schema to have group objects extended with email and display name attribute. 
The reason is that we are trying to sync our ldap to our google apps. 

I don't know how much this doc http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
can be applied to groups. Neither did i find a supported attribute syntax for email, maybe 
	PrintableString 	1.3.6.1.4.1.1466.115.121.1.58 	For values which contain strings containing alphabetic, numeral, and select punctuation characters (as defined in RFC 4517 ). 
but i am not sure if that could hold email addresses. 


why don't you just use the mail attribute ? only define a new auxilliary objectclass allowing mail and displayname 

BQ_BEGIN


It would be pretty to have it exposed via ipalib and js plugins as well. 
If someone could help me out on extending schema, i would be really happy. 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 



BQ_END

-- 
Red Hat GmbH, http://www.de.redhat.com/ , Registered seat: Grasbrunn, 
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/f4e2d68c/attachment.htm>

From taraksinha09 at gmail.com  Mon Jan  2 15:35:19 2017
From: taraksinha09 at gmail.com (tarak sinha)
Date: Mon, 2 Jan 2017 21:05:19 +0530
Subject: [Freeipa-users] Fwd:  IPA Client not able to remove
In-Reply-To: <CACg_jASYAZ=eMEV8FOAOP=BCtx4=qQykVCcEp7njSMJ4DAnSAQ@mail.gmail.com>
References: <CACg_jASDKi6_BCXT4eRMwx9gEo_YyH4ndKd5tus7dcb=evw-_Q@mail.gmail.com>
	<5869B3C6.3070701@redhat.com>
	<CACg_jASYAZ=eMEV8FOAOP=BCtx4=qQykVCcEp7njSMJ4DAnSAQ@mail.gmail.com>
Message-ID: <CACg_jASouSveubswCS8m9ryPPF7B-C9tDgqOWwVOi85Y8uquAg@mail.gmail.com>

Hi Team,

Please give me some suggestion to fix the below issue......


---------- Forwarded message ----------
From: tarak sinha <taraksinha09 at gmail.com>
Date: Mon, Jan 2, 2017 at 9:03 PM
Subject: Re: [Freeipa-users] IPA Client not able to remove
To: Rob Crittenden <rcritten at redhat.com>


Thanks Rob for your suggestion...
I have another issue on my hosts. Few node's are asking password rather
than authenticated with kerberoas.

Getting below error (Unspecified GSS failure). rest of the hosts are able
to login via gssapi-with-mic method


-------------snip----------

debug1: Authentications that can continue: publickey,gssapi-with-mic,
password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
KDC has no support for encryption type

debug1: Unspecified GSS failure.  Minor code may provide more information
KDC has no support for encryption type

debug1: Unspecified GSS failure.  Minor code may provide more information


debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,
password
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Offering public key: /uhome/tsinha/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply

------------snip-------------

Please give me some advise to login my linux nodes without any password.

Thanks,

Tarak

On Mon, Jan 2, 2017 at 7:28 AM, Rob Crittenden <rcritten at redhat.com> wrote:

> tarak sinha wrote:
> > Hi FreeIPA Team,
> >
> >
> >
> > I am not able to remove the IPA client host entry from Web UI and
> > command line as well. While trying to add it?s showing ?Host is already
> > exist?. Please give me some suggestion to get rid if this issue.
> >
> >
> >
> > #ipa host-del xxx.example.com <http://xxx.example.com> --updatedns
> >
> > ipa: ERROR: xxx.example.com <http://xxx.example.com>: host not found
> >
> > #ipa host-show xxx.example.com <http://xxx.example.com>
> >
> > ipa: ERROR: xxx.example.com <http://xxx.example.com>: host not found
>
> It sounds like it is a replication conflict entry. You can confirm by
> doing something like 'ipa host-find xxx.example.com --all' and look at
> the DN. If it has nsuniqueid in the DN then it is a conflict entry. See
> https://access.redhat.com/documentation/en-US/Red_Hat_Direct
> ory_Server/8.2/html/Administration_Guide/Managing_Replicatio
> n-Solving_Common_Replication_Conflicts.html
> but given you want to remove it you can do so via ldapdelete.
>
> rob
>



-- 

*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*



-- 

*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/f9eddc32/attachment.htm>

From nirajkumar.singh at accenture.com  Mon Jan  2 15:58:56 2017
From: nirajkumar.singh at accenture.com (nirajkumar.singh at accenture.com)
Date: Mon, 2 Jan 2017 15:58:56 +0000
Subject: [Freeipa-users] Automate PPK file generation for newly created
	users.
Message-ID: <bb78c79e61ae4a69a4a17c14415b195d@BLUPR42MB0194.048d.mgd.msft.net>

Hi Team,

We have created master and client servers. We are able to create and login users with password. But our requirement is to generate ppk file for each user ,which should be used as login credentials to the users.

Question :


*       Is there any way to automate key(.ppk) generation for user when user is getting created?

We don't want any manual effort in this process. Kindly suggest.


Thanks & Regards,
Niraj Kumar Singh
AWS & Oracle DB Team
Vodafone NewCo
Accenture Services Pvt. Ltd.
Voice: (+91)9663212985
Email: nirajkumar.singh at accenture.com<mailto:nirajkumar.singh at accenture.com>




________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/83bdf24f/attachment.htm>

From nirajkumar.singh at accenture.com  Mon Jan  2 16:00:25 2017
From: nirajkumar.singh at accenture.com (nirajkumar.singh at accenture.com)
Date: Mon, 2 Jan 2017 16:00:25 +0000
Subject: [Freeipa-users] how to make email as mandatory field before user
	creation
Message-ID: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>

Hi Team,

Is there any way to make email as mandatory field before creating any user from WEBUI or Console?


Thanks & Regards,
Niraj Kumar Singh
AWS & Oracle DB Team
Vodafone NewCo
Accenture Services Pvt. Ltd.
Voice: (+91)9663212985
Email: nirajkumar.singh at accenture.com<mailto:nirajkumar.singh at accenture.com>


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/9b887f77/attachment.htm>

From pvoborni at redhat.com  Mon Jan  2 16:50:37 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Mon, 2 Jan 2017 17:50:37 +0100
Subject: [Freeipa-users] how to make email as mandatory field before
 user creation
In-Reply-To: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
Message-ID: <63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>

On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
> Hi Team,
> 
> Is there any way to make email as mandatory field before creating any user from 
> WEBUI or Console?
> 
> Thanks & Regards,
> 
> Niraj Kumar Singh
> 

Hello Niraj,

FreeIPA doesn't support such configuration out of the box.

It is theoretically possible to implement IPA server side plugin to mark
the field as required. It may not be straightforward though.

-- 
Petr Vobornik



From yamakasi.014 at gmail.com  Mon Jan  2 17:21:56 2017
From: yamakasi.014 at gmail.com (Matt .)
Date: Mon, 2 Jan 2017 18:21:56 +0100
Subject: [Freeipa-users] how to make email as mandatory field before
	user creation
In-Reply-To: <63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
	<63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
Message-ID: <CAPNQp077jv5iMR946=7iVFMr0=3AJehBeO6+R=y73-fTZ_QzrA@mail.gmail.com>

Doesn't get the user a default mailaddress when you add him under the
REALM domain ?

2017-01-02 17:50 GMT+01:00 Petr Vobornik <pvoborni at redhat.com>:
> On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
>> Hi Team,
>>
>> Is there any way to make email as mandatory field before creating any user from
>> WEBUI or Console?
>>
>> Thanks & Regards,
>>
>> Niraj Kumar Singh
>>
>
> Hello Niraj,
>
> FreeIPA doesn't support such configuration out of the box.
>
> It is theoretically possible to implement IPA server side plugin to mark
> the field as required. It may not be straightforward though.
>
> --
> Petr Vobornik
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From taraksinha09 at gmail.com  Mon Jan  2 17:33:36 2017
From: taraksinha09 at gmail.com (tarak sinha)
Date: Mon, 2 Jan 2017 23:03:36 +0530
Subject: [Freeipa-users] Unspecified GSS failure. Minor code may provide
 more information KDC has no support for encryption type
Message-ID: <CACg_jAS0aCFRBK4gd91LDD-Nd8F8cYtrV8_SNMOih9YVtzZVVQ@mail.gmail.com>

Hi Team,

I am getting below error while trying to ssh my host without password.

Unspecified GSS failure. Minor code may provide more information KDC has no
support for encryption type

Thanks in advance

*Thanks,*

*Tarak Nath Sinha*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/ad172b8c/attachment.htm>

From b.candler at pobox.com  Mon Jan  2 17:41:02 2017
From: b.candler at pobox.com (Brian Candler)
Date: Mon, 2 Jan 2017 17:41:02 +0000
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
Message-ID: <2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>

On 02/01/2017 11:53, Sandor Juhasz wrote:
> I would be really happy if anybody could assign an OID for the new 
> objectcalss

You can get your own enterprise OID for free from here:

http://pen.iana.org/pen/PenApplication.page

Note that you only get one, so it's up to you to subdivide the space. 
For example: if you get 1.3.6.1.4.1.99999, then you might decide to use:

1.3.6.1.4.1.99999.1 = LDAP object classes

1.3.6.1.4.1.99999.1.1 = myMailObjectClass

1.3.6.1.4.1.99999.1.2 = someOtherObjectClass

1.3.6.1.4.1.99999.2 = LDAP attributes

1.3.6.1.4.1.99999.2.1 = mySpecialAttribute

then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
that needs OIDs (e.g. SNMP MIBs) and so on.



From pvoborni at redhat.com  Mon Jan  2 18:08:23 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Mon, 2 Jan 2017 19:08:23 +0100
Subject: [Freeipa-users] how to make email as mandatory field before
 user creation
In-Reply-To: <CAPNQp077jv5iMR946=7iVFMr0=3AJehBeO6+R=y73-fTZ_QzrA@mail.gmail.com>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
	<63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
	<CAPNQp077jv5iMR946=7iVFMr0=3AJehBeO6+R=y73-fTZ_QzrA@mail.gmail.com>
Message-ID: <8b72399a-3fdd-3d7e-dbf7-e613286acba7@redhat.com>

On 01/02/2017 06:21 PM, Matt . wrote:
> Doesn't get the user a default mailaddress when you add him under the
> REALM domain ?


By default user gets an email address but there ways to skip it:

   ipa user-add test2 --first Test --last Test --email=
   ipa config-mod --emaildomain=


Btw, in Web UI, user adder dialog doesn't have email field. To add it
there a Web UI plugin would be needed.

> 
> 2017-01-02 17:50 GMT+01:00 Petr Vobornik <pvoborni at redhat.com>:
>> On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
>>> Hi Team,
>>>
>>> Is there any way to make email as mandatory field before creating any user from
>>> WEBUI or Console?
>>>
>>> Thanks & Regards,
>>>
>>> Niraj Kumar Singh
>>>
>>
>> Hello Niraj,
>>
>> FreeIPA doesn't support such configuration out of the box.
>>
>> It is theoretically possible to implement IPA server side plugin to mark
>> the field as required. It may not be straightforward though.
>>
>> --
>> Petr Vobornik
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 


-- 
Petr Vobornik



From daniel at schimpfoessl.com  Mon Jan  2 18:24:42 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Mon, 2 Jan 2017 12:24:42 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
Message-ID: <CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>

Thanks for your reply.

This was the initial error I asked for help a while ago and did not get
resolved. Further digging showed the recent errors.
The service was running (using ipactl start --force) and only after a
restart I am getting a stack trace for two primary messages:

Could not connect to LDAP server host wwgwho01.webwim.com port 636 Error
netscape.ldap.LDAPException: Authentication failed (48)
...

Internal Database Error encountered: Could not connect to LDAP server host
wwgwho01.webwim.com port 636 Error netscape.ldap.LDAPException:
Authentication failed (48)
...

and finally:
[02/Jan/2017:12:20:34][localhost-startStop-1]: CMSEngine.shutdown()


2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:

> systemctl start pki-tomcatd at pki-tomcat.service
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170102/acd598d8/attachment.htm>

From nirajkumar.singh at accenture.com  Mon Jan  2 19:46:02 2017
From: nirajkumar.singh at accenture.com (nirajkumar.singh at accenture.com)
Date: Mon, 2 Jan 2017 19:46:02 +0000
Subject: [Freeipa-users] how to make email as mandatory field before
 user creation
In-Reply-To: <63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
	<63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
Message-ID: <43e38bad775d4d6fa96bd26485136bc7@BLUPR42MB0194.048d.mgd.msft.net>

Hi Prtr,

Can you please suggest how to do it with plugins and which plugin I need to use and how to integrate that plugin with freeipa.

Thanks
Niraj

-----Original Message-----
From: Petr Vobornik [mailto:pvoborni at redhat.com]
Sent: 02 January 2017 22:21
To: Singh, NirajKumar <nirajkumar.singh at accenture.com>; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] how to make email as mandatory field before user creation

On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
> Hi Team,
>
> Is there any way to make email as mandatory field before creating any
> user from WEBUI or Console?
>
> Thanks & Regards,
>
> Niraj Kumar Singh
>

Hello Niraj,

FreeIPA doesn't support such configuration out of the box.

It is theoretically possible to implement IPA server side plugin to mark the field as required. It may not be straightforward though.

--
Petr Vobornik

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com



From alan at instinctualsoftware.com  Mon Jan  2 22:22:49 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Mon, 2 Jan 2017 14:22:49 -0800
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
Message-ID: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>

I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded freeipa to 4.4.  On some clients they failed to re-authenticate post upgrade.  I then did an 
ipa-client-install ?uninstall , and then tried re-joining to IPA server with 
ipa-client-install --mkhomedir --force-ntpd --force-join.

Now I am getting the below error, and I have no idea how to recover.  Firewall is disabled.

Thanks,
Alan

User authorized to enroll computers: admin
Password for admin at XXX.LOCAL: 
Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library 

Installation failed. Rolling back changes.
IPA client is not configured on this system.


[root at troll ~]# systemctl status firewalld
? firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

Installed Packages
ipa-client.x86_64                                                4.4.0-14.el7.centos                                         @updates 
ipa-client-common.noarch                                         4.4.0-14.el7.centos                                         @updates 
ipa-common.noarch                                                4.4.0-14.el7.centos                                         @updates 



From mbabinsk at redhat.com  Tue Jan  3 08:16:46 2017
From: mbabinsk at redhat.com (Martin Babinsky)
Date: Tue, 3 Jan 2017 09:16:46 +0100
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
Message-ID: <f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>

On 01/02/2017 11:22 PM, Alan Latteri wrote:
> I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded freeipa to 4.4.  On some clients they failed to re-authenticate post upgrade.  I then did an
> ipa-client-install ?uninstall , and then tried re-joining to IPA server with
> ipa-client-install --mkhomedir --force-ntpd --force-join.
>
> Now I am getting the below error, and I have no idea how to recover.  Firewall is disabled.
>
> Thanks,
> Alan
>
> User authorized to enroll computers: admin
> Password for admin at XXX.LOCAL:
> Please make sure the following ports are opened in the firewall settings:
>      TCP: 80, 88, 389
>      UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
> Also note that following ports are necessary for ipa-client working properly after enrollment:
>      TCP: 464
>      UDP: 464, 123 (if NTP enabled)
> Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library
>
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
>
>
> [root at troll ~]# systemctl status firewalld
> ? firewalld.service - firewalld - dynamic firewall daemon
>    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
>    Active: inactive (dead)
>
> Installed Packages
> ipa-client.x86_64                                                4.4.0-14.el7.centos                                         @updates
> ipa-client-common.noarch                                         4.4.0-14.el7.centos                                         @updates
> ipa-common.noarch                                                4.4.0-14.el7.centos                                         @updates
>

Hi Alan,

it would be nice if you could post the client install log 
(/var/log/ipaclient-install.log). It is hard to tell what happens 
without seeing it.

-- 
Martin^3 Babinsky



From Dan.Finkelstein at high5games.com  Tue Jan  3 13:20:48 2017
From: Dan.Finkelstein at high5games.com (Dan.Finkelstein at high5games.com)
Date: Tue, 3 Jan 2017 13:20:48 +0000
Subject: [Freeipa-users] LDAP replication conflicts,
	but no apparent data damage
Message-ID: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>

I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have been cleaning up various dangling replicas and other cruft, but when I run the ipa consistency checker, it produces output that LDAP has conflicts. I then run:

ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local" "nsds5ReplConflict=*" \* nsds5ReplConflict

Which produces output as follows (which I don't know what to do with, yet):

# extended LDIF
#
# LDAPv3
# base <dc=test,dc=local> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#

# ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
dn: cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
dn: cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all";)

# custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia + 9865b2e2-c9a411e6-a9
37f721-75eb0f97, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 9865b2fe-c9a411e6-a937f721-75eb0f9
7, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=9865b2fe-c9a411e6-a
937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 9865b302-c9a411e6-a937f721-75eb0f97,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=9865b302-c9a411e6-a93
7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 9865b329-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
7,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 9865b343-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 9865b347-c9a411e6-a937f721-75eb0f97, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 9865b34b-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 9865b34f-c9a411e6-a937f721-75eb0f97,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=9865b34f-c9a411e6-a937
f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 9865b353-c9a411e6-a937f721-7
5eb0f97, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=9865b353-c9a4
11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 9865b357-c9a411e6-a937f721-75eb0f97, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=9865b357-c9a411e6-a937f721
-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 9865b364-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
dn: cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas + 9865b2b1-c9a411e6-a937f721-7
5eb0f97, ca, test.local
dn: cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
dn: cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
dn: cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all";)

# custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia + 6f47223b-c9a811e6-94
3e8d1c-0faa636d, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 6f472257-c9a811e6-943e8d1c-0faa636
d, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=6f472257-c9a811e6-9
43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 6f47225b-c9a811e6-943e8d1c-0faa636d,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=6f47225b-c9a811e6-943
e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
6d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 6f4722a8-c9a811e6-943e8d1c-0faa636d,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=6f4722a8-c9a811e6-943e
8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 6f4722ac-c9a811e6-943e8d1c-0
faa636d, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=6f4722ac-c9a8
11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
dn: cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas + 6f47220a-c9a811e6-943e8d1c-0
faa636d, ca, test.local
dn: cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 51
# numEntries: 50


[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/61586234/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/61586234/attachment.jpg>

From mbasti at redhat.com  Tue Jan  3 14:07:16 2017
From: mbasti at redhat.com (Martin Basti)
Date: Tue, 3 Jan 2017 15:07:16 +0100
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
Message-ID: <11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>

Here is a directory server documentation about replication conflicts 
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

I hope it will help

Martin


On 03.01.2017 14:20, Dan.Finkelstein at high5games.com wrote:
>
> I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have been 
> cleaning up various dangling replicas and other cruft, but when I run 
> the ipa consistency checker, it produces output that LDAP has 
> conflicts. I then run:
>
> ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local" 
> "nsds5ReplConflict=*" \* nsds5ReplConflict
>
> Which produces output as follows (which I don't know what to do with, 
> yet):
>
> # extended LDIF
>
> #
>
> # LDAPv3
>
> # base <dc=test,dc=local> with scope subtree
>
> # filter: nsds5ReplConflict=*
>
> # requesting: * nsds5ReplConflict
>
> #
>
> # ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups, 
> accounts, test.l
>
> ocal
>
> dn: 
> cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
>
> ,cn=accounts,dc=test,dc=local
>
> memberOf: cn=Replication 
> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Add Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Modify Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Remove Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Read PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=h5
>
> c,dc=local
>
> memberOf: cn=Modify PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=
>
> test,dc=local
>
> memberOf: cn=Read LDBM Database 
> Configuration,cn=permissions,cn=pbac,dc=test,dc
>
> =local
>
> memberOf: cn=Add Configuration 
> Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Read Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
> l
>
> memberOf: 
> cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
>
> n=alt,dc=test,dc=local
>
> member: 
> fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
> cal
>
> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
> objectClass: top
>
> objectClass: ipahostgroup
>
> objectClass: ipaobject
>
> objectClass: groupOfNames
>
> objectClass: nestedGroup
>
> objectClass: mepOriginEntry
>
> description: IPA server hosts
>
> cn: ipaservers
>
> ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
>
> nsds5ReplConflict: namingConflict 
> cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
> 5c,dc=local
>
> # ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt, test.local
>
> dn: 
> cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
>
> dc=test,dc=local
>
> memberHost: 
> cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
>
> stgroups,cn=accounts,dc=test,dc=local
>
> objectClass: ipanisnetgroup
>
> objectClass: ipaobject
>
> objectClass: mepManagedEntry
>
> objectClass: ipaAssociation
>
> objectClass: top
>
> nisDomainName: test.local
>
> cn: ipaservers
>
> description: ipaNetgroup ipaservers
>
> mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
> ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
>
> nsds5ReplConflict: namingConflict 
> cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
> # domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, 
> test.local
>
> dn: 
> cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
>
> a,cn=etc,dc=test,dc=local
>
> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp 
> internalModifiersName in
>
> ternalModifyTimestamp
>
> ipaReplTopoConfRoot: dc=test,dc=local
>
> objectClass: top
>
> objectClass: iparepltopoconf
>
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn 
> krblasts
>
> uccessfulauth krblastfailedauth krbloginfailedcount
>
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof 
> idnssoaserial
>
>   entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
> cn: domain
>
> nsds5ReplConflict: namingConflict 
> cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
> c=local
>
> # locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
>
> dn: 
> cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
>
> dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: locations
>
> nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 
> 3.0;acl "permi
>
> ssion:System: Add IPA Locations";allow (add) groupdn = 
> "ldap:///cn=System: Ad
>
> d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "description")(targetfilter = 
> "(objectclass=ipaLocationObje
>
> ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow 
> (write)
>
>   groupdn = "ldap:///cn=System: Modify IPA 
> Locations,cn=permissions,cn=pbac,dc
>
> =test,dc=local";)
>
> aci: (targetattr = "createtimestamp || description || entryusn || 
> idnsname ||
>
>  modifytimestamp || objectclass")(targetfilter = 
> "(objectclass=ipaLocationObje
>
> ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow 
> (compare,
>
> read,search) groupdn = "ldap:///cn=System: Read IPA 
> Locations,cn=permissions,
>
> cn=pbac,dc=test,dc=local";)
>
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 
> 3.0;acl "permi
>
> ssion:System: Remove IPA Locations";allow (delete) groupdn = 
> "ldap:///cn=Syst
>
> em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> # cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
>
> dn: 
> cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
>
> l
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: cas
>
> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl 
> "permission:System
>
> : Add CA";allow (add) groupdn = "ldap:///cn=System: Add 
> CA,cn=permissions,cn=
>
> pbac,dc=test,dc=local";)
>
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl 
> "permission:System
>
> : Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete 
> CA,cn=permis
>
> sions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "cn || description")(targetfilter = 
> "(objectclass=ipaca)")(
>
> version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = 
> "ldap:
>
> ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "cn || createtimestamp || description || entryusn 
> || ipacai
>
> d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || 
> objectclass")(targ
>
> etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: 
> Read CA
>
> s";allow (compare,read,search) userdn = "ldap:///all";)
>
> # custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
>
> dn: 
> cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
>
> c=test,dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: custodia
>
> nsds5ReplConflict: namingConflict 
> cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
> # dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia + 
> 9865b2e2-c9a411e6-a9
>
> 37f721-75eb0f97, ipa, etc, test.local
>
> dn: 
> cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
>
> queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: dogtag
>
> nsds5ReplConflict: namingConflict 
> cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
> c=local
>
> # ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
>
> dn: 
> cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
>
> =etc,dc=test,dc=local
>
> objectClass: top
>
> objectClass: iparepltopoconf
>
> cn: ca
>
> ipaReplTopoConfRoot: o=ipaca
>
> nsds5ReplConflict: namingConflict 
> cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
> cal
>
> # System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97, permissions, 
> pbac, test.
>
> local
>
> dn: cn=System: Add 
> CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
>
> sions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: add
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Add CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: add 
> ca,cn=permissions,cn=pbac,dc=
>
> test,dc=local
>
> # System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97, 
> permissions, pbac, h
>
> 5c.local
>
> dn: cn=System: Delete 
> CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
>
> missions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: delete
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Delete CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: delete 
> ca,cn=permissions,cn=pbac,
>
> dc=test,dc=local
>
> # System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97, 
> permissions, pbac, h
>
> 5c.local
>
> dn: cn=System: Modify 
> CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
>
> missions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify 
> ca,cn=permissions,cn=pbac,
>
> dc=test,dc=local
>
> # System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97, permissions, 
> pbac, h5
>
> c.local
>
> dn: cn=System: Read 
> CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
>
> issions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: all
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read CAs
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: ipacaissuerdn
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipacasubjectdn
>
> ipaPermDefaultAttr: ipacaid
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read 
> cas,cn=permissions,cn=pbac,d
>
> c=test,dc=local
>
> # System: Modify DNS Servers Configuration + 
> 9865b2fe-c9a411e6-a937f721-75eb0f9
>
> 7, permissions, pbac, test.local
>
> dn: cn=System: Modify DNS Servers 
> Configuration+nsuniqueid=9865b2fe-c9a411e6-a
>
> 937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify DNS Servers Configuration
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: idnssoamname
>
> ipaPermDefaultAttr: idnssubstitutionvariable
>
> ipaPermDefaultAttr: idnsforwardpolicy
>
> ipaPermDefaultAttr: idnsforwarders
>
> ipaPermLocation: dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify dns servers 
> configuration,
>
> cn=permissions,cn=pbac,dc=test,dc=local
>
> # System: Read DNS Servers Configuration + 
> 9865b302-c9a411e6-a937f721-75eb0f97,
>
> permissions, pbac, test.local
>
> dn: cn=System: Read DNS Servers 
> Configuration+nsuniqueid=9865b302-c9a411e6-a93
>
> 7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read DNS Servers Configuration
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: idnsforwardpolicy
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: idnsforwarders
>
> ipaPermDefaultAttr: idnsserverid
>
> ipaPermDefaultAttr: idnssubstitutionvariable
>
> ipaPermDefaultAttr: idnssoamname
>
> ipaPermLocation: dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read dns servers 
> configuration,cn
>
> =permissions,cn=pbac,dc=test,dc=local
>
> # System: Manage Host Principals + 
> 9865b329-c9a411e6-a937f721-75eb0f97, permiss
>
> ions, pbac, test.local
>
> dn: cn=System: Manage Host 
> Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
>
> eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipahost)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage Host Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage host 
> principals,cn=permiss
>
> ions,cn=pbac,dc=test,dc=local
>
> # System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97, 
> permissions,
>
>   pbac, test.local
>
> dn: cn=System: Add IPA 
> Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
>
> 7,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: add
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Add IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: add ipa 
> locations,cn=permissions,
>
> cn=pbac,dc=test,dc=local
>
> # System: Modify IPA Locations + 9865b343-c9a411e6-a937f721-75eb0f97, 
> permissio
>
> ns, pbac, test.local
>
> dn: cn=System: Modify IPA 
> Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
>
> 0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: description
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify ipa 
> locations,cn=permissio
>
> ns,cn=pbac,dc=test,dc=local
>
> # System: Read IPA Locations + 9865b347-c9a411e6-a937f721-75eb0f97, 
> permissions
>
> , pbac, test.local
>
> dn: cn=System: Read IPA 
> Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
>
> 97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: idnsname
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read ipa 
> locations,cn=permissions
>
> ,cn=pbac,dc=test,dc=local
>
> # System: Remove IPA Locations + 9865b34b-c9a411e6-a937f721-75eb0f97, 
> permissio
>
> ns, pbac, test.local
>
> dn: cn=System: Remove IPA 
> Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
>
> 0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: delete
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Remove IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: remove ipa 
> locations,cn=permissio
>
> ns,cn=pbac,dc=test,dc=local
>
> # System: Read Locations of IPA Servers + 
> 9865b34f-c9a411e6-a937f721-75eb0f97,
>
>  permissions, pbac, test.local
>
> dn: cn=System: Read Locations of IPA 
> Servers+nsuniqueid=9865b34f-c9a411e6-a937
>
> f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read Locations of IPA Servers
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipaserviceweight
>
> ipaPermDefaultAttr: ipalocation
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read locations of ipa 
> servers,cn=
>
> permissions,cn=pbac,dc=test,dc=local
>
> # System: Read Status of Services on IPA Servers + 
> 9865b353-c9a411e6-a937f721-7
>
> 5eb0f97, permissions, pbac, test.local
>
> dn: cn=System: Read Status of Services on IPA 
> Servers+nsuniqueid=9865b353-c9a4
>
> 11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read Status of Services on IPA Servers
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipaconfigstring
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read status of services 
> on ipa se
>
> rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
> # System: Manage Service Principals + 
> 9865b357-c9a411e6-a937f721-75eb0f97, perm
>
> issions, pbac, test.local
>
> dn: cn=System: Manage Service 
> Principals+nsuniqueid=9865b357-c9a411e6-a937f721
>
> -75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaservice)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage Service Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage service 
> principals,cn=perm
>
> issions,cn=pbac,dc=test,dc=local
>
> # System: Manage User Principals + 
> 9865b364-c9a411e6-a937f721-75eb0f97, permiss
>
> ions, pbac, test.local
>
> dn: cn=System: Manage User 
> Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
>
> eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=posixaccount)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage User Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=Modify Users and Reset 
> passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
> cal
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage user 
> principals,cn=permiss
>
> ions,cn=pbac,dc=test,dc=local
>
> # servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
>
> dn: 
> cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
>
> =local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: servers
>
> nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
> # ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas + 
> 9865b2b1-c9a411e6-a937f721-7
>
> 5eb0f97, ca, test.local
>
> dn: 
> cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
>
> 65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
>
> description: IPA CA
>
> ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
> objectClass: top
>
> objectClass: ipaca
>
> ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
> ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
> cn: ipa
>
> nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
> # ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups, 
> accounts, test.l
>
> ocal
>
> dn: 
> cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
>
> ,cn=accounts,dc=test,dc=local
>
> memberOf: cn=Replication 
> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Add Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Modify Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Remove Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Read PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=h5
>
> c,dc=local
>
> memberOf: cn=Modify PassSync Managers 
> Configuration,cn=permissions,cn=pbac,dc=
>
> test,dc=local
>
> memberOf: cn=Read LDBM Database 
> Configuration,cn=permissions,cn=pbac,dc=test,dc
>
> =local
>
> memberOf: cn=Add Configuration 
> Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
> cal
>
> memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
> memberOf: cn=Read Replication 
> Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
> l
>
> memberOf: 
> cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
>
> n=alt,dc=test,dc=local
>
> member: 
> fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
> cal
>
> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
> objectClass: top
>
> objectClass: ipahostgroup
>
> objectClass: ipaobject
>
> objectClass: groupOfNames
>
> objectClass: nestedGroup
>
> objectClass: mepOriginEntry
>
> description: IPA server hosts
>
> cn: ipaservers
>
> ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
>
> nsds5ReplConflict: namingConflict 
> cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
> 5c,dc=local
>
> # ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt, test.local
>
> dn: 
> cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
>
> dc=test,dc=local
>
> memberHost: 
> cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
>
> stgroups,cn=accounts,dc=test,dc=local
>
> objectClass: ipanisnetgroup
>
> objectClass: ipaobject
>
> objectClass: mepManagedEntry
>
> objectClass: ipaAssociation
>
> objectClass: top
>
> nisDomainName: test.local
>
> cn: ipaservers
>
> description: ipaNetgroup ipaservers
>
> mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
> ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
>
> nsds5ReplConflict: namingConflict 
> cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
> # domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, 
> test.local
>
> dn: 
> cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
>
> a,cn=etc,dc=test,dc=local
>
> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp 
> internalModifiersName in
>
> ternalModifyTimestamp
>
> ipaReplTopoConfRoot: dc=test,dc=local
>
> objectClass: top
>
> objectClass: iparepltopoconf
>
> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn 
> krblasts
>
> uccessfulauth krblastfailedauth krbloginfailedcount
>
> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof 
> idnssoaserial
>
>   entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
> cn: domain
>
> nsds5ReplConflict: namingConflict 
> cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
> c=local
>
> # locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
>
> dn: 
> cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
>
> dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: locations
>
> nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 
> 3.0;acl "permi
>
> ssion:System: Add IPA Locations";allow (add) groupdn = 
> "ldap:///cn=System: Ad
>
> d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "description")(targetfilter = 
> "(objectclass=ipaLocationObje
>
> ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow 
> (write)
>
>   groupdn = "ldap:///cn=System: Modify IPA 
> Locations,cn=permissions,cn=pbac,dc
>
> =test,dc=local";)
>
> aci: (targetattr = "createtimestamp || description || entryusn || 
> idnsname ||
>
>  modifytimestamp || objectclass")(targetfilter = 
> "(objectclass=ipaLocationObje
>
> ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow 
> (compare,
>
> read,search) groupdn = "ldap:///cn=System: Read IPA 
> Locations,cn=permissions,
>
> cn=pbac,dc=test,dc=local";)
>
> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 
> 3.0;acl "permi
>
> ssion:System: Remove IPA Locations";allow (delete) groupdn = 
> "ldap:///cn=Syst
>
> em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> # cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
>
> dn: 
> cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
>
> l
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: cas
>
> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl 
> "permission:System
>
> : Add CA";allow (add) groupdn = "ldap:///cn=System: Add 
> CA,cn=permissions,cn=
>
> pbac,dc=test,dc=local";)
>
> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl 
> "permission:System
>
> : Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete 
> CA,cn=permis
>
> sions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "cn || description")(targetfilter = 
> "(objectclass=ipaca)")(
>
> version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = 
> "ldap:
>
> ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
> aci: (targetattr = "cn || createtimestamp || description || entryusn 
> || ipacai
>
> d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || 
> objectclass")(targ
>
> etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: 
> Read CA
>
> s";allow (compare,read,search) userdn = "ldap:///all";)
>
> # custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
>
> dn: 
> cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
>
> c=test,dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: custodia
>
> nsds5ReplConflict: namingConflict 
> cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
> # dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia + 
> 6f47223b-c9a811e6-94
>
> 3e8d1c-0faa636d, ipa, etc, test.local
>
> dn: 
> cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
>
> queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: dogtag
>
> nsds5ReplConflict: namingConflict 
> cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
> c=local
>
> # ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
>
> dn: 
> cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
>
> =etc,dc=test,dc=local
>
> objectClass: top
>
> objectClass: iparepltopoconf
>
> cn: ca
>
> ipaReplTopoConfRoot: o=ipaca
>
> nsds5ReplConflict: namingConflict 
> cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
> cal
>
> # System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d, permissions, 
> pbac, test.
>
> local
>
> dn: cn=System: Add 
> CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
>
> sions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: add
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Add CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: add 
> ca,cn=permissions,cn=pbac,dc=
>
> test,dc=local
>
> # System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d, 
> permissions, pbac, h
>
> 5c.local
>
> dn: cn=System: Delete 
> CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
>
> missions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: delete
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Delete CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: delete 
> ca,cn=permissions,cn=pbac,
>
> dc=test,dc=local
>
> # System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d, 
> permissions, pbac, h
>
> 5c.local
>
> dn: cn=System: Modify 
> CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
>
> missions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify CA
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify 
> ca,cn=permissions,cn=pbac,
>
> dc=test,dc=local
>
> # System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d, permissions, 
> pbac, h5
>
> c.local
>
> dn: cn=System: Read 
> CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
>
> issions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaca)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: all
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read CAs
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: ipacaissuerdn
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipacasubjectdn
>
> ipaPermDefaultAttr: ipacaid
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read 
> cas,cn=permissions,cn=pbac,d
>
> c=test,dc=local
>
> # System: Modify DNS Servers Configuration + 
> 6f472257-c9a811e6-943e8d1c-0faa636
>
> d, permissions, pbac, test.local
>
> dn: cn=System: Modify DNS Servers 
> Configuration+nsuniqueid=6f472257-c9a811e6-9
>
> 43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify DNS Servers Configuration
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: idnssoamname
>
> ipaPermDefaultAttr: idnssubstitutionvariable
>
> ipaPermDefaultAttr: idnsforwardpolicy
>
> ipaPermDefaultAttr: idnsforwarders
>
> ipaPermLocation: dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify dns servers 
> configuration,
>
> cn=permissions,cn=pbac,dc=test,dc=local
>
> # System: Read DNS Servers Configuration + 
> 6f47225b-c9a811e6-943e8d1c-0faa636d,
>
> permissions, pbac, test.local
>
> dn: cn=System: Read DNS Servers 
> Configuration+nsuniqueid=6f47225b-c9a811e6-943
>
> e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read DNS Servers Configuration
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: idnsforwardpolicy
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: idnsforwarders
>
> ipaPermDefaultAttr: idnsserverid
>
> ipaPermDefaultAttr: idnssubstitutionvariable
>
> ipaPermDefaultAttr: idnssoamname
>
> ipaPermLocation: dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read dns servers 
> configuration,cn
>
> =permissions,cn=pbac,dc=test,dc=local
>
> # System: Manage Host Principals + 
> 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
>
> ions, pbac, test.local
>
> dn: cn=System: Manage Host 
> Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
>
> aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipahost)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage Host Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage host 
> principals,cn=permiss
>
> ions,cn=pbac,dc=test,dc=local
>
> # System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d, 
> permissions,
>
>   pbac, test.local
>
> dn: cn=System: Add IPA 
> Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
>
> d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: add
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Add IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: add ipa 
> locations,cn=permissions,
>
> cn=pbac,dc=test,dc=local
>
> # System: Modify IPA Locations + 6f47229c-c9a811e6-943e8d1c-0faa636d, 
> permissio
>
> ns, pbac, test.local
>
> dn: cn=System: Modify IPA 
> Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
>
> 636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Modify IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: description
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: modify ipa 
> locations,cn=permissio
>
> ns,cn=pbac,dc=test,dc=local
>
> # System: Read IPA Locations + 6f4722a0-c9a811e6-943e8d1c-0faa636d, 
> permissions
>
> , pbac, test.local
>
> dn: cn=System: Read IPA 
> Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
>
> 6d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: description
>
> ipaPermDefaultAttr: idnsname
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read ipa 
> locations,cn=permissions
>
> ,cn=pbac,dc=test,dc=local
>
> # System: Remove IPA Locations + 6f4722a4-c9a811e6-943e8d1c-0faa636d, 
> permissio
>
> ns, pbac, test.local
>
> dn: cn=System: Remove IPA 
> Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
>
> 636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
> ipaPermRight: delete
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Remove IPA Locations
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: remove ipa 
> locations,cn=permissio
>
> ns,cn=pbac,dc=test,dc=local
>
> # System: Read Locations of IPA Servers + 
> 6f4722a8-c9a811e6-943e8d1c-0faa636d,
>
>  permissions, pbac, test.local
>
> dn: cn=System: Read Locations of IPA 
> Servers+nsuniqueid=6f4722a8-c9a811e6-943e
>
> 8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read Locations of IPA Servers
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipaserviceweight
>
> ipaPermDefaultAttr: ipalocation
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read locations of ipa 
> servers,cn=
>
> permissions,cn=pbac,dc=test,dc=local
>
> # System: Read Status of Services on IPA Servers + 
> 6f4722ac-c9a811e6-943e8d1c-0
>
> faa636d, permissions, pbac, test.local
>
> dn: cn=System: Read Status of Services on IPA 
> Servers+nsuniqueid=6f4722ac-c9a8
>
> 11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
> ipaPermRight: read
>
> ipaPermRight: compare
>
> ipaPermRight: search
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Read Status of Services on IPA Servers
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: objectclass
>
> ipaPermDefaultAttr: ipaconfigstring
>
> ipaPermDefaultAttr: cn
>
> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: read status of services 
> on ipa se
>
> rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
> # System: Manage Service Principals + 
> 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
>
> issions, pbac, test.local
>
> dn: cn=System: Manage Service 
> Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
>
> -0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=ipaservice)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage Service Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage service 
> principals,cn=perm
>
> issions,cn=pbac,dc=test,dc=local
>
> # System: Manage User Principals + 
> 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
>
> ions, pbac, test.local
>
> dn: cn=System: Manage User 
> Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
>
> aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
> ipaPermTargetFilter: (objectclass=posixaccount)
>
> ipaPermRight: write
>
> ipaPermBindRuleType: permission
>
> ipaPermissionType: V2
>
> ipaPermissionType: MANAGED
>
> ipaPermissionType: SYSTEM
>
> cn: System: Manage User Principals
>
> objectClass: ipapermission
>
> objectClass: top
>
> objectClass: groupofnames
>
> objectClass: ipapermissionv2
>
> member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
> member: cn=Modify Users and Reset 
> passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
> cal
>
> ipaPermDefaultAttr: krbprincipalname
>
> ipaPermDefaultAttr: krbcanonicalname
>
> ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
> nsds5ReplConflict: namingConflict cn=system: manage user 
> principals,cn=permiss
>
> ions,cn=pbac,dc=test,dc=local
>
> # servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
>
> dn: 
> cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
>
> =local
>
> objectClass: nsContainer
>
> objectClass: top
>
> cn: servers
>
> nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
> # ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas + 
> 6f47220a-c9a811e6-943e8d1c-0
>
> faa636d, ca, test.local
>
> dn: 
> cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
>
> 47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
>
> description: IPA CA
>
> ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
> objectClass: top
>
> objectClass: ipaca
>
> ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
> ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
> cn: ipa
>
> nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
> # search result
>
> search: 2
>
> result: 0 Success
>
> # numResponses: 51
>
> # numEntries: 50
>
> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/6593c9e5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/6593c9e5/attachment.jpe>

From jan.karasek at elostech.cz  Tue Jan  3 14:39:19 2017
From: jan.karasek at elostech.cz (Jan =?utf-8?Q?Kar=C3=A1sek?=)
Date: Tue, 3 Jan 2017 15:39:19 +0100 (CET)
Subject: [Freeipa-users] Unable to resolve AD users from IPA clients
Message-ID: <778879914.4889.1483454359268.JavaMail.zimbra@elostech.cz>

Hi, 

I have trouble with resolving AD users from my IPA clients. 

Environment: 2x IPA server with trust into AD - both IPA servers and clients running latest rhel 7.3. 

IPA domain: vs.example.com 
AD domain: example.com, cen.example.com 

All tstxxxxx users are in cen.example.com but their UPN is set to tstxxxxx at example.com 

I can run id and getent passwd commands without problem from both IPA servers: 

id tst99655 at example.com 
uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix),930000008(final_test_group) 

getent tst99655 at example.com 
tst99655 at cen.example.com:*:20018:5001:ipa_test:/home/cen.example.com/tst99655:/bin/bash 

But from client: 

root at trh7clnt02:~# id tst99655 at example.com 
id: tst99655 at example.com: no such user 
root at trh7clnt02:~#getent passwd tst99655 at example.com 
... no reply 


But when I run on client: 
getent group csunix at cen.example.com - it takes more then 30s 
csunix at cen.example.com:*:5001: .... and really long list of users 

Then again from client: 

root at trh7clnt02:~# id tst99655 at example.com 
uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix) 

root at trh7clnt02:~# getent passwd tst99655 at example.com 
tst99655 at cen.example.com:*:20018:5001:ipatest:/home/cen.example.com/tst99655:/bin/bash 

This time it works and it keeps working until I clean the sssd cache on client. Then I have to run that getent group csunix command again. 

I would say it is some timeout issue with enumerating csunix group. I have tried to fix it by adding: 

ldap_search_timeout = 50 

into sssd.conf on both server and client(sssd restarted), but without effect. 
Here is my sssd.conf from client: 

[domain/vs.example.com] 
debug_level = 7 
cache_credentials = True 
krb5_store_password_if_offline = True 
ipa_domain = vs.example.com 
id_provider = ipa 
auth_provider = ipa 
access_provider = ipa 
ipa_hostname = trh7clnt02.vs.example.com 
chpass_provider = ipa 
ipa_server = tidmipa01.vs.example.com 
ldap_tls_cacert = /etc/ipa/ca.crt 
ldap_search_timeout = 50 

[sssd] 
services = nss, sudo, pam, ssh 
config_file_version = 2 
domains = vs.example.com 
[nss] 
homedir_substring = /home 
debug_level = 7 
[pam] 
debug_level = 7 
[sudo] 
[autofs] 
[ssh] 
[pac] 
debug_level = 7 
[ifp] 

IPA server sssd.conf: 

[domain/vs.example.com] 
debug_level = 7 
cache_credentials = True 
krb5_store_password_if_offline = True 
ipa_domain = vs.example.com 
id_provider = ipa 
auth_provider = ipa 
access_provider = ipa 
ipa_hostname = tidmipa01.vs.example.com 
chpass_provider = ipa 
ipa_server = tidmipa01.vs.example.com 
ipa_server_mode = True 
ldap_tls_cacert = /etc/ipa/ca.crt 
ldap_id_mapping = False 
ldap_search_timeout = 20 
[sssd] 
services = nss, sudo, pam, ssh 
config_file_version = 2 
domains = vs.example.com 
[nss] 
memcache_timeout = 600 
debug_level = 7 
homedir_substring = /home 
[pam] 
debug_level = 7 
[sudo] 
debug_level = 7 
[autofs] 
debug_level = 7 
[ssh] 
debug_level = 7 
[pac] 
debug_level = 7 
[ifp] 
debug_level = 7 

Any suggestion how to fix that ? I can add logs from both successful and unsuccessful try but they are quite long. 

Thank you. 
Jan 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/3cdf1cbb/attachment.htm>

From md at collective-sense.com  Tue Jan  3 15:14:15 2017
From: md at collective-sense.com (Maciej Drobniuch)
Date: Tue, 3 Jan 2017 16:14:15 +0100
Subject: [Freeipa-users] LDAP - Load Balancer - SSL cert with SAN
In-Reply-To: <CAEsJhNPTs3tDeQ=CKa97R6_1rjoXbqCv8bJLECwp6NBWsm7r7Q@mail.gmail.com>
References: <CAEsJhNPTs3tDeQ=CKa97R6_1rjoXbqCv8bJLECwp6NBWsm7r7Q@mail.gmail.com>
Message-ID: <CAL0MufJ0yr0RqA_3Hwr1jzEABK+z1TZBAQb3jfzkiE2b7MiAhQ@mail.gmail.com>

Hello Mike,

I don't know if I'm aligned with your problem, but generally I was facing a
SAN cert issue too.

Not sure if you're terminating SSL/TLS on the load balancer or not?

Usually I do SAN certs in IPA via GUI/IdM.
I am adding a service and hosts assigned to that service.

Every host has an additional https service.

Then I am simply pasting the SAN csr into the host that owns the main
service and this creates a signed SAN cert that you can upload later to
your LB.

In simple words the service is assigned to all hosts but those hosts have
also a service added(this is a hack).

Hope that makes sense and helps solving your problem.

BR

On Thu, Dec 29, 2016 at 10:48 PM, Michael Plemmons <
michael.plemmons at crosschx.com> wrote:

> I am trying to get FreeIPA LDAP to work when behind a load balancer and
> using SSL and I do not understand how I am supposed to get the server to
> use a certificate I created that has a SAN created.
>
> FreeIPA 4.4.0 on CentOS 7
>
> Here is what I have:
> ipa-master.dev.crosschx.com - master
> ipa-replica.dev.crosschx.com - replica
> ipa.dev.crosschx.com - load balancer DNS name which point to the master
> and replica servers
>
> Here is what I have done.
> ipa host-add ipa.dev.crosschx.com --random --force
>
> ipa service-add --force ldap/ipa.dev.crosschx.com
>
> ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={ipa-master.dev.
> crosschx.com,ipa-replica.dev.crosschx.com}
>
> ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com --users=admin
>
> ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
> ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com
> -K ldap/ipa-master.dev.crosschx.com
>
>
> I can see the certificate is being monitored by IPA when I run ipa-getcert
> list but I am lost at the step to have this cert put into the database so
> that IPA will properly respond when I try to connect over LDAPS.
>
> I was testing the connection with the following command and I see the the
> ipa-master.dev cert being served.
>
> openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername
> ipa.dev.crosschx.com
>
> Can you point me to the documentation I need to follow?
>
> Thank you.
>
>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
> 614-741-5475 <(614)%20741-5475>
> mike.plemmons at crosschx.com
> www.crosschx.com
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/27d3984d/attachment.htm>

From michael.plemmons at crosschx.com  Tue Jan  3 15:26:29 2017
From: michael.plemmons at crosschx.com (Michael Plemmons)
Date: Tue, 3 Jan 2017 10:26:29 -0500
Subject: [Freeipa-users] LDAP - Load Balancer - SSL cert with SAN
In-Reply-To: <CAL0MufJ0yr0RqA_3Hwr1jzEABK+z1TZBAQb3jfzkiE2b7MiAhQ@mail.gmail.com>
References: <CAEsJhNPTs3tDeQ=CKa97R6_1rjoXbqCv8bJLECwp6NBWsm7r7Q@mail.gmail.com>
	<CAL0MufJ0yr0RqA_3Hwr1jzEABK+z1TZBAQb3jfzkiE2b7MiAhQ@mail.gmail.com>
Message-ID: <CAEsJhNOgUuZqeob8PHZaCsDc+qYX1=dtbexrUaGr53NUdp=8Sg@mail.gmail.com>

Maciej,
  Thank you for the information.  I am not terminating at a load balancer.
Originally, I was trying to use a Route53 DNS CNAME entry of
ipa.dev.crosschx.com but we found documentation that says the entry should
be an A record and not a CNAME.  I then created an A record in FreeIPA for
ipa.dev.crosschx.com and pointed the A record to the IP addresses of
ipa-master.dev.crosschx.com and ipa-replica.dev.crosschx.com.

  I guess using the phrase load balancer may be a poor choice here as I am
using FreeIPA DNS as a way to load balance the traffic.




*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614-741-5475
mike.plemmons at crosschx.com
www.crosschx.com

On Tue, Jan 3, 2017 at 10:14 AM, Maciej Drobniuch <md at collective-sense.com>
wrote:

> Hello Mike,
>
> I don't know if I'm aligned with your problem, but generally I was facing
> a SAN cert issue too.
>
> Not sure if you're terminating SSL/TLS on the load balancer or not?
>
> Usually I do SAN certs in IPA via GUI/IdM.
> I am adding a service and hosts assigned to that service.
>
> Every host has an additional https service.
>
> Then I am simply pasting the SAN csr into the host that owns the main
> service and this creates a signed SAN cert that you can upload later to
> your LB.
>
> In simple words the service is assigned to all hosts but those hosts have
> also a service added(this is a hack).
>
> Hope that makes sense and helps solving your problem.
>
> BR
>
> On Thu, Dec 29, 2016 at 10:48 PM, Michael Plemmons <
> michael.plemmons at crosschx.com> wrote:
>
>> I am trying to get FreeIPA LDAP to work when behind a load balancer and
>> using SSL and I do not understand how I am supposed to get the server to
>> use a certificate I created that has a SAN created.
>>
>> FreeIPA 4.4.0 on CentOS 7
>>
>> Here is what I have:
>> ipa-master.dev.crosschx.com - master
>> ipa-replica.dev.crosschx.com - replica
>> ipa.dev.crosschx.com - load balancer DNS name which point to the master
>> and replica servers
>>
>> Here is what I have done.
>> ipa host-add ipa.dev.crosschx.com --random --force
>>
>> ipa service-add --force ldap/ipa.dev.crosschx.com
>>
>> ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={
>> ipa-master.dev.crosschx.com,ipa-replica.dev.crosschx.com}
>>
>> ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com --users=admin
>>
>> ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
>> ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com
>> -K ldap/ipa-master.dev.crosschx.com
>>
>>
>> I can see the certificate is being monitored by IPA when I run
>> ipa-getcert list but I am lost at the step to have this cert put into the
>> database so that IPA will properly respond when I try to connect over LDAPS.
>>
>> I was testing the connection with the following command and I see the the
>> ipa-master.dev cert being served.
>>
>> openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername
>> ipa.dev.crosschx.com
>>
>> Can you point me to the documentation I need to follow?
>>
>> Thank you.
>>
>>
>> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
>> 614-741-5475 <(614)%20741-5475>
>> mike.plemmons at crosschx.com
>> www.crosschx.com
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
> --
> Best regards
>
> Maciej Drobniuch
> Network Security Engineer
> Collective-Sense,LLC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/659db067/attachment.htm>

From md at collective-sense.com  Tue Jan  3 15:28:50 2017
From: md at collective-sense.com (Maciej Drobniuch)
Date: Tue, 3 Jan 2017 16:28:50 +0100
Subject: [Freeipa-users] 2FA and AllowNTHash
Message-ID: <CAL0MufK_gPgzkvKiOr6X+S-ufVh3ij39eLYLDGxpFy0-7VQZLw@mail.gmail.com>

Hi All,

We have a topo with 3x IPA servers + freeradius.

Freeradius is being used to do mschap with wifi APs. Freeradius connects
over ldap to IPA.

In order to do the challange-response thing, freeipa has AllowNTHash
enabled.

So I wanted to enable 2FA/OTP but leave the NTHash as is for wifi auth.

In the moment I disallow Password auth for a user and enable OTP the wifi
auth stopps working, but the hash clearly stays in ldap.

The goal is to stay with password on freeradius but for everything else:
kerberos/sssd related use password+code.

How can I disable password login for user but still make freeradius work
with ldap, so when it asks for users hash it gets one.

Freeradius ldap mod snippet:
"base_dn = "cn=users,cn=accounts,dc=cs,dc=com""

Thank You

-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/549bfc47/attachment.htm>

From Michael.Sean.Conley at raytheon.com  Tue Jan  3 15:28:25 2017
From: Michael.Sean.Conley at raytheon.com (Sean Conley)
Date: Tue, 3 Jan 2017 15:28:25 +0000
Subject: [Freeipa-users] FIPS 140-2 Compliance
Message-ID: <1a98c67f52f449ff833740851bdadac3@DM2PR0601MB028.008f.mgd2.msft.net>

Good Morning!
Happy New Year to you, and any news on getting to FIPS Compliance?

Michael Sean Conley
Principal Systems Engineer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/50707e9f/attachment.htm>

From md at collective-sense.com  Tue Jan  3 15:38:15 2017
From: md at collective-sense.com (Maciej Drobniuch)
Date: Tue, 3 Jan 2017 16:38:15 +0100
Subject: [Freeipa-users] LDAP - Load Balancer - SSL cert with SAN
In-Reply-To: <CAEsJhNOgUuZqeob8PHZaCsDc+qYX1=dtbexrUaGr53NUdp=8Sg@mail.gmail.com>
References: <CAEsJhNPTs3tDeQ=CKa97R6_1rjoXbqCv8bJLECwp6NBWsm7r7Q@mail.gmail.com>
	<CAL0MufJ0yr0RqA_3Hwr1jzEABK+z1TZBAQb3jfzkiE2b7MiAhQ@mail.gmail.com>
	<CAEsJhNOgUuZqeob8PHZaCsDc+qYX1=dtbexrUaGr53NUdp=8Sg@mail.gmail.com>
Message-ID: <CAL0MufJz8TJsXN71xFeBVQAy66uhh32GxkBZnwfCdqcAZzdc8Q@mail.gmail.com>

I see.

Generally the SAN thing I mentioned does the job but definitely not in your
case.

A IPA power user is needed here.

On Tue, Jan 3, 2017 at 4:26 PM, Michael Plemmons <
michael.plemmons at crosschx.com> wrote:

> Maciej,
>   Thank you for the information.  I am not terminating at a load
> balancer.  Originally, I was trying to use a Route53 DNS CNAME entry of
> ipa.dev.crosschx.com but we found documentation that says the entry
> should be an A record and not a CNAME.  I then created an A record in
> FreeIPA for ipa.dev.crosschx.com and pointed the A record to the IP
> addresses of ipa-master.dev.crosschx.com and ipa-replica.dev.crosschx.com.
>
>   I guess using the phrase load balancer may be a poor choice here as I am
> using FreeIPA DNS as a way to load balance the traffic.
>
>
>
>
> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
> 614-741-5475 <(614)%20741-5475>
> mike.plemmons at crosschx.com
> www.crosschx.com
>
> On Tue, Jan 3, 2017 at 10:14 AM, Maciej Drobniuch <md at collective-sense.com
> > wrote:
>
>> Hello Mike,
>>
>> I don't know if I'm aligned with your problem, but generally I was facing
>> a SAN cert issue too.
>>
>> Not sure if you're terminating SSL/TLS on the load balancer or not?
>>
>> Usually I do SAN certs in IPA via GUI/IdM.
>> I am adding a service and hosts assigned to that service.
>>
>> Every host has an additional https service.
>>
>> Then I am simply pasting the SAN csr into the host that owns the main
>> service and this creates a signed SAN cert that you can upload later to
>> your LB.
>>
>> In simple words the service is assigned to all hosts but those hosts have
>> also a service added(this is a hack).
>>
>> Hope that makes sense and helps solving your problem.
>>
>> BR
>>
>> On Thu, Dec 29, 2016 at 10:48 PM, Michael Plemmons <
>> michael.plemmons at crosschx.com> wrote:
>>
>>> I am trying to get FreeIPA LDAP to work when behind a load balancer and
>>> using SSL and I do not understand how I am supposed to get the server to
>>> use a certificate I created that has a SAN created.
>>>
>>> FreeIPA 4.4.0 on CentOS 7
>>>
>>> Here is what I have:
>>> ipa-master.dev.crosschx.com - master
>>> ipa-replica.dev.crosschx.com - replica
>>> ipa.dev.crosschx.com - load balancer DNS name which point to the master
>>> and replica servers
>>>
>>> Here is what I have done.
>>> ipa host-add ipa.dev.crosschx.com --random --force
>>>
>>> ipa service-add --force ldap/ipa.dev.crosschx.com
>>>
>>> ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={
>>> ipa-master.dev.crosschx.com,ipa-replica.dev.crosschx.com}
>>>
>>> ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com
>>> --users=admin
>>>
>>> ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
>>> ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com
>>> -K ldap/ipa-master.dev.crosschx.com
>>>
>>>
>>> I can see the certificate is being monitored by IPA when I run
>>> ipa-getcert list but I am lost at the step to have this cert put into the
>>> database so that IPA will properly respond when I try to connect over LDAPS.
>>>
>>> I was testing the connection with the following command and I see the
>>> the ipa-master.dev cert being served.
>>>
>>> openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername
>>> ipa.dev.crosschx.com
>>>
>>> Can you point me to the documentation I need to follow?
>>>
>>> Thank you.
>>>
>>>
>>> *Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
>>> 614-741-5475 <(614)%20741-5475>
>>> mike.plemmons at crosschx.com
>>> www.crosschx.com
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>>
>> --
>> Best regards
>>
>> Maciej Drobniuch
>> Network Security Engineer
>> Collective-Sense,LLC
>>
>
>


-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/fde2c5a6/attachment.htm>

From Grant.Janssen at efilm.com  Tue Jan  3 15:22:33 2017
From: Grant.Janssen at efilm.com (Grant Janssen)
Date: Tue, 3 Jan 2017 15:22:33 +0000
Subject: [Freeipa-users] os-x sierra + FreeIPA
Message-ID: <14A23044-6ECD-4FBF-85E1-97EECB40368F@efilm.com>

I am experiencing difficulty dragging this over the finish line.  I have many CentOS hosts authenticating to IPA, but have hit the wall on OS-X.
I consider myself pretty strong on os-x, and have run OpenDirectory (though that was ten years ago). My issue appears to be the LDAP mapping between OD and IPA.
System Intregrity Protection is disabled.  Users can pull tickets fine, this snag is in login/createhomedir.

I initially posted this on the bug list, and was redirected here.
You will find the details of this issue easiest to digest on the bug list<https://fedorahosted.org/freeipa/ticket/6581> (wiki markup is better that what this maling list would retain).

Please take a glance and let me know what you think.

Thank You for your attention.

- grant
This e-mail and any attachments are intended only for use by the addressee(s) named herein and may contain confidential information. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email and any attachments is strictly prohibited. If you receive this email in error, please immediately notify the sender by return email and permanently delete the original, any copy and any printout thereof. The integrity and security of e-mail cannot be guaranteed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/2b5696ff/attachment.htm>

From pvoborni at redhat.com  Tue Jan  3 15:52:16 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Tue, 3 Jan 2017 16:52:16 +0100
Subject: [Freeipa-users] FIPS 140-2 Compliance
In-Reply-To: <1a98c67f52f449ff833740851bdadac3@DM2PR0601MB028.008f.mgd2.msft.net>
References: <1a98c67f52f449ff833740851bdadac3@DM2PR0601MB028.008f.mgd2.msft.net>
Message-ID: <dd9338d5-47b2-9067-a35d-455ca057c6b2@redhat.com>

On 01/03/2017 04:28 PM, Sean Conley wrote:
> Good Morning!
> 
> Happy New Year to you, and any news on getting to FIPS Compliance?
> 
> *Michael Sean Conley*
> 
> Principal Systems Engineer
> 
> 
> 

Hello Sean,

It's being actively developed and support of it will most likely be part
of FreeIPA 4.5.
-- 
Petr Vobornik



From Dan.Finkelstein at high5games.com  Tue Jan  3 16:08:03 2017
From: Dan.Finkelstein at high5games.com (Dan.Finkelstein at high5games.com)
Date: Tue, 3 Jan 2017 16:08:03 +0000
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
Message-ID: <E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>

I've read through that page before, just last week, but I confess it's gone over my head. Could you give me an example of how to fix one of the conflicts below? I think when I see how it's done, I can do the rest.

Thanks,
Dan

[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.

From: Martin Basti <mbasti at redhat.com>
Date: Tuesday, January 3, 2017 at 09:07
To: Dan Finkelstein <Dan.Finkelstein at high5games.com>, "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] LDAP replication conflicts, but no apparent data damage


Here is a directory server documentation about replication conflicts https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

I hope it will help

Martin

On 03.01.2017 14:20, Dan.Finkelstein at high5games.com<mailto:Dan.Finkelstein at high5games.com> wrote:
I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have been cleaning up various dangling replicas and other cruft, but when I run the ipa consistency checker, it produces output that LDAP has conflicts. I then run:

ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local" "nsds5ReplConflict=*" \* nsds5ReplConflict

Which produces output as follows (which I don't know what to do with, yet):

# extended LDIF
#
# LDAPv3
# base <dc=test,dc=local> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#

# ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
dn: cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System<ldap://cn=System>: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System<ldap://cn=System>: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst<ldap://cn=Syst>
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
dn: cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System<ldap://cn=System>: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all"<ldap://all>;)

# custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia + 9865b2e2-c9a411e6-a9
37f721-75eb0f97, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 9865b2fe-c9a411e6-a937f721-75eb0f9
7, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=9865b2fe-c9a411e6-a
937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 9865b302-c9a411e6-a937f721-75eb0f97,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=9865b302-c9a411e6-a93
7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 9865b329-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
7,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 9865b343-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 9865b347-c9a411e6-a937f721-75eb0f97, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 9865b34b-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 9865b34f-c9a411e6-a937f721-75eb0f97,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=9865b34f-c9a411e6-a937
f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 9865b353-c9a411e6-a937f721-7
5eb0f97, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=9865b353-c9a4
11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 9865b357-c9a411e6-a937f721-75eb0f97, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=9865b357-c9a411e6-a937f721
-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 9865b364-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
dn: cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas + 9865b2b1-c9a411e6-a937f721-7
5eb0f97, ca, test.local
dn: cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
dn: cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System<ldap://cn=System>: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System<ldap://cn=System>: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst<ldap://cn=Syst>
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
dn: cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System<ldap://cn=System>: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all"<ldap://all>;)

# custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia + 6f47223b-c9a811e6-94
3e8d1c-0faa636d, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 6f472257-c9a811e6-943e8d1c-0faa636
d, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=6f472257-c9a811e6-9
43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 6f47225b-c9a811e6-943e8d1c-0faa636d,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=6f47225b-c9a811e6-943
e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
6d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 6f4722a8-c9a811e6-943e8d1c-0faa636d,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=6f4722a8-c9a811e6-943e
8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 6f4722ac-c9a811e6-943e8d1c-0
faa636d, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=6f4722ac-c9a8
11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
dn: cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas + 6f47220a-c9a811e6-943e8d1c-0
faa636d, ca, test.local
dn: cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 51
# numEntries: 50


[cid:image002.jpg at 01D265B1.A40B5AB0]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/540c7358/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/540c7358/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 4335 bytes
Desc: image002.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/540c7358/attachment-0001.jpg>

From schogan at us.ibm.com  Tue Jan  3 17:15:00 2017
From: schogan at us.ibm.com (Sean Hogan)
Date: Tue, 3 Jan 2017 10:15:00 -0700
Subject: [Freeipa-users] Minimum SSSD version for 2 factor
Message-ID: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@notes.na.collabserv.com>


Morning,

   Hope the Holidays went well for you all.

   I have been trying to find documentation on the required min sssd
version needed to run otp (2 factor) with no luck.  Was hoping you all
might know.
I see RHEL 6.8 comes with 1.13 SSSD so was wondering if that would be high
enough version to work with IPA 4.X OTP.




Thank You
Sean Hogan






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/bf0943b7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 08798274.jpg
Type: image/jpeg
Size: 27085 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/bf0943b7/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 08750289.gif
Type: image/gif
Size: 1650 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/bf0943b7/attachment.gif>

From Dan.Finkelstein at high5games.com  Tue Jan  3 17:20:22 2017
From: Dan.Finkelstein at high5games.com (Dan.Finkelstein at high5games.com)
Date: Tue, 3 Jan 2017 17:20:22 +0000
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
Message-ID: <09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>

Also, after attempting to rename one of the duplicated attributes, I get this in the error logs:

03/Jan/2017:17:19:30.605440097 +0000] retrocl-plugin - retrocl_postob: operation failure [68]
[03/Jan/2017:17:19:32.056965127 +0000] DSRetroclPlugin - replog: an error occured while adding change number 4799286, dn = changenumber=4799286,cn=changelog: Already exists.
[03/Jan/2017:17:19:32.058077520 +0000] retrocl-plugin - retrocl_postob: operation failure [68]
[03/Jan/2017:17:19:32.297145459 +0000] DSRetroclPlugin - replog: an error occured while adding change number 4799286, dn = changenumber=4799286,cn=changelog: Already exists.
[03/Jan/2017:17:19:32.298205569 +0000] retrocl-plugin - retrocl_postob: operation failure [68]


[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.

From: <freeipa-users-bounces at redhat.com> on behalf of Dan Finkelstein <Dan.Finkelstein at high5games.com>
Date: Tuesday, January 3, 2017 at 11:08
To: "mbasti at redhat.com" <mbasti at redhat.com>, "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] LDAP replication conflicts, but no apparent data damage

I've read through that page before, just last week, but I confess it's gone over my head. Could you give me an example of how to fix one of the conflicts below? I think when I see how it's done, I can do the rest.

Thanks,
Dan

[cid:image002.jpg at 01D265BB.BE45A250]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.

From: Martin Basti <mbasti at redhat.com>
Date: Tuesday, January 3, 2017 at 09:07
To: Dan Finkelstein <Dan.Finkelstein at high5games.com>, "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] LDAP replication conflicts, but no apparent data damage


Here is a directory server documentation about replication conflicts https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html

I hope it will help

Martin

On 03.01.2017 14:20, Dan.Finkelstein at high5games.com<mailto:Dan.Finkelstein at high5games.com> wrote:
I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have been cleaning up various dangling replicas and other cruft, but when I run the ipa consistency checker, it produces output that LDAP has conflicts. I then run:

ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local" "nsds5ReplConflict=*" \* nsds5ReplConflict

Which produces output as follows (which I don't know what to do with, yet):

# extended LDIF
#
# LDAPv3
# base <dc=test,dc=local> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#

# ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
dn: cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System<ldap://cn=System>: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System<ldap://cn=System>: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst<ldap://cn=Syst>
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
dn: cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System<ldap://cn=System>: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all"<ldap://all>;)

# custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia + 9865b2e2-c9a411e6-a9
37f721-75eb0f97, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 9865b2fe-c9a411e6-a937f721-75eb0f9
7, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=9865b2fe-c9a411e6-a
937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 9865b302-c9a411e6-a937f721-75eb0f97,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=9865b302-c9a411e6-a93
7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 9865b329-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
7,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 9865b343-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 9865b347-c9a411e6-a937f721-75eb0f97, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 9865b34b-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 9865b34f-c9a411e6-a937f721-75eb0f97,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=9865b34f-c9a411e6-a937
f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 9865b353-c9a411e6-a937f721-7
5eb0f97, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=9865b353-c9a4
11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 9865b357-c9a411e6-a937f721-75eb0f97, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=9865b357-c9a411e6-a937f721
-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 9865b364-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
dn: cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas + 9865b2b1-c9a411e6-a937f721-7
5eb0f97, ca, test.local
dn: cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local

# ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local

# domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
  entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local

# locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
dn: cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
  groupdn = "ldap:///cn=System<ldap://cn=System>: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
 modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System<ldap://cn=System>: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst<ldap://cn=Syst>
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)

# cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
dn: cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System<ldap://cn=System>: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System<ldap://cn=System>: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all"<ldap://all>;)

# custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local

# dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia + 6f47223b-c9a811e6-94
3e8d1c-0faa636d, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local

# ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal

# System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local

# System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local

# System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local

# System: Modify DNS Servers Configuration + 6f472257-c9a811e6-943e8d1c-0faa636
d, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=6f472257-c9a811e6-9
43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local

# System: Read DNS Servers Configuration + 6f47225b-c9a811e6-943e8d1c-0faa636d,
  permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=6f47225b-c9a811e6-943
e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local

# System: Manage Host Principals + 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
  pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local

# System: Modify IPA Locations + 6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read IPA Locations + 6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
6d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local

# System: Remove IPA Locations + 6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local

# System: Read Locations of IPA Servers + 6f4722a8-c9a811e6-943e8d1c-0faa636d,
 permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=6f4722a8-c9a811e6-943e
8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local

# System: Read Status of Services on IPA Servers + 6f4722ac-c9a811e6-943e8d1c-0
faa636d, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=6f4722ac-c9a8
11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local

# System: Manage Service Principals + 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local

# System: Manage User Principals + 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local

# servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
dn: cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local

# ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas + 6f47220a-c9a811e6-943e8d1c-0
faa636d, ca, test.local
dn: cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local

# search result
search: 2
result: 0 Success

# numResponses: 51
# numEntries: 50


[cid:image003.jpg at 01D265BB.BE45A250]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/22960533/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/22960533/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 4335 bytes
Desc: image002.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/22960533/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 4336 bytes
Desc: image003.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/22960533/attachment-0002.jpg>

From schogan at us.ibm.com  Tue Jan  3 17:31:09 2017
From: schogan at us.ibm.com (Sean Hogan)
Date: Tue, 3 Jan 2017 10:31:09 -0700
Subject: [Freeipa-users] Minimum SSSD version for 2 factor
In-Reply-To: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@LocalDomain>
References: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@LocalDomain>
Message-ID: <OFF829A2AC.A45EAB90-ON0725809D.006032BC-0725809D.00603C78@notes.na.collabserv.com>


Disregard... apparently I am blind.   Min is 1.12 per IPA docs.




Sean Hogan









From:	Sean Hogan/Durham/IBM
To:	freeipa-users <freeipa-users at redhat.com>
Date:	01/03/2017 10:15 AM
Subject:	Minimum SSSD version for 2 factor


Morning,

   Hope the Holidays went well for you all.

   I have been trying to find documentation on the required min sssd
version needed to run otp (2 factor) with no luck.  Was hoping you all
might know.
I see RHEL 6.8 comes with 1.13 SSSD so was wondering if that would be high
enough version to work with IPA 4.X OTP.




Thank You
Sean Hogan







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/5349176b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6E753547.jpg
Type: image/jpeg
Size: 27085 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/5349176b/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 6E816720.gif
Type: image/gif
Size: 1650 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/5349176b/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/5349176b/attachment-0001.gif>

From jochen at jochen.org  Tue Jan  3 17:41:05 2017
From: jochen at jochen.org (Jochen Hein)
Date: Tue, 03 Jan 2017 18:41:05 +0100
Subject: [Freeipa-users] Minimum SSSD version for 2 factor
In-Reply-To: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@notes.na.collabserv.com>
	(Sean Hogan's message of "Tue, 3 Jan 2017 10:15:00 -0700")
References: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@notes.na.collabserv.com>
Message-ID: <837f6cxcr2.fsf@echidna.jochen.org>

"Sean Hogan" <schogan at us.ibm.com> writes:

>    I have been trying to find documentation on the required min sssd
> version needed to run otp (2 factor) with no luck.  Was hoping you all
> might know.
> I see RHEL 6.8 comes with 1.13 SSSD so was wondering if that would be high
> enough version to work with IPA 4.X OTP.

I'm running 2FA/OTP on Ubuntu 14.04 with the following sssd:
ii  sssd                         1.12.5-1~trusty1    i386
System Security Services Daemon -- metapackage

What you miss is the prompt "First Factor"/"Second Factor" and you must
concatenate password and OTP at the password prompt. Otherwise it works
fine.

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.



From pvoborni at redhat.com  Tue Jan  3 17:45:13 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Tue, 3 Jan 2017 18:45:13 +0100
Subject: [Freeipa-users] how to make email as mandatory field before
 user creation
In-Reply-To: <43e38bad775d4d6fa96bd26485136bc7@BLUPR42MB0194.048d.mgd.msft.net>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
	<63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
	<43e38bad775d4d6fa96bd26485136bc7@BLUPR42MB0194.048d.mgd.msft.net>
Message-ID: <770ce4c9-6882-8bbd-5a26-fcd937baab97@redhat.com>

On 01/02/2017 08:46 PM, nirajkumar.singh at accenture.com wrote:
> Hi Prtr,
> 
> Can you please suggest how to do it with plugins and which plugin I need to use and how to integrate that plugin with freeipa.
> 
> Thanks
> Niraj

Disclaimer: the example below is not really save because it doesn't
handle e.g. stageusers and it might not work with later releases of
FreeIPA because IPA doesn't provide any supported plugin API yet.

Example: https://pvoborni.fedorapeople.org/plugins/backend/zuserplugin.py

Old(FreeIPA 3.3) extending guide:
  http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf

> 
> -----Original Message-----
> From: Petr Vobornik [mailto:pvoborni at redhat.com]
> Sent: 02 January 2017 22:21
> To: Singh, NirajKumar <nirajkumar.singh at accenture.com>; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] how to make email as mandatory field before user creation
> 
> On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
>> Hi Team,
>>
>> Is there any way to make email as mandatory field before creating any
>> user from WEBUI or Console?
>>
>> Thanks & Regards,
>>
>> Niraj Kumar Singh
>>
> 
> Hello Niraj,
> 
> FreeIPA doesn't support such configuration out of the box.
> 
> It is theoretically possible to implement IPA server side plugin to mark the field as required. It may not be straightforward though.
> 
> --
> Petr Vobornik
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
> 
> www.accenture.com
> 


-- 
Petr Vobornik



From lslebodn at redhat.com  Tue Jan  3 17:51:45 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Tue, 3 Jan 2017 18:51:45 +0100
Subject: [Freeipa-users] Minimum SSSD version for 2 factor
In-Reply-To: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@notes.na.collabserv.com>
References: <OFA7C889EB.9EA05096-ON0725809D.005C407F-0725809D.005EC1DB@notes.na.collabserv.com>
Message-ID: <20170103175144.GA18895@10.4.128.1>

On (03/01/17 10:15), Sean Hogan wrote:
>
>Morning,
>
>   Hope the Holidays went well for you all.
>
>   I have been trying to find documentation on the required min sssd
>version needed to run otp (2 factor) with no luck.  Was hoping you all
>might know.
>I see RHEL 6.8 comes with 1.13 SSSD so was wondering if that would be high
>enough version to work with IPA 4.X OTP.
>
sssd 1.13 could handle OTP but there is old MIT krb5
and therefore sssd is compiled without OTP feature in rhel6

LS



From b.candler at pobox.com  Tue Jan  3 18:02:51 2017
From: b.candler at pobox.com (Brian Candler)
Date: Tue, 3 Jan 2017 18:02:51 +0000
Subject: [Freeipa-users] 2FA and AllowNTHash
In-Reply-To: <CAL0MufK_gPgzkvKiOr6X+S-ufVh3ij39eLYLDGxpFy0-7VQZLw@mail.gmail.com>
References: <CAL0MufK_gPgzkvKiOr6X+S-ufVh3ij39eLYLDGxpFy0-7VQZLw@mail.gmail.com>
Message-ID: <d58bd7f6-990f-2769-1115-34ef57ec3ff2@pobox.com>

On 03/01/2017 15:28, Maciej Drobniuch wrote:
> We have a topo with 3x IPA servers + freeradius.
>
> Freeradius is being used to do mschap with wifi APs. Freeradius 
> connects over ldap to IPA.
>
> In order to do the challange-response thing, freeipa has AllowNTHash 
> enabled.
>
> So I wanted to enable 2FA/OTP but leave the NTHash as is for wifi auth.
>
> In the moment I disallow Password auth for a user and enable OTP the 
> wifi auth stopps working, but the hash clearly stays in ldap.
How are you actually authenticating the user? Are you just reading the 
ipaNTHash out of the LDAP database and letting FreeRADIUS check it? Then 
AFAICS it shouldn't make any different whether OTP is enabled or not.  
Can you show more of your RADIUS config, and the debug output from the 
part which authenticates the user?

I don't use OTP myself, but I wouldn't expect the ipaNTHash to change 
depending on whether OTP is enabled or not (and you're saying the hash 
stays put).

I have what sounds like a similar setup to yours, using FreeRADIUS 
3.0.12 talking to FreeIPA 4.4.0, using a service user which has 
permissions to read out the ipaNTHash directly, based on this blog post:
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html

ldap config:

         base_dn = 'cn=users,cn=accounts,dc=ipa,dc=example,dc=com'

         sasl {
                 mech = 'GSSAPI'
                 realm = 'IPA.EXAMPLE.COM'
         }

         update {
                 control:NT-Password             := 'ipaNTHash'
                 control:Tmp-String-9            := 'krbPasswordExpiration'
         }

         user {
                 base_dn = "${..base_dn}"
                 filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
                 scope = "one"
         }

         group {
                 membership_attribute = 'memberOf'
                 name_attributes = 'cn'

                 cacheable_dn = 'yes'
                 cacheable_name = 'no'
         }

default and inner-tunnel authentication is then just:

authenticate {
         Auth-Type PAP {
                 pap
         }

         Auth-Type MS-CHAP {
                 mschap
         }

         eap
}

Also you need to put the service user's keytab somewhere, and set a 
couple of environment variables when it starts, if you want to use 
Kerberos to protect the LDAP connection. Using systemd override:

[Unit]
Requires=dirsrv.target
After=dirsrv.target

[Service]
Environment=KRB5_CLIENT_KTNAME=/etc/radiusd.keytab
Environment=KRB5CCNAME=MEMORY:
Restart=always
RestartSec=5

(Otherwise you can bind with a specific dn and password, but then you 
also need to sort out TLS to secure the LDAP traffic)

There is more magic you can do with the krbPasswordExpiration attribute 
to force the user to do a password change over MSCHAP - but that's now 
straying a long way from what's relevant on a FreeIPA mailing list.

HTH,

Brian.



From Dan.Finkelstein at high5games.com  Tue Jan  3 19:49:53 2017
From: Dan.Finkelstein at high5games.com (Dan.Finkelstein at high5games.com)
Date: Tue, 3 Jan 2017 19:49:53 +0000
Subject: [Freeipa-users] ldap_rename: Operations error (1)
Message-ID: <4BCF9E1B-AC0B-49FC-810D-93144BD30AAE@high5games.com>

I'm running FreeIPA 4.4.0 on CentOS 7.3 and I almost succeeded in renaming a duplicate, but then this happens:

modifying rdn of entry "cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups,cn=accounts,dc=test,dc=local"
ldap_rename: Operations error (1)

The commands were:
$ ldapmodify -D "cn=directory manager" -W -p 389 -h ipa.test.local -x
Enter LDAP Password:
dn: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups,cn=accounts,dc=test,dc=local
changetype: modrdn
newrdn: cn=9865b29e
deleteoldrdn: 0

Any ideas?

[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/d48874c1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/d48874c1/attachment.jpg>

From alan at instinctualsoftware.com  Tue Jan  3 21:02:21 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Tue, 3 Jan 2017 13:02:21 -0800
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
Message-ID: <30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>

Log is attached.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaclient-install.log
Type: application/octet-stream
Size: 7487 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/48902c18/attachment.obj>
-------------- next part --------------


> On Jan 3, 2017, at 12:16 AM, Martin Babinsky <mbabinsk at redhat.com> wrote:
> 
> On 01/02/2017 11:22 PM, Alan Latteri wrote:
>> I upgraded our FreeIPA server from Cent7.2 to 7.3 which also upgraded freeipa to 4.4.  On some clients they failed to re-authenticate post upgrade.  I then did an
>> ipa-client-install ?uninstall , and then tried re-joining to IPA server with
>> ipa-client-install --mkhomedir --force-ntpd --force-join.
>> 
>> Now I am getting the below error, and I have no idea how to recover.  Firewall is disabled.
>> 
>> Thanks,
>> Alan
>> 
>> User authorized to enroll computers: admin
>> Password for admin at XXX.LOCAL:
>> Please make sure the following ports are opened in the firewall settings:
>>     TCP: 80, 88, 389
>>     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
>> Also note that following ports are necessary for ipa-client working properly after enrollment:
>>     TCP: 464
>>     UDP: 464, 123 (if NTP enabled)
>> Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library
>> 
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>> 
>> 
>> [root at troll ~]# systemctl status firewalld
>> ? firewalld.service - firewalld - dynamic firewall daemon
>>   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
>>   Active: inactive (dead)
>> 
>> Installed Packages
>> ipa-client.x86_64                                                4.4.0-14.el7.centos                                         @updates
>> ipa-client-common.noarch                                         4.4.0-14.el7.centos                                         @updates
>> ipa-common.noarch                                                4.4.0-14.el7.centos                                         @updates
>> 
> 
> Hi Alan,
> 
> it would be nice if you could post the client install log (/var/log/ipaclient-install.log). It is hard to tell what happens without seeing it.
> 
> -- 
> Martin^3 Babinsky
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


From rcritten at redhat.com  Tue Jan  3 21:25:31 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 3 Jan 2017 16:25:31 -0500
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
Message-ID: <586C16CB.4030202@redhat.com>

Alan Latteri wrote:
> Log is attached.

Look and see if /etc/krb5.conf.d/ and
/var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
filesystem perms are an issue but who knows.

You can also brute force things using strace -f to find out exactly what
can't be read.

rob



From alan at instinctualsoftware.com  Tue Jan  3 21:44:27 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Tue, 3 Jan 2017 13:44:27 -0800
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <586C16CB.4030202@redhat.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
Message-ID: <C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>

Thanks Rob.

/etc/krb5.conf.d/  was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?

Alan

> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> 
> Alan Latteri wrote:
>> Log is attached.
> 
> Look and see if /etc/krb5.conf.d/ and
> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
> filesystem perms are an issue but who knows.
> 
> You can also brute force things using strace -f to find out exactly what
> can't be read.
> 
> rob
> 




From jhrozek at redhat.com  Tue Jan  3 22:06:26 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Tue, 3 Jan 2017 23:06:26 +0100
Subject: [Freeipa-users] Unable to resolve AD users from IPA clients
In-Reply-To: <778879914.4889.1483454359268.JavaMail.zimbra@elostech.cz>
References: <778879914.4889.1483454359268.JavaMail.zimbra@elostech.cz>
Message-ID: <20170103220626.xqwbyuvrlvwvwrew@hendrix>

On Tue, Jan 03, 2017 at 03:39:19PM +0100, Jan Kar?sek wrote:
> Hi, 
> 
> I have trouble with resolving AD users from my IPA clients. 
> 
> Environment: 2x IPA server with trust into AD - both IPA servers and clients running latest rhel 7.3. 
> 
> IPA domain: vs.example.com 
> AD domain: example.com, cen.example.com 
> 
> All tstxxxxx users are in cen.example.com but their UPN is set to tstxxxxx at example.com 
> 
> I can run id and getent passwd commands without problem from both IPA servers: 
> 
> id tst99655 at example.com 
> uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix),930000008(final_test_group) 
> 
> getent tst99655 at example.com 
> tst99655 at cen.example.com:*:20018:5001:ipa_test:/home/cen.example.com/tst99655:/bin/bash 
> 
> But from client: 
> 
> root at trh7clnt02:~# id tst99655 at example.com 
> id: tst99655 at example.com: no such user 
> root at trh7clnt02:~#getent passwd tst99655 at example.com 
> ... no reply 
> 
> 
> But when I run on client: 
> getent group csunix at cen.example.com - it takes more then 30s 
> csunix at cen.example.com:*:5001: .... and really long list of users 
> 
> Then again from client: 
> 
> root at trh7clnt02:~# id tst99655 at example.com 
> uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix) 
> 
> root at trh7clnt02:~# getent passwd tst99655 at example.com 
> tst99655 at cen.example.com:*:20018:5001:ipatest:/home/cen.example.com/tst99655:/bin/bash 
> 
> This time it works and it keeps working until I clean the sssd cache on client. Then I have to run that getent group csunix command again. 
> 
> I would say it is some timeout issue with enumerating csunix group. I have tried to fix it by adding: 
> 
> ldap_search_timeout = 50 

I don't think this would be related to the searches timing out but
probably parsing and storing the entries on the server and the client.

Could you try adding this on the server side's sssd.conf?

[domain/domname]
subdomain_inherit = ignore_group_members
ignore_group_members = True

By the way, did you install 7.3 cleanly or did you upgrade? And if you
upgraded, did you ever removed the cache post-upgrade on the server?

There's been some improvements related to performance in 7.3 and even
more are coming in 7.4.



From alan at instinctualsoftware.com  Wed Jan  4 01:33:39 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Tue, 3 Jan 2017 17:33:39 -0800
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
	<C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
Message-ID: <75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>

Further investigation.

On a clean install of CentOS 7.2 with IPA Client 4.4, /etc/krb5.conf.d/ is missing, and therefore initial setup will fail unless manual creation of /etc/krb5.conf.d/
Maybe the install script for the client can be updated to check for and create?

Thanks,
Alan

> On Jan 3, 2017, at 1:44 PM, Alan Latteri <alan at instinctualsoftware.com> wrote:
> 
> Thanks Rob.
> 
> /etc/krb5.conf.d/  was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
> Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?
> 
> Alan
> 
>> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>> 
>> Alan Latteri wrote:
>>> Log is attached.
>> 
>> Look and see if /etc/krb5.conf.d/ and
>> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
>> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
>> filesystem perms are an issue but who knows.
>> 
>> You can also brute force things using strace -f to find out exactly what
>> can't be read.
>> 
>> rob
>> 
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From peter at peterlarsen.org  Wed Jan  4 04:11:28 2017
From: peter at peterlarsen.org (Peter Larsen)
Date: Tue, 3 Jan 2017 23:11:28 -0500
Subject: [Freeipa-users] Migrate from FreeIPA 3 to 4
Message-ID: <4fe618ef-2fbb-789a-29fb-038ab270f39f@peterlarsen.org>

I'm attempting to migrate my IDM server from RHEL6 to RHEL7. Ie. from
IPA 3 to IPA 4. My IPA 3 installation does not manage DNS - but other
than that, it's a very basic installation on a very small set of servers
(less than 50).

To start the migration I run
# ipa-replica-prepare ipa.peterlarsen.org

(ipa is the name of the new RHEL7 server). My intention is to setup a
replica on that server, and once fully established remove the old
installation.

I'm prompted for the dirsrv password and once entered it's accepted. It
also gets accepted if I use the --password=blabla option. However, the
process doesn't get far and terminates with:

ipa-replica-prepare ipa.peterlarsen.org

Preparing replica for ipa.peterlarsen.org from idm.peterlarsen.org
preparation of replica failed: Insufficient access:  Invalid credentials
Insufficient access:  Invalid credentials
  File "/usr/sbin/ipa-replica-prepare", line 529, in <module>
    main()

  File "/usr/sbin/ipa-replica-prepare", line 391, in main
    update_pki_admin_password(dirman_password)

  File "/usr/sbin/ipa-replica-prepare", line 247, in
update_pki_admin_password
    bind_pw=dirman_password

  File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in
connect
    conn = self.create_connection(*args, **kw)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 846, in create_connection
    self.handle_errors(e)

  File "/usr/lib/python2.6/site-packages/ipaserver/plugins/ldap2.py",
line 712, in handle_errors
    raise errors.ACIError(info="%s %s" % (info, desc))

=====

I'm not sure the "invalid credentials" error message can be trusted (as
it does do a successful bind initially). Here's the log from the PKI-IPA:

[03/Jan/2017:23:08:26 -0500] conn=36 fd=73 slot=73 connection from
192.168.11.xxx to 192.168.11.xxx
[03/Jan/2017:23:08:26 -0500] conn=36 op=0 BIND dn="cn=Directory Manager"
method=128 version=2
[03/Jan/2017:23:08:26 -0500] conn=36 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn="cn=directory manager"
[03/Jan/2017:23:08:26 -0500] conn=36 op=1 SRCH
base="ou=sessions,ou=Security Domain,o=ipaca" scope=2
filter="(objectClass=securityDomainSessionEntry)" attrs="cn"
[03/Jan/2017:23:08:26 -0500] conn=36 op=1 RESULT err=32 tag=101
nentries=0 etime=0
[03/Jan/2017:23:08:26 -0500] conn=36 op=2 UNBIND
[03/Jan/2017:23:08:26 -0500] conn=36 op=2 fd=73 closed - U1
[03/Jan/2017:23:08:27 -0500] conn=6 op=40 MOD
dn="cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca"
[03/Jan/2017:23:08:27 -0500] conn=6 op=40 RESULT err=0 tag=103
nentries=0 etime=0
[03/Jan/2017:23:09:04 -0500] conn=37 fd=73 slot=73 SSL connection from
192.168.11.xxx to 192.168.11.xxx
[03/Jan/2017:23:09:04 -0500] conn=37 TLS1.2 256-bit AES
[03/Jan/2017:23:09:04 -0500] conn=37 op=0 BIND dn="cn=directory manager"
method=128 version=3
[03/Jan/2017:23:09:04 -0500] conn=37 op=0 RESULT err=49 tag=97
nentries=0 etime=0 - Invalid credentials
[03/Jan/2017:23:09:04 -0500] conn=37 op=1 UNBIND
[03/Jan/2017:23:09:04 -0500] conn=37 op=1 fd=73 closed - U1

Looks more like a structural issue?

-- 
Regards
  Peter Larsen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/fd49fcfc/attachment.htm>

From rcritten at redhat.com  Wed Jan  4 04:33:47 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 3 Jan 2017 23:33:47 -0500
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
	<C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
	<75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>
Message-ID: <586C7B2B.5030601@redhat.com>

Alan Latteri wrote:
> Further investigation.
> 
> On a clean install of CentOS 7.2 with IPA Client 4.4, /etc/krb5.conf.d/ is missing, and therefore initial setup will fail unless manual creation of /etc/krb5.conf.d/
> Maybe the install script for the client can be updated to check for and create?

Is there a reason you're running 7.3 packages on a 7.2 system? I suspect
that is the problem. AFAIU in 7.3 this directory is provided by krb5-libs.

Is there some feature you need in the 4.4 client installer on 7.2?

rob

> 
> Thanks,
> Alan
> 
>> On Jan 3, 2017, at 1:44 PM, Alan Latteri <alan at instinctualsoftware.com> wrote:
>>
>> Thanks Rob.
>>
>> /etc/krb5.conf.d/  was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
>> Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?
>>
>> Alan
>>
>>> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>>
>>> Alan Latteri wrote:
>>>> Log is attached.
>>>
>>> Look and see if /etc/krb5.conf.d/ and
>>> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
>>> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
>>> filesystem perms are an issue but who knows.
>>>
>>> You can also brute force things using strace -f to find out exactly what
>>> can't be read.
>>>
>>> rob
>>>
>>
>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 



From alan at instinctualsoftware.com  Wed Jan  4 04:35:59 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Tue, 3 Jan 2017 20:35:59 -0800
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <586C7B2B.5030601@redhat.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
	<C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
	<75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>
	<586C7B2B.5030601@redhat.com>
Message-ID: <7AAAC935-2110-4160-8275-E9BFD8B4F8D6@instinctualsoftware.com>

Well on new installs of Cent 7.2, when I do `yum install ipa-client`, that is the version provided.
Unfortunately, most of our systems have to be on Cent 7.2, not 7.3, and it is out of our control.

Alan

> On Jan 3, 2017, at 8:33 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> 
> Alan Latteri wrote:
>> Further investigation.
>> 
>> On a clean install of CentOS 7.2 with IPA Client 4.4, /etc/krb5.conf.d/ is missing, and therefore initial setup will fail unless manual creation of /etc/krb5.conf.d/
>> Maybe the install script for the client can be updated to check for and create?
> 
> Is there a reason you're running 7.3 packages on a 7.2 system? I suspect
> that is the problem. AFAIU in 7.3 this directory is provided by krb5-libs.
> 
> Is there some feature you need in the 4.4 client installer on 7.2?
> 
> rob
> 
>> 
>> Thanks,
>> Alan
>> 
>>> On Jan 3, 2017, at 1:44 PM, Alan Latteri <alan at instinctualsoftware.com> wrote:
>>> 
>>> Thanks Rob.
>>> 
>>> /etc/krb5.conf.d/  was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
>>> Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?
>>> 
>>> Alan
>>> 
>>>> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>>> 
>>>> Alan Latteri wrote:
>>>>> Log is attached.
>>>> 
>>>> Look and see if /etc/krb5.conf.d/ and
>>>> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
>>>> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
>>>> filesystem perms are an issue but who knows.
>>>> 
>>>> You can also brute force things using strace -f to find out exactly what
>>>> can't be read.
>>>> 
>>>> rob
>>>> 
>>> 
>>> 
>>> -- 
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>> 
> 




From ianh at brownpapertickets.com  Wed Jan  4 04:37:43 2017
From: ianh at brownpapertickets.com (Ian Harding)
Date: Tue, 3 Jan 2017 20:37:43 -0800
Subject: [Freeipa-users] Topology -> IPA Servers
Message-ID: <c266eb08-c839-e9da-fe09-7daf9ca9c7c9@brownpapertickets.com>

I have finally had some luck expunging the remnants of long removed IPA
servers now that I have upgraded to FreeIPA 4.4.

However, when I look at the IPA Servers list under Topology, I now have
three records like so:

	
Server name Min domain level Max domain level Managed suffixes
	
freeipa-dal.bpt.rocks
freeipa-sea.bpt.rocks 0 1 domain, ca
seattlenfs.bpt.rocks 0 0 domain
Showing 1 to 3 of 3 entries.

And an error dialog pops up which says "freeipa-dal.bpt.rocks: server
not found" which is true, it's long dead.

[root at freeipa-sea ianh]# ipa-replica-manage del --force --cleanup
freeipa-dal.bpt.rocks
Cleaning a master is irreversible.
This should not normally be require, so use cautiously.
Continue to clean master? [no]: yes

[root at freeipa-sea ianh]# ipa host-find freeipa-dal.bpt.rocks --all
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------
[root at freeipa-sea ianh]# ipa-replica-manage list
seattlenfs.bpt.rocks: master
freeipa-dal.bpt.rocks: master
freeipa-sea.bpt.rocks: master
[root at freeipa-sea ianh]# ipa-replica-manage list-ruv
Directory Manager password:

Replica Update Vectors:
	seattlenfs.bpt.rocks:389: 21
	freeipa-sea.bpt.rocks:389: 20
Certificate Server Replica Update Vectors:
	freeipa-sea.bpt.rocks:389: 1065

Any ideas how to make that ghost finally go away?  I'm trying to change
the domain level of freeipa-sea.bpt.rocks, but when I do I get

"Domain Level cannot be raised to 1, server freeipa-dal.bpt.rocks does
not support it."

Thanks!
-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From bentech4you at gmail.com  Wed Jan  4 06:21:28 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Wed, 4 Jan 2017 09:21:28 +0300
Subject: [Freeipa-users] ipa replica installation help
Message-ID: <CA+C_GOV1sQ33SkBJdR+vjLK9AQPGm9Y6vFopHLMtRx=tgmgrGQ@mail.gmail.com>

HI

while trying to create ipa replica, i am getting below error,

Replica creation using 'ipa-replica-prepare' to generate replica file
is supported only in 0-level IPA domain.

The current IPA domain level is 1 and thus the replica must
be created by promoting an existing IPA client.

To set up a replica use the following procedure:
    1.) set up a client on the host using 'ipa-client-install'
    2.) promote the client to replica running 'ipa-replica-install'
        *without* replica file specified

'ipa-replica-prepare' is allowed only in domain level 0
The ipa-replica-prepare command failed.


i have IPA master server without AD integration and DNS is managed by 3rd
party appliances.



Regards,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/8621b525/attachment.htm>

From mbabinsk at redhat.com  Wed Jan  4 08:19:18 2017
From: mbabinsk at redhat.com (Martin Babinsky)
Date: Wed, 4 Jan 2017 09:19:18 +0100
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOV1sQ33SkBJdR+vjLK9AQPGm9Y6vFopHLMtRx=tgmgrGQ@mail.gmail.com>
References: <CA+C_GOV1sQ33SkBJdR+vjLK9AQPGm9Y6vFopHLMtRx=tgmgrGQ@mail.gmail.com>
Message-ID: <0be000dd-f1b5-ebc2-42da-7d71885caae1@redhat.com>

On 01/04/2017 07:21 AM, Ben .T.George wrote:
> HI
>
> while trying to create ipa replica, i am getting below error,
>
> Replica creation using 'ipa-replica-prepare' to generate replica file
> is supported only in 0-level IPA domain.
>
> The current IPA domain level is 1 and thus the replica must
> be created by promoting an existing IPA client.
>
> To set up a replica use the following procedure:
>     1.) set up a client on the host using 'ipa-client-install'
>     2.) promote the client to replica running 'ipa-replica-install'
>         *without* replica file specified
>
> 'ipa-replica-prepare' is allowed only in domain level 0
> The ipa-replica-prepare command failed.
>
>
> i have IPA master server without AD integration and DNS is managed by
> 3rd party appliances.
>
>
>
> Regards,
> Ben
>
>

Hi Ben,

If you installed IPA 4.4 server then domain level 1 is the default. This 
domain level uses different mechanism to stand up replicas. See the 
latest IdM documentation[1] for more details.

[1] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html

-- 
Martin^3 Babinsky



From flo at redhat.com  Wed Jan  4 08:48:17 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Wed, 4 Jan 2017 09:48:17 +0100
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
Message-ID: <0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>

On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
> Thanks for your reply.
>
> This was the initial error I asked for help a while ago and did not get
> resolved. Further digging showed the recent errors.
> The service was running (using ipactl start --force) and only after a
> restart I am getting a stack trace for two primary messages:
>
> Could not connect to LDAP server host wwgwho01.webwim.com
> <http://wwgwho01.webwim.com> port 636 Error netscape.ldap.LDAPException:
> Authentication failed (48)
> ...
>
> Internal Database Error encountered: Could not connect to LDAP server
> host wwgwho01.webwim.com <http://wwgwho01.webwim.com> port 636 Error
> netscape.ldap.LDAPException: Authentication failed (48)
> ...
>
> and finally:
> [02/Jan/2017:12:20:34][localhost-startStop-1]: CMSEngine.shutdown()
>
>
> 2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
> <mailto:flo at redhat.com>>:
>
>     systemctl start pki-tomcatd at pki-tomcat.service
>
>
>
Hi Daniel,

the next step would be to understand the root cause of this 
"Authentication failed (48)" error. Note the exact time of this log and 
look for a corresponding log in the LDAP server logs 
(/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing BIND with 
err=48. This may help diagnose the issue (if we can see which 
certificate is used for the bind or if there is a specific error message).

For the record, a successful bind over SSL would produce this type of 
log where we can see the certificate subject and the user mapped to this 
certificate:
[...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to 10.34.58.150
[...] conn=47 TLS1.2 128-bit AES; client CN=CA Subsystem,O=DOMAIN.COM; 
issuer CN=Certificate Authority,O=DOMAIN.COM
[...] conn=47 TLS1.2 client bound as uid=pkidbuser,ou=people,o=ipaca
[...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
[...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0 
dn="uid=pkidbuser,ou=people,o=ipaca"

Flo



From flo at redhat.com  Wed Jan  4 09:09:28 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Wed, 4 Jan 2017 10:09:28 +0100
Subject: [Freeipa-users] updating certificates
In-Reply-To: <16f61b80-8f88-c861-bd40-3a8bdb48c093@use.startmail.com>
References: <961a039c237577e3b3a460ab3a33e6d5.startmail@www.startmail.com>
	<57728EB8.2050805@redhat.com>
	<a47a32f504dd060ebd87417765d0596f.startmail@www.startmail.com>
	<5783A8E6.4010407@redhat.com>
	<16f61b80-8f88-c861-bd40-3a8bdb48c093@use.startmail.com>
Message-ID: <1257d02b-c25d-074d-99cf-dd4e59713c9b@redhat.com>

On 12/24/2016 01:58 AM, Josh wrote:
> Hi Rob,
>
> I'd like to really clarify renew certificate process. I can successfully
> update certificates in /etc/dirsrv/slapd-domain and /etc/httpd/alias but
> any new ipa client gets expired certificate still present someplace in
> LDAP. I was trying to use ipa-server-certinstall, described in
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/third-party-certs-http-ldap.html
> but document does not cover the case where intermediate certificate is
> required.
Hi Josh,

if the HTTP and LDAP certificates were signed by an intermediate CA, 
then you need to install both the root CA and the intermediate CA with 
ipa-cacert-manage install:

1/ install the root CA (if not already done)
ipa-cacert-manage install rootcert.pem
ipa-certupdate (on all the servers and clients)

2/ install the intermediate CA (if not already done)
ipa-cacert-manage install intermediatecert.pem
ipa-certupdate (on all the servers and clients)

3/ install the HTTP and LDAP certificates
ipa-server-certinstall ...

HTH,
Flo

>
> Josh.
>
> On 07/11/2016 10:10 AM, Rob Crittenden wrote:
>> jcnt at use.startmail.com wrote:
>>> On Tuesday, June 28, 2016 10:50 AM, Rob Crittenden
>>> <rcritten at redhat.com> wrote:
>>>> jcnt at use.startmail.com wrote:
>>>>> Greetings,
>>>>>
>>>>> About a year ago I installed my freeipa server with certificates from
>>>>> startssl using command line options --dirsrv-cert-file
>>>>> --http-cert-file
>>>>> etc.
>>>>> The certificate is about to expire, what is the proper way to
>>>>> update it
>>>>> in all places?
>>>>
>>>> It depends on whether you kept the original CSR or not. If you kept the
>>>> original CSR and are just renewing the certificate(s) then when you get
>>>> the new one, use certutil to add the updated cert to the appropriate
>>>> NSS
>>>> database like:
>>>>
>>>> # certutil -A -n Server-Cert -d /etc/httpd/alias -t u,u,u -a -i
>>>> /path/to/new.crt
>>>>
>>>
>>> Rob,
>>>
>>> Thank you, that worked just fine, except that I had to update an
>>> intermediate certificate as well.
>>>
>>> Two questions, please:
>>>
>>> 1. I noticed a strange discrepancy in behavior between
>>> /etc/httpd/alias and /etc/dirsrv/slapd-domain.
>>> In both places original intermediate certificate is listed with empty
>>> ",," trust attributes so I initially added new intermediate
>>> certificate with empty attributes as well.
>>> certutils -V showed valid certificate in /etc/httpd/alias and not
>>> trusted in /etc/dirsrv/slapd-domain so I had to modify intermediate
>>> certificate with -t "C,,"
>>
>> Hmm, not sure. Did the CA chain change in between the issuance of the
>> two certs?
>>
>> Adding a new certificate shouldn't affect the trust of any other certs
>> so I'm not sure what happened. It could be that those subordinate CAs
>> were loaded the first time incorrectly but weren't used so it wasn't
>> noticed, I'm not really sure.
>>
>>> 2. Just out of curiosity I wanted to list private keys and is
>>> prompted for a password:
>>> # certutil -K -d /etc/httpd/alias/
>>> certutil: Checking token "NSS Certificate DB" in slot "NSS User
>>> Private Key and Certificate Services"
>>> Enter Password or Pin for "NSS Certificate DB":
>>>
>>> Which one of the many provided by a user passwords is used by
>>> ipa-server-install command during NSS database initialization?
>>
>> In each NSS directory there is a pwdfile.txt which contains the PIN
>> for the internal token. You can add -f /etc/httpd/alias/pwdfile.txt to
>> your command to list the private keys.
>>
>> rob
>



From jamesaharrisonuk at yahoo.co.uk  Wed Jan  4 09:28:45 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Wed, 4 Jan 2017 09:28:45 +0000 (UTC)
Subject: [Freeipa-users] Manually configuring Freeipa bind configs to host
	secondary zones
References: <1289829626.10354110.1483522125234.ref@mail.yahoo.com>
Message-ID: <1289829626.10354110.1483522125234@mail.yahoo.com>

Hi All,I realise Free IPA doesn't yet support secondary zones in the web interface or command line tools (I might be wrong :) ) When I talk about secondary zones I mean a zone replicated from Windows DNS masters.
Can the Free IPA bind configs be manually altered to host secondary zones. Is it supported or will they just be over-written by Freeipa?
I've been hunting for an answer online, but found nothing about this.

Many thanks,James Harrison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/b08a539b/attachment.htm>

From slaznick at redhat.com  Wed Jan  4 09:38:06 2017
From: slaznick at redhat.com (Standa Laznicka)
Date: Wed, 4 Jan 2017 10:38:06 +0100
Subject: [Freeipa-users] how to make email as mandatory field before
 user creation
In-Reply-To: <770ce4c9-6882-8bbd-5a26-fcd937baab97@redhat.com>
References: <47fd3579651242ed89012e664e6aa2c5@BLUPR42MB0194.048d.mgd.msft.net>
	<63da1063-8ba6-fa41-ff44-8916c4a99c7f@redhat.com>
	<43e38bad775d4d6fa96bd26485136bc7@BLUPR42MB0194.048d.mgd.msft.net>
	<770ce4c9-6882-8bbd-5a26-fcd937baab97@redhat.com>
Message-ID: <7325b0c5-17e0-a7ec-ad8e-32aed6395dbf@redhat.com>

On 01/03/2017 06:45 PM, Petr Vobornik wrote:
> On 01/02/2017 08:46 PM, nirajkumar.singh at accenture.com wrote:
>> Hi Prtr,
>>
>> Can you please suggest how to do it with plugins and which plugin I need to use and how to integrate that plugin with freeipa.
>>
>> Thanks
>> Niraj
> Disclaimer: the example below is not really save because it doesn't
> handle e.g. stageusers
... which you could perhaps ensure by replacing "user" with "baseuser" 
in the whole proposed "zuserplugin.py" file. It should not break more 
stuff than the proposed change I should hope :)
> and it might not work with later releases of
> FreeIPA because IPA doesn't provide any supported plugin API yet.
>
> Example: https://pvoborni.fedorapeople.org/plugins/backend/zuserplugin.py
>
> Old(FreeIPA 3.3) extending guide:
>    http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf
>
>> -----Original Message-----
>> From: Petr Vobornik [mailto:pvoborni at redhat.com]
>> Sent: 02 January 2017 22:21
>> To: Singh, NirajKumar <nirajkumar.singh at accenture.com>; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] how to make email as mandatory field before user creation
>>
>> On 01/02/2017 05:00 PM, nirajkumar.singh at accenture.com wrote:
>>> Hi Team,
>>>
>>> Is there any way to make email as mandatory field before creating any
>>> user from WEBUI or Console?
>>>
>>> Thanks & Regards,
>>>
>>> Niraj Kumar Singh
>>>
>> Hello Niraj,
>>
>> FreeIPA doesn't support such configuration out of the box.
>>
>> It is theoretically possible to implement IPA server side plugin to mark the field as required. It may not be straightforward though.
>>
>> --
>> Petr Vobornik
>>
>> ________________________________
>>
>> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
>> ______________________________________________________________________________________
>>
>> www.accenture.com
>>
>



From lslebodn at redhat.com  Wed Jan  4 09:44:37 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Wed, 4 Jan 2017 10:44:37 +0100
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <7AAAC935-2110-4160-8275-E9BFD8B4F8D6@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
	<C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
	<75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>
	<586C7B2B.5030601@redhat.com>
	<7AAAC935-2110-4160-8275-E9BFD8B4F8D6@instinctualsoftware.com>
Message-ID: <20170104094435.GB19068@10.4.128.1>

On (03/01/17 20:35), Alan Latteri wrote:
>Well on new installs of Cent 7.2, when I do `yum install ipa-client`, that is the version provided.
>Unfortunately, most of our systems have to be on Cent 7.2, not 7.3, and it is out of our control.
>
You will install el7.3 on CentOS 7.2 by default.
If you want to stay on 7.2 you need to change repositories

sh# yum install --setopt=debuglevel=1 --assumeno sssd-client
Ignored option -q, -v, -d or -e (probably due to merging: -yq != -y -q)

================================================================================
 Package               Arch        Version                   Repository    Size
================================================================================
Installing:
 sssd-client           x86_64      1.14.0-43.el7_3.4         updates      171 k
Installing for dependencies:
 libsss_idmap          x86_64      1.14.0-43.el7_3.4         updates      118 k
 libsss_nss_idmap      x86_64      1.14.0-43.el7_3.4         updates      116 k

Transaction Summary
================================================================================
Install  1 Package (+2 Dependent packages)

sh# yum-config-manager --disable base extras updates
sh# yum-config-manager --enable "C7.2.1511*"
sh# yum repolist
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
repo id                             repo name
status
C7.2.1511-base/x86_64               CentOS-7.2.1511 - Base                9007
C7.2.1511-centosplus/x86_64         CentOS-7.2.1511 - CentOSPlus           134
C7.2.1511-extras/x86_64             CentOS-7.2.1511 - Extras               393
C7.2.1511-fasttrack/x86_64          CentOS-7.2.1511 - CentOSPlus             0
C7.2.1511-updates/x86_64            CentOS-7.2.1511 - Updates             2560


sh# yum install --setopt=debuglevel=1 --assumeno sssd-client

================================================================================
 Package             Arch      Version               Repository            Size
================================================================================
Installing:
 sssd-client         x86_64    1.13.0-40.el7_2.12    C7.2.1511-updates    158 k
Installing for dependencies:
 libsss_idmap        x86_64    1.13.0-40.el7_2.12    C7.2.1511-updates    104 k
 libsss_nss_idmap    x86_64    1.13.0-40.el7_2.12    C7.2.1511-updates    103 k

Transaction Summary
================================================================================
Install  1 Package (+2 Dependent packages)


LS



From bentech4you at gmail.com  Wed Jan  4 09:59:56 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Wed, 4 Jan 2017 12:59:56 +0300
Subject: [Freeipa-users] ipa replica installation help
Message-ID: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>

HI

i tried the method mentioned on that document and it end up with below
error. My DNS is managed by external box and i dont want to create any DNS
record on these servers.

and the command which i tried is(non client server)

ipa-replica-install --principal admin --admin-password P at ssw0rd --domain
kw.example.com --server zkwipamstr01.kw.example.com



ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
exit status 1). See the installation log for details.
  [29/44]: setting up initial replication
  [error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
[root at zkwiparepa01 ~]# /bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service
Job for dirsrv at KW-EXAMPLE-COM.service failed because the control process
exited with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
and "journalctl -xe" for details.

[root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
   Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor
preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST;
13s ago
  Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i
/var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
  Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
/etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
 Main PID: 14893 (code=exited, status=1/FAILURE)

Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.177617891 +0300] Error: betxnpostoperation plu...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.178379752 +0300] Error: object plugin Roles Pl...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.179162340 +0300] Error: preoperation plugin su...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.179993432 +0300] Error: object plugin USN is n...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.181305209 +0300] Error: object plugin Views is...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com ns-slapd[14893]:
[04/Jan/2017:12:54:46.182094981 +0300] Error: extendedop plugin whoa...arted
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]:
dirsrv at KW-EXAMPLE-COM.service: main process exited, code=exited,
status=1/FAILURE
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Failed to start 389
Directory Server KW-EXAMPLE-COM..
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]: Unit
dirsrv at KW-EXAMPLE-COM.service entered failed state.
Jan 04 12:54:46 zkwiparepa01.kw.example.com systemd[1]:
dirsrv at KW-EXAMPLE-COM.service failed.
Hint: Some lines were ellipsized, use -l to show in full.



Regards,
Ben


On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com>
wrote:

> On 01/04/2017 07:21 AM, Ben .T.George wrote:
>
>> HI
>>
>> while trying to create ipa replica, i am getting below error,
>>
>> Replica creation using 'ipa-replica-prepare' to generate replica file
>> is supported only in 0-level IPA domain.
>>
>> The current IPA domain level is 1 and thus the replica must
>> be created by promoting an existing IPA client.
>>
>> To set up a replica use the following procedure:
>>     1.) set up a client on the host using 'ipa-client-install'
>>     2.) promote the client to replica running 'ipa-replica-install'
>>         *without* replica file specified
>>
>> 'ipa-replica-prepare' is allowed only in domain level 0
>> The ipa-replica-prepare command failed.
>>
>>
>> i have IPA master server without AD integration and DNS is managed by
>> 3rd party appliances.
>>
>>
>>
>> Regards,
>> Ben
>>
>>
>>
> Hi Ben,
>
> If you installed IPA 4.4 server then domain level 1 is the default. This
> domain level uses different mechanism to stand up replicas. See the latest
> IdM documentation[1] for more details.
>
> [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
> rise_Linux/7/html/Linux_Domain_Identity_Authentication_and_
> Policy_Guide/creating-the-replica.html
>
> --
> Martin^3 Babinsky
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5e3d9a94/attachment.htm>

From jochen at jochen.org  Wed Jan  4 09:39:37 2017
From: jochen at jochen.org (Jochen Hein)
Date: Wed, 04 Jan 2017 10:39:37 +0100
Subject: [Freeipa-users] Debian: libpam-sss pam-configs update?
Message-ID: <8337gzxixy.fsf@echidna.jochen.org>


Hi,

I'm still working on my Debian systems to get local login to work with
OTP.

In /etc/pam.d/common-auth we have:
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_sss.so use_first_pass

On CentOS we have something more complicated in /etc/pam.d/system-auth:

auth        [default=1 success=ok] pam_localuser.so
auth        [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient    pam_sss.so forward_pass

I think we need something more elaborated for debian to replicate the
(good!) experience from CentOS when asking for "First/Second Factor".
The four lines from above work well, but how can we get that into
pam-auth-update? Any ideas how this could be packaged?

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.



From sbose at redhat.com  Wed Jan  4 10:58:19 2017
From: sbose at redhat.com (Sumit Bose)
Date: Wed, 4 Jan 2017 11:58:19 +0100
Subject: [Freeipa-users] Unspecified GSS failure. Minor code may provide
 more information KDC has no support for encryption type
In-Reply-To: <CACg_jAS0aCFRBK4gd91LDD-Nd8F8cYtrV8_SNMOih9YVtzZVVQ@mail.gmail.com>
References: <CACg_jAS0aCFRBK4gd91LDD-Nd8F8cYtrV8_SNMOih9YVtzZVVQ@mail.gmail.com>
Message-ID: <20170104105819.GC32220@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Mon, Jan 02, 2017 at 11:03:36PM +0530, tarak sinha wrote:
> Hi Team,
> 
> I am getting below error while trying to ssh my host without password.
> 
> Unspecified GSS failure. Minor code may provide more information KDC has no
> support for encryption type

Where do you see this error, on the client where you call ssh or in the
logs on the host you try to log in to? Are you using IPA user or do you
use trust and AD users from a trusted domain?

Do you see any related messages in the KDC logs?

bye,
Sumit

> 
> Thanks in advance
> 
> *Thanks,*
> 
> *Tarak Nath Sinha*

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From taraksinha09 at gmail.com  Wed Jan  4 11:05:26 2017
From: taraksinha09 at gmail.com (tarak sinha)
Date: Wed, 4 Jan 2017 16:35:26 +0530
Subject: [Freeipa-users] replication failing
Message-ID: <CACg_jAS6tDuOSLzZXLtRZ8AdjP1Bh-CGccfg=Dcu9x0-3OrS4g@mail.gmail.com>

Hi All,

I have repliation issue on my Freeipa server and getting below error.
Please give me any advised to fix this issue.

NSMMReplicationPlugin - process_postop: Failed to apply update
(53103a520001006b0000) error (-1).  Aborting replication session(conn=1315
op=6)
[04/Jan/2017:03:03:09 -0800] NSMMReplicationPlugin - process_postop: Failed
to apply update (52f86af9000100540000) error (-1).  Aborting replication
session(conn=1320 op=6)
^C

>From Second host:-

NSMMReplicationPlugin - agmt="cn=meToauth2.qai.expertcity.com" (auth2:389):
Failed to send update operation to consumer (uniqueid
1f601f35-1ac811e1-9fdabec4-908cc93a, CSN 5313ea19000200540000): Can't
contact LDAP server. Will retry later.
[04/Jan/2017:03:04:49 -0800] NSMMReplicationPlugin - agmt="cn=
meToauth2.qai.expertcity.com" (auth2:389): Consumer failed to replay change
(uniqueid a4463b24-1abe11e1-9fdabec4-908cc93a, CSN 52faf89d000200540000):
Can't contact LDAP server(-1). Will retry later.
[04/Jan/2017:03:04:49 -0800] NSMMReplicationPlugin - agmt="cn=
meToauth2.qai.expertcity.com" (auth2:389): Warning: unable to send
endReplication extended operation (Can't contact LDAP server)
[04/Jan/2017:03:04:50 -0800] NSMMReplicationPlugin - process_postop: Failed
to apply update (52f14cde0000006b0000) error (-1).  Aborting replication
session(conn=1772 op=6)


-- 

*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/db9a3e6d/attachment.htm>

From pvoborni at redhat.com  Wed Jan  4 11:05:37 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Wed, 4 Jan 2017 12:05:37 +0100
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
Message-ID: <fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>

On 01/04/2017 10:59 AM, Ben .T.George wrote:
> HI
> 
> i tried the method mentioned on that document and it end up with below error. My 
> DNS is managed by external box and i dont want to create any DNS record on these 
> servers.
> 
> and the command which i tried is(non client server)
> 
> ipa-replica-install --principal admin --admin-password P at ssw0rd --domain 
> kw.example.com <http://kw.example.com> --server zkwipamstr01.kw.example.com 
> <http://zkwipamstr01.kw.example.com>
> 
> 
> 
> ipa         : CRITICAL Failed to restart the directory server (Command 
> '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero exit 
> status 1). See the installation log for details.
>    [29/44]: setting up initial replication
>    [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111] Connection 
> refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The 
> ipa-replica-install command failed. See /var/log/ipareplica-install.log for more 
> information

This looks like bug https://fedorahosted.org/freeipa/ticket/6575

To verify that, could you check if master server internally listens on
port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
near  step 27.

Usual fix is to add following line to /etc/hosts
  ::1         localhost localhost.localdomain localhost6
localhost6.localdomain6


> [root at zkwiparepa01 ~]# /bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service
> Job for dirsrv at KW-EXAMPLE-COM.service failed because the control process exited 
> with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service" and 
> "journalctl -xe" for details.
> 
> [root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
> ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
>     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled; vendor 
> preset: disabled)
>     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46 AST; 13s ago
>    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i 
> /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
>    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl 
> /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
>   Main PID: 14893 (code=exited, status=1/FAILURE)
> 
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error: 
> betxnpostoperation plu...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object plugin 
> Roles Pl...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error: preoperation 
> plugin su...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object plugin USN 
> is n...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object plugin 
> Views is...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error: extendedop plugin 
> whoa...arted
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited, code=exited, 
> status=1/FAILURE
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
> Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com> 
> systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> Hint: Some lines were ellipsized, use -l to show in full.
> 
> 
> 
> Regards,
> Ben
> 
> 
> On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com 
> <mailto:mbabinsk at redhat.com>> wrote:
> 
>     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> 
>         HI
> 
>         while trying to create ipa replica, i am getting below error,
> 
>         Replica creation using 'ipa-replica-prepare' to generate replica file
>         is supported only in 0-level IPA domain.
> 
>         The current IPA domain level is 1 and thus the replica must
>         be created by promoting an existing IPA client.
> 
>         To set up a replica use the following procedure:
>              1.) set up a client on the host using 'ipa-client-install'
>              2.) promote the client to replica running 'ipa-replica-install'
>                  *without* replica file specified
> 
>         'ipa-replica-prepare' is allowed only in domain level 0
>         The ipa-replica-prepare command failed.
> 
> 
>         i have IPA master server without AD integration and DNS is managed by
>         3rd party appliances.
> 
> 
> 
>         Regards,
>         Ben
> 
> 
> 
>     Hi Ben,
> 
>     If you installed IPA 4.4 server then domain level 1 is the default. This
>     domain level uses different mechanism to stand up replicas. See the latest
>     IdM documentation[1] for more details.
> 
>     [1]
>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html
>     <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html>
> 
>     -- 
>     Martin^3 Babinsky
> 
>     -- 
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
> 
> 
> 
> 


-- 
Petr Vobornik



From mbasti at redhat.com  Wed Jan  4 11:28:50 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 4 Jan 2017 12:28:50 +0100
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
	<09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
Message-ID: <a6505a1c-1a29-d6db-9187-d2a8051bf332@redhat.com>

Probably entries already exists

for example for ipaserversdo you have following entry 
cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local  on the replica?

Martin


On 03.01.2017 18:20, Dan.Finkelstein at high5games.com wrote:
>
> Also, after attempting to rename one of the duplicated attributes, I 
> get this in the error logs:
>
> 03/Jan/2017:17:19:30.605440097 +0000] retrocl-plugin - retrocl_postob: 
> operation failure [68]
>
> [03/Jan/2017:17:19:32.056965127 +0000] DSRetroclPlugin - replog: an 
> error occured while adding change number 4799286, dn = 
> changenumber=4799286,cn=changelog: Already exists.
>
> [03/Jan/2017:17:19:32.058077520 +0000] retrocl-plugin - 
> retrocl_postob: operation failure [68]
>
> [03/Jan/2017:17:19:32.297145459 +0000] DSRetroclPlugin - replog: an 
> error occured while adding change number 4799286, dn = 
> changenumber=4799286,cn=changelog: Already exists.
>
> [03/Jan/2017:17:19:32.298205569 +0000] retrocl-plugin - 
> retrocl_postob: operation failure [68]
>
> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
> *From: *<freeipa-users-bounces at redhat.com> on behalf of Dan 
> Finkelstein <Dan.Finkelstein at high5games.com>
> *Date: *Tuesday, January 3, 2017 at 11:08
> *To: *"mbasti at redhat.com" <mbasti at redhat.com>, 
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
> apparent data damage
>
> I've read through that page before, just last week, but I confess it's 
> gone over my head. Could you give me an example of how to fix /one/ of 
> the conflicts below? I think when I see how it's done, I can do the rest.
>
> Thanks,
>
> Dan
>
> <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
> *From: *Martin Basti <mbasti at redhat.com>
> *Date: *Tuesday, January 3, 2017 at 09:07
> *To: *Dan Finkelstein <Dan.Finkelstein at high5games.com>, 
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
> apparent data damage
>
> Here is a directory server documentation about replication conflicts 
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
> I hope it will help
>
> Martin
>
> On 03.01.2017 14:20, Dan.Finkelstein at high5games.com 
> <mailto:Dan.Finkelstein at high5games.com> wrote:
>
>     I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have
>     been cleaning up various dangling replicas and other cruft, but
>     when I run the ipa consistency checker, it produces output that
>     LDAP has conflicts. I then run:
>
>     ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local"
>     "nsds5ReplConflict=*" \* nsds5ReplConflict
>
>     Which produces output as follows (which I don't know what to do
>     with, yet):
>
>     # extended LDIF
>
>     #
>
>     # LDAPv3
>
>     # base <dc=test,dc=local> with scope subtree
>
>     # filter: nsds5ReplConflict=*
>
>     # requesting: * nsds5ReplConflict
>
>     #
>
>     # ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups,
>     accounts, test.l
>
>     ocal
>
>     dn:
>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
>
>     ,cn=accounts,dc=test,dc=local
>
>     memberOf: cn=Replication
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Add Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Modify Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Remove Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=h5
>
>     c,dc=local
>
>     memberOf: cn=Modify PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     memberOf: cn=Read LDBM Database
>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>
>     =local
>
>     memberOf: cn=Add Configuration
>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
>     l
>
>     memberOf:
>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
>
>     n=alt,dc=test,dc=local
>
>     member:
>     fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
>     cal
>
>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: ipahostgroup
>
>     objectClass: ipaobject
>
>     objectClass: groupOfNames
>
>     objectClass: nestedGroup
>
>     objectClass: mepOriginEntry
>
>     description: IPA server hosts
>
>     cn: ipaservers
>
>     ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
>     5c,dc=local
>
>     # ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt,
>     test.local
>
>     dn:
>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
>
>     dc=test,dc=local
>
>     memberHost:
>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
>
>     stgroups,cn=accounts,dc=test,dc=local
>
>     objectClass: ipanisnetgroup
>
>     objectClass: ipaobject
>
>     objectClass: mepManagedEntry
>
>     objectClass: ipaAssociation
>
>     objectClass: top
>
>     nisDomainName: test.local
>
>     cn: ipaservers
>
>     description: ipaNetgroup ipaservers
>
>     mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
>     ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     # domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa,
>     etc, test.local
>
>     dn:
>     cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
>
>     a,cn=etc,dc=test,dc=local
>
>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>     internalModifiersName in
>
>     ternalModifyTimestamp
>
>     ipaReplTopoConfRoot: dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>     entryusn krblasts
>
>     uccessfulauth krblastfailedauth krbloginfailedcount
>
>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>     idnssoaserial
>
>       entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
>     cn: domain
>
>     nsds5ReplConflict: namingConflict
>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
>
>     dn:
>     cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
>
>     dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: locations
>
>     nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Add IPA Locations";allow (add) groupdn =
>     "ldap:///cn=System <ldap://cn=System>: Ad
>
>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "description")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Modify IPA
>     Locations";allow (write)
>
>       groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>     Locations,cn=permissions,cn=pbac,dc
>
>     =test,dc=local";)
>
>     aci: (targetattr = "createtimestamp || description || entryusn ||
>     idnsname ||
>
>      modifytimestamp || objectclass")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Read IPA
>     Locations";allow (compare,
>
>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>: Read
>     IPA Locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>     "ldap:///cn=Syst <ldap://cn=Syst>
>
>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     # cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
>
>     dn:
>     cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
>
>     l
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: cas
>
>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>
>     pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Delete CA,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || description")(targetfilter =
>     "(objectclass=ipaca)")(
>
>     version 3.0;acl "permission:System: Modify CA";allow (write)
>     groupdn = "ldap:
>
>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || createtimestamp || description ||
>     entryusn || ipacai
>
>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>     objectclass")(targ
>
>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System: Read CA
>
>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>
>     # custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
>
>     dn:
>     cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
>
>     c=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: custodia
>
>     nsds5ReplConflict: namingConflict
>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
>     # dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia +
>     9865b2e2-c9a411e6-a9
>
>     37f721-75eb0f97, ipa, etc, test.local
>
>     dn:
>     cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
>
>     queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: dogtag
>
>     nsds5ReplConflict: namingConflict
>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc,
>     test.local
>
>     dn:
>     cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
>
>     =etc,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     cn: ca
>
>     ipaReplTopoConfRoot: o=ipaca
>
>     nsds5ReplConflict: namingConflict
>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
>     cal
>
>     # System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, test.
>
>     local
>
>     dn: cn=System: Add
>     CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add
>     ca,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     # System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Delete
>     CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Delete CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: delete
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Modify
>     CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h5
>
>     c.local
>
>     dn: cn=System: Read
>     CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: all
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read CAs
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: ipacaissuerdn
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipacasubjectdn
>
>     ipaPermDefaultAttr: ipacaid
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read
>     cas,cn=permissions,cn=pbac,d
>
>     c=test,dc=local
>
>     # System: Modify DNS Servers Configuration +
>     9865b2fe-c9a411e6-a937f721-75eb0f9
>
>     7, permissions, pbac, test.local
>
>     dn: cn=System: Modify DNS Servers
>     Configuration+nsuniqueid=9865b2fe-c9a411e6-a
>
>     937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>     configuration,
>
>     cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read DNS Servers Configuration +
>     9865b302-c9a411e6-a937f721-75eb0f97,
>
>     permissions, pbac, test.local
>
>     dn: cn=System: Read DNS Servers
>     Configuration+nsuniqueid=9865b302-c9a411e6-a93
>
>     7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermDefaultAttr: idnsserverid
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>     configuration,cn
>
>     =permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Host Principals +
>     9865b329-c9a411e6-a937f721-75eb0f97, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage Host
>     Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
>
>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipahost)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Host Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage host
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97,
>     permissions,
>
>       pbac, test.local
>
>     dn: cn=System: Add IPA
>     Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
>
>     7,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add ipa
>     locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local
>
>     # System: Modify IPA Locations +
>     9865b343-c9a411e6-a937f721-75eb0f97, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Modify IPA
>     Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
>
>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read IPA Locations +
>     9865b347-c9a411e6-a937f721-75eb0f97, permissions
>
>     , pbac, test.local
>
>     dn: cn=System: Read IPA
>     Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
>
>     97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: idnsname
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read ipa
>     locations,cn=permissions
>
>     ,cn=pbac,dc=test,dc=local
>
>     # System: Remove IPA Locations +
>     9865b34b-c9a411e6-a937f721-75eb0f97, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Remove IPA
>     Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
>
>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Remove IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read Locations of IPA Servers +
>     9865b34f-c9a411e6-a937f721-75eb0f97,
>
>      permissions, pbac, test.local
>
>     dn: cn=System: Read Locations of IPA
>     Servers+nsuniqueid=9865b34f-c9a411e6-a937
>
>     f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Locations of IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaserviceweight
>
>     ipaPermDefaultAttr: ipalocation
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read locations of ipa
>     servers,cn=
>
>     permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read Status of Services on IPA Servers +
>     9865b353-c9a411e6-a937f721-7
>
>     5eb0f97, permissions, pbac, test.local
>
>     dn: cn=System: Read Status of Services on IPA
>     Servers+nsuniqueid=9865b353-c9a4
>
>     11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Status of Services on IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaconfigstring
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read status of
>     services on ipa se
>
>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Service Principals +
>     9865b357-c9a411e6-a937f721-75eb0f97, perm
>
>     issions, pbac, test.local
>
>     dn: cn=System: Manage Service
>     Principals+nsuniqueid=9865b357-c9a411e6-a937f721
>
>     -75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaservice)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Service Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Service
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage service
>     principals,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     # System: Manage User Principals +
>     9865b364-c9a411e6-a937f721-75eb0f97, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage User
>     Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
>
>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=posixaccount)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage User Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Modify Users and Reset
>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage user
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
>
>     dn:
>     cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
>
>     =local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: servers
>
>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
>     # ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas +
>     9865b2b1-c9a411e6-a937f721-7
>
>     5eb0f97, ca, test.local
>
>     dn:
>     cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
>
>     65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
>
>     description: IPA CA
>
>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     objectClass: top
>
>     objectClass: ipaca
>
>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
>     cn: ipa
>
>     nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
>     # ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups,
>     accounts, test.l
>
>     ocal
>
>     dn:
>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
>
>     ,cn=accounts,dc=test,dc=local
>
>     memberOf: cn=Replication
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Add Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Modify Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Remove Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=h5
>
>     c,dc=local
>
>     memberOf: cn=Modify PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     memberOf: cn=Read LDBM Database
>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>
>     =local
>
>     memberOf: cn=Add Configuration
>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
>     l
>
>     memberOf:
>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
>
>     n=alt,dc=test,dc=local
>
>     member:
>     fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
>     cal
>
>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: ipahostgroup
>
>     objectClass: ipaobject
>
>     objectClass: groupOfNames
>
>     objectClass: nestedGroup
>
>     objectClass: mepOriginEntry
>
>     description: IPA server hosts
>
>     cn: ipaservers
>
>     ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
>     5c,dc=local
>
>     # ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt,
>     test.local
>
>     dn:
>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
>
>     dc=test,dc=local
>
>     memberHost:
>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
>
>     stgroups,cn=accounts,dc=test,dc=local
>
>     objectClass: ipanisnetgroup
>
>     objectClass: ipaobject
>
>     objectClass: mepManagedEntry
>
>     objectClass: ipaAssociation
>
>     objectClass: top
>
>     nisDomainName: test.local
>
>     cn: ipaservers
>
>     description: ipaNetgroup ipaservers
>
>     mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
>     ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     # domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa,
>     etc, test.local
>
>     dn:
>     cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
>
>     a,cn=etc,dc=test,dc=local
>
>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>     internalModifiersName in
>
>     ternalModifyTimestamp
>
>     ipaReplTopoConfRoot: dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>     entryusn krblasts
>
>     uccessfulauth krblastfailedauth krbloginfailedcount
>
>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>     idnssoaserial
>
>       entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
>     cn: domain
>
>     nsds5ReplConflict: namingConflict
>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
>
>     dn:
>     cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
>
>     dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: locations
>
>     nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Add IPA Locations";allow (add) groupdn =
>     "ldap:///cn=System <ldap://cn=System>: Ad
>
>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "description")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Modify IPA
>     Locations";allow (write)
>
>       groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>     Locations,cn=permissions,cn=pbac,dc
>
>     =test,dc=local";)
>
>     aci: (targetattr = "createtimestamp || description || entryusn ||
>     idnsname ||
>
>      modifytimestamp || objectclass")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Read IPA
>     Locations";allow (compare,
>
>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>: Read
>     IPA Locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>     "ldap:///cn=Syst <ldap://cn=Syst>
>
>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     # cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
>
>     dn:
>     cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
>
>     l
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: cas
>
>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>
>     pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Delete CA,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || description")(targetfilter =
>     "(objectclass=ipaca)")(
>
>     version 3.0;acl "permission:System: Modify CA";allow (write)
>     groupdn = "ldap:
>
>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || createtimestamp || description ||
>     entryusn || ipacai
>
>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>     objectclass")(targ
>
>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System: Read CA
>
>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>
>     # custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
>
>     dn:
>     cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
>
>     c=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: custodia
>
>     nsds5ReplConflict: namingConflict
>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
>     # dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia +
>     6f47223b-c9a811e6-94
>
>     3e8d1c-0faa636d, ipa, etc, test.local
>
>     dn:
>     cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
>
>     queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: dogtag
>
>     nsds5ReplConflict: namingConflict
>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc,
>     test.local
>
>     dn:
>     cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
>
>     =etc,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     cn: ca
>
>     ipaReplTopoConfRoot: o=ipaca
>
>     nsds5ReplConflict: namingConflict
>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
>     cal
>
>     # System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, test.
>
>     local
>
>     dn: cn=System: Add
>     CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add
>     ca,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     # System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Delete
>     CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Delete CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: delete
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Modify
>     CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h5
>
>     c.local
>
>     dn: cn=System: Read
>     CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: all
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read CAs
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: ipacaissuerdn
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipacasubjectdn
>
>     ipaPermDefaultAttr: ipacaid
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read
>     cas,cn=permissions,cn=pbac,d
>
>     c=test,dc=local
>
>     # System: Modify DNS Servers Configuration +
>     6f472257-c9a811e6-943e8d1c-0faa636
>
>     d, permissions, pbac, test.local
>
>     dn: cn=System: Modify DNS Servers
>     Configuration+nsuniqueid=6f472257-c9a811e6-9
>
>     43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>     configuration,
>
>     cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read DNS Servers Configuration +
>     6f47225b-c9a811e6-943e8d1c-0faa636d,
>
>     permissions, pbac, test.local
>
>     dn: cn=System: Read DNS Servers
>     Configuration+nsuniqueid=6f47225b-c9a811e6-943
>
>     e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermDefaultAttr: idnsserverid
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>     configuration,cn
>
>     =permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Host Principals +
>     6f472282-c9a811e6-943e8d1c-0faa636d, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage Host
>     Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
>
>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipahost)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Host Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage host
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d,
>     permissions,
>
>       pbac, test.local
>
>     dn: cn=System: Add IPA
>     Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
>
>     d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add ipa
>     locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local
>
>     # System: Modify IPA Locations +
>     6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Modify IPA
>     Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
>
>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read IPA Locations +
>     6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
>
>     , pbac, test.local
>
>     dn: cn=System: Read IPA
>     Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
>
>     6d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: idnsname
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read ipa
>     locations,cn=permissions
>
>     ,cn=pbac,dc=test,dc=local
>
>     # System: Remove IPA Locations +
>     6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Remove IPA
>     Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
>
>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Remove IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read Locations of IPA Servers +
>     6f4722a8-c9a811e6-943e8d1c-0faa636d,
>
>      permissions, pbac, test.local
>
>     dn: cn=System: Read Locations of IPA
>     Servers+nsuniqueid=6f4722a8-c9a811e6-943e
>
>     8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Locations of IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaserviceweight
>
>     ipaPermDefaultAttr: ipalocation
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read locations of ipa
>     servers,cn=
>
>     permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read Status of Services on IPA Servers +
>     6f4722ac-c9a811e6-943e8d1c-0
>
>     faa636d, permissions, pbac, test.local
>
>     dn: cn=System: Read Status of Services on IPA
>     Servers+nsuniqueid=6f4722ac-c9a8
>
>     11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Status of Services on IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaconfigstring
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read status of
>     services on ipa se
>
>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Service Principals +
>     6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
>
>     issions, pbac, test.local
>
>     dn: cn=System: Manage Service
>     Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
>
>     -0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaservice)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Service Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Service
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage service
>     principals,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     # System: Manage User Principals +
>     6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage User
>     Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
>
>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=posixaccount)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage User Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Modify Users and Reset
>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage user
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
>
>     dn:
>     cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
>
>     =local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: servers
>
>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
>     # ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas +
>     6f47220a-c9a811e6-943e8d1c-0
>
>     faa636d, ca, test.local
>
>     dn:
>     cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
>
>     47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
>
>     description: IPA CA
>
>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     objectClass: top
>
>     objectClass: ipaca
>
>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
>     cn: ipa
>
>     nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
>     # search result
>
>     search: 2
>
>     result: 0 Success
>
>     # numResponses: 51
>
>     # numEntries: 50
>
>     <http://www.high5games.com/>
>
>     *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
>     _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ |
>     212.604.3447
>
>     One World Trade Center, New York, NY 10007
>
>     www.high5games.com <http://www.high5games.com/>
>
>     Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and
>     Shake the Sky <https://apps.facebook.com/shakethesky/>
>
>     Follow us on: Facebook <http://www.facebook.com/high5games>,
>     Twitter <https://twitter.com/High5Games>, YouTube
>     <http://www.youtube.com/High5Games>, Linkedin
>     <http://www.linkedin.com/company/1072533?trk=tyah>
>
>     //
>
>     /This message and any attachments may contain confidential or
>     privileged information and are only for the use of the intended
>     recipient of this message. If you are not the intended recipient,
>     please notify the sender by return email, and delete or destroy
>     this and all copies of this message and all attachments. Any
>     unauthorized disclosure, use, distribution, or reproduction of
>     this message or any attachments is prohibited and may be unlawful./
>
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/cd38e4fa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/cd38e4fa/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4335 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/cd38e4fa/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4336 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/cd38e4fa/attachment-0002.jpe>

From christophe.trefois at uni.lu  Wed Jan  4 11:41:53 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Wed, 4 Jan 2017 11:41:53 +0000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
Message-ID: <2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>

Hi Fraser,

We encountered the same issue. We exported the certificate from a "good"
replica, using certutil.
We then used certutil -A -n ipaCert -d /etc/httpd/alias/ -i
/opt/sysadmin/cacert.crt -a -t CT,C on the bad server and then restarted
ipa, and certmonger.

Now, the certificate is correct both using the certutil command and the
getcert list -n ipaCert command.

However, we see an "ca-error: Invalid cookie: ''  "  in the output of
getcert list -n ipaCert.

Did we import the certificate correctly and should we worry about this
ca-error?
It seems replication is going fine, and also ipa-server-upgrade completes
successfully when run manually (whereas it failed previously from the same
error as in this thread)

Thanks for any pointers on how to clean the issue up properly,
Kind regards,

Christophe

> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Fraser Tweedale
> Sent: lundi 19 d?cembre 2016 00:11
> To: Christopher Young <mexigabacho at gmail.com>
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Replica issue / Certificate Authority
> 
> On Fri, Dec 16, 2016 at 05:29:18PM -0500, Rob Crittenden wrote:
> > Christopher Young wrote:
> > > Ok.  I think I have a 'hint' here, but I could use some help getting
this fixed.
> > >
> > > Comparing the two IPA servers, I found the following (modified SOME
> > > of the output myself):
> >
> > You're right about the ipaCert. I'd export the renewed cert from your
> > working server using the same certutil command, just direct it to a
> > file instead. Then import it into the non-working server and restart
> > the httpd service. That should do it.
> >
> I agree that this should fix it.
> 
> You could also try running `ipa-certupdate' as root, if the correct
certificate is
> to be found in cn=certificates,cn=ipa,cn=etc,{basedn}
> 
> Once everything is working again, you should check:
> 
> 1. renewal master configuration is correct
> 
> 2. certmonger tracking requests for the IPA RA cert are correct on
>    both servers
> 
> 3. the correct certificate is in
>    cn=certificates,cn=ipa,cn=etc,{basedn}
> 
> Thanks,
> Fraser
> 
> > Or you can try restarting certmonger on the non-working server to see
> > if
> >
> > that triggers it to pull in the updated cert. Theoretically this
> > should do it as well but given potential past replication problems it
> > is possible the entry doesn't exist.
> >
> > getcert list -n ipaCert on each will show some basic information. The
> > important thing is to see if there is some root cause that will make
> > this blow up again at renewal time.
> >
> > rob
> >
> > >
> > > on 'ipa02' (the 'good' one):
> > > -----
> > > ipa cert-show 1
> > >   Issuing CA: ipa
> > >   Certificate: <<<proper cert data here>>>
> > >   Subject: CN=Certificate Authority,O=xxxx.LOCAL
> > >   Issuer: CN=Certificate Authority,O=xxxx.LOCAL
> > >   Not Before: Thu Jan 01 06:23:38 2015 UTC
> > >   Not After: Mon Jan 01 06:23:38 2035 UTC
> > >   Fingerprint (MD5): a6:aa:88:d4:66:e2:70:c1:e3:8c:37:0b:f3:eb:19:7d
> > >   Fingerprint (SHA1):
> > > 11:c2:5a:58:bc:77:55:37:39:9b:13:b1:1a:a2:02:50:be:2e:a0:7f
> > >   Serial number: 1
> > >   Serial number (hex): 0x1
> > >   Revoked: False
> > > ------
> > >
> > >
> > > on 'ipa01'
> > > -----
> > > ipa cert-show 1
> > > ipa: ERROR: Certificate operation cannot be completed: EXCEPTION
> > > (Invalid Credential.)
> > > -----
> > >
> > > Thinking about this, I decided to just start checking for
> > > inconsistencies and I noticed the following:
> > >
> > > ipa02:
> > > -----------
> > > [root at ipa02 ~]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
> > > openssl x509 -text  | head
> > > Certificate:
> > >     Data:
> > >         Version: 3 (0x2)
> > >         Serial Number: 268304413 (0xffe001d)
> > >     Signature Algorithm: sha256WithRSAEncryption
> > >         Issuer: O=xxxxx.LOCAL, CN=Certificate Authority
> > >         Validity
> > >             Not Before: Nov 23 18:19:31 2016 GMT
> > >             Not After : Nov 13 18:19:31 2018 GMT
> > >         Subject: O=xxxxx.LOCAL, CN=IPA RA
> > >
> > > ----------
> > > ipa01:
> > > ----------
> > > [root at ipa01 tmp]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
> > > openssl x509 -text  | head
> > > Certificate:
> > >     Data:
> > >         Version: 3 (0x2)
> > >         Serial Number: 7 (0x7)
> > >     Signature Algorithm: sha256WithRSAEncryption
> > >         Issuer: O=xxxx.LOCAL, CN=Certificate Authority
> > >         Validity
> > >             Not Before: Jan  1 06:24:23 2015 GMT
> > >             Not After : Dec 21 06:24:23 2016 GMT
> > >         Subject: O=xxxx.LOCAL, CN=IPA RA
> > >
> > > ----------
> > >
> > > So, it looks like somewhere in the process, the certificate got
> > > renewed but not updated on 'ipa01'?  I apologize as I'm trying to
> > > understand this.  I believe that my end goal is probably still the
> > > same (verify replication and get things working properly on the
> > > 'ipa01' system.
> > >
> > > Any help is very much appreciated!
> > >
> > > -- Chris
> > >
> > >
> > > On Fri, Dec 16, 2016 at 3:35 PM, Christopher Young
> > > <mexigabacho at gmail.com> wrote:
> > >> I'm hoping to provide enough information to get some help to a very
> > >> important issue that I'm currently having.
> > >>
> > >> I have two IPA servers at a single location that recently had a
> > >> replication issue that I eventually resolved by reinitializing one
> > >> of the masters/replicas with one that seemed to be the most 'good'.
> > >>
> > >> In any case, somewhere in this process, the new IPA 4.4 was release
> > >> with/for CentOS 7.3.
> > >>
> > >> At this moment, regular replication seems to be working properly
> > >> (in that I don't have any obvious issues and web interfaces on both
> > >> systems seem to be consistent for updates EXCEPT when it comes to
> > >> the certificates).
> > >>
> > >> Before I get to the errors, here is the output of some of the
> > >> commands that I would expect anyone would need:
> > >>
> > >> ----------
> > >> [root at ipa01 ~]# ipa-replica-manage list
> > >> ipa01.passur.local: master
> > >> ipa02.passur.local: master
> > >> -----
> > >> [root at ipa01 ~]# ipa-replica-manage list -v ipa01.passur.local
> > >> ipa02.passur.local: replica
> > >>   last init status: None
> > >>   last init ended: 1970-01-01 00:00:00+00:00
> > >>   last update status: Error (0) Replica acquired successfully:
> > >> Incremental update succeeded
> > >>   last update ended: 2016-12-16 20:25:40+00:00
> > >> -----
> > >> [root at ipa01 ~]# ipa-replica-manage list -v ipa02.passur.local
> > >> ipa01.passur.local: replica
> > >>   last init status: None
> > >>   last init ended: 1970-01-01 00:00:00+00:00
> > >>   last update status: Error (0) Replica acquired successfully:
> > >> Incremental update succeeded
> > >>   last update ended: 2016-12-16 20:25:40+00:00
> > >> -----
> > >> [root at ipa01 ~]# ipa-replica-manage list-ruv Replica Update Vectors:
> > >>         ipa01.passur.local:389: 4
> > >>         ipa02.passur.local:389: 6
> > >> Certificate Server Replica Update Vectors:
> > >>         ipa02.passur.local:389: 97
> > >>         ipa01.passur.local:389: 96
> > >> ----------
> > >>
> > >>
> > >> After the yum updates were applied to each system, I noticed that the
> > >> results of 'ipa-server-upgrade' were quite different.  The 'ipa02'
> > >> system went through without errors (this was also the system I used
to
> > >> reinitialize the other when I had a replication issue recently).
> > >>
> > >>
> > >>
> > >> On 'ipa01', I have following at the end of the 'ipaupgrade.log' file:
> > >> ----------
> > >> 2016-12-14T18:09:26Z ERROR IPA server upgrade failed: Inspect
> > >> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
> > >> 2016-12-14T18:09:26Z DEBUG   File
> > >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
> > >> in execute
> > >>     return_value = self.run()
> > >>   File "/usr/lib/python2.7/site-
> packages/ipaserver/install/ipa_server_upgrade.py",
> > >> line 46, in run
> > >>     server.upgrade()
> > >>   File "/usr/lib/python2.7/site-
> packages/ipaserver/install/server/upgrade.py",
> > >> line 1863, in upgrade
> > >>     upgrade_configuration()
> > >>   File "/usr/lib/python2.7/site-
> packages/ipaserver/install/server/upgrade.py",
> > >> line 1785, in upgrade_configuration
> > >>     ca_enable_ldap_profile_subsystem(ca)
> > >>   File "/usr/lib/python2.7/site-
> packages/ipaserver/install/server/upgrade.py",
> > >> line 336, in ca_enable_ldap_profile_subsystem
> > >>     cainstance.migrate_profiles_to_ldap()
> > >>   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
> > >> line 1984, in migrate_profiles_to_ldap
> > >>     _create_dogtag_profile(profile_id, profile_data, overwrite=False)
> > >>   File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
> > >> line 1990, in _create_dogtag_profile
> > >>     with api.Backend.ra_certprofile as profile_api:
> > >>   File
"/usr/lib/python2.7/site-packages/ipaserver/plugins/dogtag.py",
> > >> line 2060, in __enter__
> > >>     raise errors.RemoteRetrieveError(reason=_('Failed to authenticate
> > >> to CA REST API'))
> > >>
> > >> 2016-12-14T18:09:26Z DEBUG The ipa-server-upgrade command failed,
> > >> exception: RemoteRetrieveError: Failed to authenticate to CA REST API
> > >> 2016-12-14T18:09:26Z ERROR Unexpected error - see
> > >> /var/log/ipaupgrade.log for details:
> > >> RemoteRetrieveError: Failed to authenticate to CA REST API
> > >> 2016-12-14T18:09:26Z ERROR The ipa-server-upgrade command failed.
> See
> > >> /var/log/ipaupgrade.log for more information
> > >> ----------
> > >>
> > >>
> > >> In addition, when I go to the IPA web interface on the 'ipa01'
system,
> > >> I get the following when I try to view any of the certificates:
> > >> ----------
> > >> IPA Error 4301: CertificateOperationError
> > >>
> > >> Certificate operation cannot be completed: EXCEPTION (Invalid
> Credential.)
> > >> ----------
> > >>
> > >>
> > >> I was wondering if there was a method for taking all the CA
> > >> details/tree/what have you from my 'ipa02' system and using it to
> > >> repopulate the 'ipa01'.   Since everything else seems to be working
> > >> correctly after a reinitialize on 'ipa01', I thought this would be
the
> > >> safest way, but I'm opening any solutions as I need to get this fixed
> > >> ASAP.
> > >>
> > >> Please let me know any additional details that may help OR if there
is
> > >> a procedure that I could use to quickly and easily recreate 'ipa01'
> > >> WITH the certificate authority properly working on both.  I may need
> > >> some educate there.
> > >>
> > >>
> > >> Thanks!
> > >>
> > >> -- Chris
> > >
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4614 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/1644d1c9/attachment.p7s>

From sbose at redhat.com  Wed Jan  4 11:50:57 2017
From: sbose at redhat.com (Sumit Bose)
Date: Wed, 4 Jan 2017 12:50:57 +0100
Subject: [Freeipa-users] Debian: libpam-sss pam-configs update?
In-Reply-To: <8337gzxixy.fsf@echidna.jochen.org>
References: <8337gzxixy.fsf@echidna.jochen.org>
Message-ID: <20170104115057.GD32220@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Wed, Jan 04, 2017 at 10:39:37AM +0100, Jochen Hein wrote:
> 
> Hi,
> 
> I'm still working on my Debian systems to get local login to work with
> OTP.
> 
> In /etc/pam.d/common-auth we have:
> auth    [success=2 default=ignore]      pam_unix.so nullok_secure
> auth    [success=1 default=ignore]      pam_sss.so use_first_pass
> 
> On CentOS we have something more complicated in /etc/pam.d/system-auth:
> 
> auth        [default=1 success=ok] pam_localuser.so
> auth        [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
> auth        sufficient    pam_sss.so forward_pass
> 
> I think we need something more elaborated for debian to replicate the
> (good!) experience from CentOS when asking for "First/Second Factor".
> The four lines from above work well, but how can we get that into
> pam-auth-update? Any ideas how this could be packaged?

The 

    auth        [default=1 success=ok] pam_localuser.so

line was added in CentOS/RHEL to make sure that the PAM conversation is
run by pam_sss for users managed by SSSD and not by pam_unix because
pam_unix can only ask for a password. It would have been possible to
call pam_sss first but it was considered safer to have pam_unix first to
make sure root login will always handled by pam_unix.

It has to be noted that pam_sss currently is a bit special when a
modules called earlier, e.g. pam_unix, put a password on the PAM stack.
Only if use_first_pass is used pam_sss will use the password on the
stack but also will never prompt on its own. If use_first_pass is not
used pam_sss will always prompt on its own and never check if there is
already a password in the stack. This behaviour was there since the very
first versions of pam_sss because we didn't wanted to copy the
try_first_pass behaviour of other PAM modules because this try-and-error
scheme might easily wrong password counters and lock accounts. So we
assumed that pam_sss is either the first module or will get the password
from other modules. This is why there is the 'default=die' option in the
pam_unix line for CentOS. But it turns out that there are valid use
cases where pam_sss should handle the prompting for SSSD users but
should accept a password on the PAM stack as well.

We plan to fix this with https://fedorahosted.org/sssd/ticket/2984 so
that pam_sss will check for a password on the PAM stack even if
use_first_pass is not set. But if there is one pam_sss will only use
this and will not prompt for other credentials is password
authentication fails. So the pam_localuser line will still be needed to
make sure users handled by SSSD will be prompted by pam_sss exclusively.

HTH

bye,
Sumit

> 
> Jochen
> 
> -- 
> The only problem with troubleshooting is that the trouble shoots back.
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From bentech4you at gmail.com  Wed Jan  4 12:12:12 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Wed, 4 Jan 2017 15:12:12 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
Message-ID: <CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>

HI

port 8009 is not listening in master server

and i added ::1         localhost localhost.localdomain localhost6
localhost6.localdomain6 in hosts file.

still getting same error

 [28/44]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
exit status 1). See the installation log for details.
  [29/44]: setting up initial replication
  [error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information


Also  ipv6 is disabled on both nodes

Regards,
Ben

On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <pvoborni at redhat.com> wrote:

> On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > HI
> >
> > i tried the method mentioned on that document and it end up with below
> error. My
> > DNS is managed by external box and i dont want to create any DNS record
> on these
> > servers.
> >
> > and the command which i tried is(non client server)
> >
> > ipa-replica-install --principal admin --admin-password P at ssw0rd --domain
> > kw.example.com <http://kw.example.com> --server
> zkwipamstr01.kw.example.com
> > <http://zkwipamstr01.kw.example.com>
> >
> >
> >
> > ipa         : CRITICAL Failed to restart the directory server (Command
> > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> non-zero exit
> > status 1). See the installation log for details.
> >    [29/44]: setting up initial replication
> >    [error] error: [Errno 111] Connection refused
> > Your system may be partly configured.
> > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> Connection
> > refused
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more
> > information
>
> This looks like bug https://fedorahosted.org/freeipa/ticket/6575
>
> To verify that, could you check if master server internally listens on
> port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
> near  step 27.
>
> Usual fix is to add following line to /etc/hosts
>   ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
>
> > [root at zkwiparepa01 ~]# /bin/systemctl restart
> dirsrv at KW-EXAMPLE-COM.service
> > Job for dirsrv at KW-EXAMPLE-COM.service failed because the control
> process exited
> > with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
> and
> > "journalctl -xe" for details.
> >
> > [root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
> > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
> >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled;
> vendor
> > preset: disabled)
> >     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46
> AST; 13s ago
> >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i
> > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> >    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
> > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> >   Main PID: 14893 (code=exited, status=1/FAILURE)
> >
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error:
> > betxnpostoperation plu...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object
> plugin
> > Roles Pl...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error:
> preoperation
> > plugin su...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object
> plugin USN
> > is n...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object
> plugin
> > Views is...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error:
> extendedop plugin
> > whoa...arted
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited,
> code=exited,
> > status=1/FAILURE
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > Hint: Some lines were ellipsized, use -l to show in full.
> >
> >
> >
> > Regards,
> > Ben
> >
> >
> > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com
> > <mailto:mbabinsk at redhat.com>> wrote:
> >
> >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> >
> >         HI
> >
> >         while trying to create ipa replica, i am getting below error,
> >
> >         Replica creation using 'ipa-replica-prepare' to generate replica
> file
> >         is supported only in 0-level IPA domain.
> >
> >         The current IPA domain level is 1 and thus the replica must
> >         be created by promoting an existing IPA client.
> >
> >         To set up a replica use the following procedure:
> >              1.) set up a client on the host using 'ipa-client-install'
> >              2.) promote the client to replica running
> 'ipa-replica-install'
> >                  *without* replica file specified
> >
> >         'ipa-replica-prepare' is allowed only in domain level 0
> >         The ipa-replica-prepare command failed.
> >
> >
> >         i have IPA master server without AD integration and DNS is
> managed by
> >         3rd party appliances.
> >
> >
> >
> >         Regards,
> >         Ben
> >
> >
> >
> >     Hi Ben,
> >
> >     If you installed IPA 4.4 server then domain level 1 is the default.
> This
> >     domain level uses different mechanism to stand up replicas. See the
> latest
> >     IdM documentation[1] for more details.
> >
> >     [1]
> >     https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
> Guide/creating-the-replica.html
> >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
> Guide/creating-the-replica.html>
> >
> >     --
> >     Martin^3 Babinsky
> >
> >     --
> >     Manage your subscription for the Freeipa-users mailing list:
> >     https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >     Go to http://freeipa.org for more info on the project
> >
> >
> >
> >
>
>
> --
> Petr Vobornik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/9f82fcd0/attachment.htm>

From tkrizek at redhat.com  Wed Jan  4 12:43:38 2017
From: tkrizek at redhat.com (Tomas Krizek)
Date: Wed, 4 Jan 2017 13:43:38 +0100
Subject: [Freeipa-users] Manually configuring Freeipa bind configs to
 host secondary zones
In-Reply-To: <1289829626.10354110.1483522125234@mail.yahoo.com>
References: <1289829626.10354110.1483522125234.ref@mail.yahoo.com>
	<1289829626.10354110.1483522125234@mail.yahoo.com>
Message-ID: <1c2d34f2-4aad-2787-7493-e992eca5b761@redhat.com>

On 01/04/2017 10:28 AM, James Harrison wrote:
> Hi All,
> I realise Free IPA doesn't yet support secondary zones in the web
> interface or command line tools (I might be wrong :) ) When I talk
> about secondary zones I mean a zone replicated from Windows DNS masters.
>
> Can the Free IPA bind configs be manually altered to host secondary
> zones. Is it supported or will they just be over-written by Freeipa?
>
> I've been hunting for an answer online, but found nothing about this.
>
> Many thanks,
> James Harrison
>
>
Hi,

you can configure the secondary zone in named.conf and it should not be
over-written. IPA creates named.conf during installation and then only
changes the relevant IPA parts, for example during an upgrade.

Manual changes to the bind-dyndb-ldap section (dynamic-db / dyndb) may
break our custom parsing. However, since you want to only add a
secondary zone in the main section, you should be fine.

-- 
Tomas Krizek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/334636eb/attachment.htm>

From flo at redhat.com  Wed Jan  4 12:49:08 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Wed, 4 Jan 2017 13:49:08 +0100
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
Message-ID: <1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>

On 01/04/2017 12:41 PM, Christophe TREFOIS wrote:
> Hi Fraser,
>
> We encountered the same issue. We exported the certificate from a "good"
> replica, using certutil.
> We then used certutil -A -n ipaCert -d /etc/httpd/alias/ -i
> /opt/sysadmin/cacert.crt -a -t CT,C on the bad server and then restarted
> ipa, and certmonger.
>
> Now, the certificate is correct both using the certutil command and the
> getcert list -n ipaCert command.
>
> However, we see an "ca-error: Invalid cookie: ''  "  in the output of
> getcert list -n ipaCert.
>
Hi Christophe,

is this error displayed on the renewal master? If not, you can run
$ getcert resubmit -i <id for ipaCert>
and the error should go away. On non-renewal master, resubmit downloads 
the certificate from LDAP (it does not ask for renewal), meaning that 
this operation cannot be harmful.

To know which server is the renewal master:
$ ldapsearch -h localhost -p 389 -D 'cn=Directory Manager' -w password 
-b "cn=masters,cn=ipa,cn=etc,$BASEDN" 
'(&(cn=CA)(ipaConfigString=caRenewalMaster))' dn
dn: cn=CA,cn=server.example.com,cn=masters,cn=ipa,cn=etc,$BASEDN

=> the renewal master is server.example.com

HTH,
Flo

> Did we import the certificate correctly and should we worry about this
> ca-error?
> It seems replication is going fine, and also ipa-server-upgrade completes
> successfully when run manually (whereas it failed previously from the same
> error as in this thread)
>
> Thanks for any pointers on how to clean the issue up properly,
> Kind regards,
>
> Christophe
>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
>> bounces at redhat.com] On Behalf Of Fraser Tweedale
>> Sent: lundi 19 d?cembre 2016 00:11
>> To: Christopher Young <mexigabacho at gmail.com>
>> Cc: freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] Replica issue / Certificate Authority
>>
>> On Fri, Dec 16, 2016 at 05:29:18PM -0500, Rob Crittenden wrote:
>>> Christopher Young wrote:
>>>> Ok.  I think I have a 'hint' here, but I could use some help getting
> this fixed.
>>>>
>>>> Comparing the two IPA servers, I found the following (modified SOME
>>>> of the output myself):
>>>
>>> You're right about the ipaCert. I'd export the renewed cert from your
>>> working server using the same certutil command, just direct it to a
>>> file instead. Then import it into the non-working server and restart
>>> the httpd service. That should do it.
>>>
>> I agree that this should fix it.
>>
>> You could also try running `ipa-certupdate' as root, if the correct
> certificate is
>> to be found in cn=certificates,cn=ipa,cn=etc,{basedn}
>>
>> Once everything is working again, you should check:
>>
>> 1. renewal master configuration is correct
>>
>> 2. certmonger tracking requests for the IPA RA cert are correct on
>>    both servers
>>
>> 3. the correct certificate is in
>>    cn=certificates,cn=ipa,cn=etc,{basedn}
>>
>> Thanks,
>> Fraser
>>
>>> Or you can try restarting certmonger on the non-working server to see
>>> if
>>>
>>> that triggers it to pull in the updated cert. Theoretically this
>>> should do it as well but given potential past replication problems it
>>> is possible the entry doesn't exist.
>>>
>>> getcert list -n ipaCert on each will show some basic information. The
>>> important thing is to see if there is some root cause that will make
>>> this blow up again at renewal time.
>>>
>>> rob
>>>
>>>>
>>>> on 'ipa02' (the 'good' one):
>>>> -----
>>>> ipa cert-show 1
>>>>   Issuing CA: ipa
>>>>   Certificate: <<<proper cert data here>>>
>>>>   Subject: CN=Certificate Authority,O=xxxx.LOCAL
>>>>   Issuer: CN=Certificate Authority,O=xxxx.LOCAL
>>>>   Not Before: Thu Jan 01 06:23:38 2015 UTC
>>>>   Not After: Mon Jan 01 06:23:38 2035 UTC
>>>>   Fingerprint (MD5): a6:aa:88:d4:66:e2:70:c1:e3:8c:37:0b:f3:eb:19:7d
>>>>   Fingerprint (SHA1):
>>>> 11:c2:5a:58:bc:77:55:37:39:9b:13:b1:1a:a2:02:50:be:2e:a0:7f
>>>>   Serial number: 1
>>>>   Serial number (hex): 0x1
>>>>   Revoked: False
>>>> ------
>>>>
>>>>
>>>> on 'ipa01'
>>>> -----
>>>> ipa cert-show 1
>>>> ipa: ERROR: Certificate operation cannot be completed: EXCEPTION
>>>> (Invalid Credential.)
>>>> -----
>>>>
>>>> Thinking about this, I decided to just start checking for
>>>> inconsistencies and I noticed the following:
>>>>
>>>> ipa02:
>>>> -----------
>>>> [root at ipa02 ~]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
>>>> openssl x509 -text  | head
>>>> Certificate:
>>>>     Data:
>>>>         Version: 3 (0x2)
>>>>         Serial Number: 268304413 (0xffe001d)
>>>>     Signature Algorithm: sha256WithRSAEncryption
>>>>         Issuer: O=xxxxx.LOCAL, CN=Certificate Authority
>>>>         Validity
>>>>             Not Before: Nov 23 18:19:31 2016 GMT
>>>>             Not After : Nov 13 18:19:31 2018 GMT
>>>>         Subject: O=xxxxx.LOCAL, CN=IPA RA
>>>>
>>>> ----------
>>>> ipa01:
>>>> ----------
>>>> [root at ipa01 tmp]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
>>>> openssl x509 -text  | head
>>>> Certificate:
>>>>     Data:
>>>>         Version: 3 (0x2)
>>>>         Serial Number: 7 (0x7)
>>>>     Signature Algorithm: sha256WithRSAEncryption
>>>>         Issuer: O=xxxx.LOCAL, CN=Certificate Authority
>>>>         Validity
>>>>             Not Before: Jan  1 06:24:23 2015 GMT
>>>>             Not After : Dec 21 06:24:23 2016 GMT
>>>>         Subject: O=xxxx.LOCAL, CN=IPA RA
>>>>
>>>> ----------
>>>>
>>>> So, it looks like somewhere in the process, the certificate got
>>>> renewed but not updated on 'ipa01'?  I apologize as I'm trying to
>>>> understand this.  I believe that my end goal is probably still the
>>>> same (verify replication and get things working properly on the
>>>> 'ipa01' system.
>>>>
>>>> Any help is very much appreciated!
>>>>
>>>> -- Chris
>>>>
>>>>
>>>> On Fri, Dec 16, 2016 at 3:35 PM, Christopher Young
>>>> <mexigabacho at gmail.com> wrote:
>>>>> I'm hoping to provide enough information to get some help to a very
>>>>> important issue that I'm currently having.
>>>>>
>>>>> I have two IPA servers at a single location that recently had a
>>>>> replication issue that I eventually resolved by reinitializing one
>>>>> of the masters/replicas with one that seemed to be the most 'good'.
>>>>>
>>>>> In any case, somewhere in this process, the new IPA 4.4 was release
>>>>> with/for CentOS 7.3.
>>>>>
>>>>> At this moment, regular replication seems to be working properly
>>>>> (in that I don't have any obvious issues and web interfaces on both
>>>>> systems seem to be consistent for updates EXCEPT when it comes to
>>>>> the certificates).
>>>>>
>>>>> Before I get to the errors, here is the output of some of the
>>>>> commands that I would expect anyone would need:
>>>>>
>>>>> ----------
>>>>> [root at ipa01 ~]# ipa-replica-manage list
>>>>> ipa01.passur.local: master
>>>>> ipa02.passur.local: master
>>>>> -----
>>>>> [root at ipa01 ~]# ipa-replica-manage list -v ipa01.passur.local
>>>>> ipa02.passur.local: replica
>>>>>   last init status: None
>>>>>   last init ended: 1970-01-01 00:00:00+00:00
>>>>>   last update status: Error (0) Replica acquired successfully:
>>>>> Incremental update succeeded
>>>>>   last update ended: 2016-12-16 20:25:40+00:00
>>>>> -----
>>>>> [root at ipa01 ~]# ipa-replica-manage list -v ipa02.passur.local
>>>>> ipa01.passur.local: replica
>>>>>   last init status: None
>>>>>   last init ended: 1970-01-01 00:00:00+00:00
>>>>>   last update status: Error (0) Replica acquired successfully:
>>>>> Incremental update succeeded
>>>>>   last update ended: 2016-12-16 20:25:40+00:00
>>>>> -----
>>>>> [root at ipa01 ~]# ipa-replica-manage list-ruv Replica Update Vectors:
>>>>>         ipa01.passur.local:389: 4
>>>>>         ipa02.passur.local:389: 6
>>>>> Certificate Server Replica Update Vectors:
>>>>>         ipa02.passur.local:389: 97
>>>>>         ipa01.passur.local:389: 96
>>>>> ----------
>>>>>
>>>>>
>>>>> After the yum updates were applied to each system, I noticed that the
>>>>> results of 'ipa-server-upgrade' were quite different.  The 'ipa02'
>>>>> system went through without errors (this was also the system I used
> to
>>>>> reinitialize the other when I had a replication issue recently).
>>>>>
>>>>>
>>>>>
>>>>> On 'ipa01', I have following at the end of the 'ipaupgrade.log' file:
>>>>> ----------
>>>>> 2016-12-14T18:09:26Z ERROR IPA server upgrade failed: Inspect
>>>>> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
>>>>> 2016-12-14T18:09:26Z DEBUG   File
>>>>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
>>>>> in execute
>>>>>     return_value = self.run()
>>>>>   File "/usr/lib/python2.7/site-
>> packages/ipaserver/install/ipa_server_upgrade.py",
>>>>> line 46, in run
>>>>>     server.upgrade()
>>>>>   File "/usr/lib/python2.7/site-
>> packages/ipaserver/install/server/upgrade.py",
>>>>> line 1863, in upgrade
>>>>>     upgrade_configuration()
>>>>>   File "/usr/lib/python2.7/site-
>> packages/ipaserver/install/server/upgrade.py",
>>>>> line 1785, in upgrade_configuration
>>>>>     ca_enable_ldap_profile_subsystem(ca)
>>>>>   File "/usr/lib/python2.7/site-
>> packages/ipaserver/install/server/upgrade.py",
>>>>> line 336, in ca_enable_ldap_profile_subsystem
>>>>>     cainstance.migrate_profiles_to_ldap()
>>>>>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>>>> line 1984, in migrate_profiles_to_ldap
>>>>>     _create_dogtag_profile(profile_id, profile_data, overwrite=False)
>>>>>   File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>>>> line 1990, in _create_dogtag_profile
>>>>>     with api.Backend.ra_certprofile as profile_api:
>>>>>   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/dogtag.py",
>>>>> line 2060, in __enter__
>>>>>     raise errors.RemoteRetrieveError(reason=_('Failed to authenticate
>>>>> to CA REST API'))
>>>>>
>>>>> 2016-12-14T18:09:26Z DEBUG The ipa-server-upgrade command failed,
>>>>> exception: RemoteRetrieveError: Failed to authenticate to CA REST API
>>>>> 2016-12-14T18:09:26Z ERROR Unexpected error - see
>>>>> /var/log/ipaupgrade.log for details:
>>>>> RemoteRetrieveError: Failed to authenticate to CA REST API
>>>>> 2016-12-14T18:09:26Z ERROR The ipa-server-upgrade command failed.
>> See
>>>>> /var/log/ipaupgrade.log for more information
>>>>> ----------
>>>>>
>>>>>
>>>>> In addition, when I go to the IPA web interface on the 'ipa01'
> system,
>>>>> I get the following when I try to view any of the certificates:
>>>>> ----------
>>>>> IPA Error 4301: CertificateOperationError
>>>>>
>>>>> Certificate operation cannot be completed: EXCEPTION (Invalid
>> Credential.)
>>>>> ----------
>>>>>
>>>>>
>>>>> I was wondering if there was a method for taking all the CA
>>>>> details/tree/what have you from my 'ipa02' system and using it to
>>>>> repopulate the 'ipa01'.   Since everything else seems to be working
>>>>> correctly after a reinitialize on 'ipa01', I thought this would be
> the
>>>>> safest way, but I'm opening any solutions as I need to get this fixed
>>>>> ASAP.
>>>>>
>>>>> Please let me know any additional details that may help OR if there
> is
>>>>> a procedure that I could use to quickly and easily recreate 'ipa01'
>>>>> WITH the certificate authority properly working on both.  I may need
>>>>> some educate there.
>>>>>
>>>>>
>>>>> Thanks!
>>>>>
>>>>> -- Chris
>>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>>



From mbasti at redhat.com  Wed Jan  4 12:59:04 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 4 Jan 2017 13:59:04 +0100
Subject: [Freeipa-users] Broken dirsrv and SSL certificate in CA-less
 install of FreeIPA 4.4 on CentOS 7.3
In-Reply-To: <1df7900c-e8bd-2f56-dd0d-9bf5d9f5fbe7@redhat.com>
References: <CAOGqY2yYW8dHEbdC0bK-KLeON60eEV5CMmMyDY1J8w9XGYti3Q@mail.gmail.com>
	<CAOGqY2xLi48D84mzGow8MS102GQx4BLVkqi+cyRdb7wYuEbTAw@mail.gmail.com>
	<1df7900c-e8bd-2f56-dd0d-9bf5d9f5fbe7@redhat.com>
Message-ID: <ced42934-a51c-2597-b92d-fb633556b2fc@redhat.com>



On 30.12.2016 11:54, Martin Basti wrote:
>
> Hello,
>
> The first half of the first issue is this bug: 
> https://fedorahosted.org/freeipa/ticket/6226
>
> you have to enable SSL on server manually after installation
>
>
> The second half of the first issue shouldn't be related to ticket 
> above, but I don't know more details I'll leave this for IPA CA gurus
>
>
> The second issue is unrelated to certificates, I believe that 
> something in dirsrv causes this unusual behavior. I saw this before 
> with other users.
>
> * both no such entry for HTTP principal, or for topology plugin are 
> the same issue
>
> * all users have this issue with CA-less installation, but not always 
> reproducible, I'm not sure if there can be a step in CA-less install 
> that can cause this
>
> * entries are in database (were added previously by installer) but 
> during installation the search failed with no such entry, ldapsearch 
> after installation works
>
> * in access log SRCH is before ADD operation, but this is against the 
> steps in installer, entry is added first and even installer failed 
> hard so there is no way how to add it after failure caused by not 
> found error.
>
> [29/Dec/2016:10:33:02.775715491 +0000] conn=16 op=1 SRCH base="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"  scope=0 filter="(objectClass=*)" attrs=ALL
> [29/Dec/2016:10:33:02.775892719 +0000] conn=16 op=1 RESULT err=32 tag=101 nentries=0 etime=0
> This caused installation failure (IMO - there is no more SRCH operation for HTTP principal in log) ^^^^^^
> ......
> [29/Dec/2016:10:33:05.487917960 +0000] conn=17 op=10 ADD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
> [29/Dec/2016:10:33:05.492213776 +0000] conn=17 op=10 RESULT err=0 tag=105 nentries=0 etime=0 csn=5864e653000000040000
> [29/Dec/2016:10:33:05.492372184 +0000] conn=17 op=11 MOD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
> [29/Dec/2016:10:33:05.494649080 +0000] conn=17 op=11 RESULT err=0 tag=103 nentries=0 etime=0 csn=5864e653000100040000
> [29/Dec/2016:10:33:05.494816357 +0000] conn=17 op=12 MOD dn="krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK,cn=services,cn=accounts,dc=pakos,dc=uk"
> These were added after failure ??? ^^^^^
>
> I need a DS guru assistance to resolve this :)
> Martin^2
Ticket for this issue has been opened 
https://fedorahosted.org/freeipa/ticket/6575 Martin^2
> On 29.12.2016 19:13, Peter Pakos wrote:
>> Access log: https://files.pakos.uk/access.txt
>> Error log: https://files.pakos.uk/ipareplica-install.log.txt
>> I hope it helps.
>> On 29 December 2016 at 12:52, Peter Pakos <peter at pakos.uk 
>> <mailto:peter at pakos.uk>> wrote:
>>
>>     Hi guys,
>>     I'm facing yet another problem with CA-less install of FreeIPA
>>     replica and 3rd party SSL certificate.
>>     Few days ago I deployed a new CA-less server (ipa02) by running
>>     the following command:
>>
>>         ipa-server-install \   -r PAKOS.UK <http://PAKOS.UK> \   -n
>>         pakos.uk <http://pakos.uk> \   -p 'password' \   -a
>>         'password' \   --mkhomedir \   --setup-dns \  
>>         --no-forwarders \   --no-dnssec-validation \  
>>         --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \  
>>         --dirsrv-pin='' \  
>>         --http-cert-file=/root/ssl/star.pakos.uk.pfx \  
>>         --http-pin='' \   --http-cert-name=AlphaWildcardIPA \  
>>         --idstart=1000
>>
>>     This server appears to be working OK.
>>     Then yesterday I deployed a client (ipa01):
>>
>>         ipa-client-install \   -p admin \   -w 'password' \   --mkhomedir
>>
>>     Next, I promoted it to IPA server:
>>
>>         ipa-replica-install \   -w 'password' \   --mkhomedir \  
>>         --setup-dns \   --no-forwarders \   --no-dnssec-validation \
>>           --dirsrv-cert-file=/root/ssl/star.pakos.uk.pfx \  
>>         --dirsrv-pin='' \   --dirsrv-cert-name=AlphaWildcardIPA \  
>>         --http-cert-file=/root/ssl/star.pakos.uk.pfx \  
>>         --http-pin='' \   --http-cert-name=AlphaWildcardIPA
>>
>>     After it finished, I've noticed that dirsrv wasn't running on
>>     port 636 on ipa01.
>>     Further investigation revealed that the SSL wildcard certificate
>>     (AlphaWildcardIPA) wasn't installed in dirsrv DB and CA
>>     certificates were named oddly (CA 1 and CA 2):
>>
>>     [root at ipa01 ~]# certutil -L -d /etc/httpd/alias/ Certificate
>>     Nickname Trust Attributes SSL,S/MIME,JAR/XPI AlphaWildcardIPA
>>     u,u,u CA 1 ,, CA 2 C,, [root at ipa01 ~]# certutil -L -d
>>     /etc/dirsrv/slapd-PAKOS-UK/ Certificate Nickname Trust Attributes
>>     SSL,S/MIME,JAR/XPI GlobalSign Root CA - GlobalSign nv-sa ,,
>>     AlphaSSL CA - SHA256 - G2 - GlobalSign nv-sa C,,
>>
>>     This is what I found in the error log:
>>
>>     [29/Dec/2016:01:43:58.852745536 +0000] 389-Directory/1.3.5.10
>>     <http://1.3.5.10> B2016.341.2222 starting up
>>     [29/Dec/2016:01:43:58.867642515 +0000] default_mr_indexer_create:
>>     warning - plugin [caseIgnoreIA5Match] does not handle
>>     caseExactIA5Match [29/Dec/2016:01:43:58.889866051 +0000]
>>     schema-compat-plugin - scheduled schema-compat-plugin tree scan
>>     in about 5 seconds after the server startup!
>>     [29/Dec/2016:01:43:58.905267535 +0000] NSACLPlugin - The ACL
>>     target cn=groups,cn=compat,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.907051833 +0000] NSACLPlugin - The ACL
>>     target cn=computers,cn=compat,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.908396407 +0000] NSACLPlugin - The ACL
>>     target cn=ng,cn=compat,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.909758735 +0000] NSACLPlugin - The ACL
>>     target ou=sudoers,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.911133739 +0000] NSACLPlugin - The ACL
>>     target cn=users,cn=compat,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.912416230 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.913644794 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.914901802 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.916158004 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.917409810 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.918636743 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.919904210 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.921175543 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.922417264 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.923818252 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.925218237 +0000] NSACLPlugin - The ACL
>>     target cn=vaults,cn=kra,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.928474915 +0000] NSACLPlugin - The ACL
>>     target cn=ad,cn=etc,dc=pakos,dc=uk does not exist
>>     [29/Dec/2016:01:43:58.943158867 +0000] NSACLPlugin - The ACL
>>     target cn=casigningcert
>>     cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
>>     exist [29/Dec/2016:01:43:58.944679679 +0000] NSACLPlugin - The
>>     ACL target cn=casigningcert
>>     cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=pakos,dc=uk does not
>>     exist [29/Dec/2016:01:43:59.060335708 +0000] NSACLPlugin - The
>>     ACL target cn=automember rebuild membership,cn=tasks,cn=config
>>     does not exist [29/Dec/2016:01:43:59.066618653 +0000] Skipping
>>     CoS Definition cn=Password Policy,cn=accounts,dc=pakos,dc=uk--no
>>     CoS Templates found, which should be added before the CoS
>>     Definition. [29/Dec/2016:01:43:59.100168779 +0000]
>>     schema-compat-plugin - schema-compat-plugin tree scan will start
>>     in about 5 seconds! [29/Dec/2016:01:43:59.108366423 +0000] slapd
>>     started. Listening on All Interfaces port 389 for LDAP requests
>>     [29/Dec/2016:01:43:59.109788596 +0000] Listening on
>>     /var/run/slapd-PAKOS-UK.socket for LDAPI requests
>>     [29/Dec/2016:01:44:04.117095313 +0000] schema-compat-plugin -
>>     warning: no entries set up under cn=ng, cn=compat,dc=pakos,dc=uk
>>     [29/Dec/2016:01:44:04.142962437 +0000] schema-compat-plugin -
>>     warning: no entries set up under cn=computers,
>>     cn=compat,dc=pakos,dc=uk [29/Dec/2016:01:44:04.164958006 +0000]
>>     schema-compat-plugin - Finished plugin initialization.
>>     [29/Dec/2016:01:44:20.113621699 +0000] ipa-topology-plugin -
>>     ipa_topo_util_get_replica_conf: server configuration missing
>>     [29/Dec/2016:01:44:20.115517170 +0000] ipa-topology-plugin -
>>     ipa_topo_util_get_replica_conf: cannot create replica
>>
>>     At this point I trashed ipa01 and tried to re-deploy it again
>>     using the same commands. The install failed with the following
>>     error message:
>>
>>     Done configuring directory server (dirsrv). Configuring
>>     ipa-custodia [1/4]: Generating ipa-custodia config file [2/4]:
>>     Generating ipa-custodia keys [3/4]: starting ipa-custodia [4/4]:
>>     configuring ipa-custodia to start on boot Done configuring
>>     ipa-custodia. Configuring Kerberos KDC (krb5kdc). Estimated time:
>>     30 seconds [1/4]: configuring KDC [2/4]: adding the password
>>     extension to the directory [3/4]: starting the KDC [4/4]:
>>     configuring KDC to start on boot Done configuring Kerberos KDC
>>     (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]:
>>     configuring kadmin to start on boot Done configuring kadmin.
>>     Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]:
>>     configuring ipa_memcached to start on boot Done configuring
>>     ipa_memcached. Configuring the web interface (httpd). Estimated
>>     time: 1 minute [1/19]: setting mod_nss port to 443 [2/19]:
>>     setting mod_nss cipher suite [3/19]: setting mod_nss protocol
>>     list to TLSv1.0 - TLSv1.2 [4/19]: setting mod_nss password file
>>     [5/19]: enabling mod_nss renegotiate [6/19]: adding URL rewriting
>>     rules [7/19]: configuring httpd [8/19]: setting up httpd keytab
>>     [9/19]: setting up ssl [error] NotFound: no such entry Your
>>     system may be partly configured. Run /usr/sbin/ipa-server-install
>>     --uninstall to clean up.
>>     ipa.ipapython.install.cli.install_tool(Replica): ERROR no such
>>     entry ipa.ipapython.install.cli.install_tool(Replica): ERROR The
>>     ipa-replica-install command failed. See
>>     /var/log/ipareplica-install.log for more information
>>
>>     Here's the full install log:
>>     https://files.pakos.uk/ipareplica-install.log.txt
>>     <https://files.pakos.uk/ipareplica-install.log.txt>
>>     I've raised this problem on #freeipa channel (many thanks to
>>     mbasti and ab for their help in investigating this issue with me)
>>     however we didn't get too far and some further input from dirsrv
>>     gurus is required here.
>>
>>     [root at ipa01 ipa]# echo $SERVICE HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> [root at ipa01 ipa]# echo $DN
>>     krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk
>>     [root at ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
>>     -s sub Enter LDAP Password: # extended LDIF # # LDAPv3 # base
>>     <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
>>     with scope subtree # filter: (objectclass=*) # requesting: ALL #
>>     # HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
>>     services, accounts, pakos.uk <http://pakos.uk> dn:
>>     krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
>>     akos,dc=uk krbExtraData::
>>     AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
>>     krbLastPwdChange: 20161229103250Z krbPrincipalKey::
>>     MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
>>     NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
>>     a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
>>     pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
>>     LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
>>     objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
>>     objectClass: krbprincipal objectClass: krbprincipalaux
>>     objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
>>     HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
>>     krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
>>     <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
>>     krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
>>     25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
>>     result: 0 Success # numResponses: 2 # numEntries: 1 [root at ipa01
>>     ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
>>     "krbprincipalname=*" Enter LDAP Password: # extended LDIF # #
>>     LDAPv3 # base <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
>>     with scope subtree # filter: krbprincipalname=* # requesting: ALL
>>     # # HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>, services, accounts, pakos.uk
>>     <http://pakos.uk> dn:
>>     krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
>>     akos,dc=uk krbExtraData::
>>     AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
>>     krbLastPwdChange: 20161229103250Z krbPrincipalKey::
>>     MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
>>     NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
>>     a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
>>     pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
>>     LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
>>     objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
>>     objectClass: krbprincipal objectClass: krbprincipalaux
>>     objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
>>     HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
>>     krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
>>     <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
>>     krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
>>     25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
>>     result: 0 Success # numResponses: 2 # numEntries: 1 [root at ipa01
>>     ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN -s sub
>>     "(objectclass=*)" Enter LDAP Password: # extended LDIF # # LDAPv3
>>     # base <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
>>     with scope subtree # filter: (objectclass=*) # requesting: ALL #
>>     # HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>,
>>     services, accounts, pakos.uk <http://pakos.uk> dn:
>>     krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
>>     akos,dc=uk krbExtraData::
>>     AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
>>     krbLastPwdChange: 20161229103250Z krbPrincipalKey::
>>     MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
>>     NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
>>     a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
>>     pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
>>     LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
>>     objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
>>     objectClass: krbprincipal objectClass: krbprincipalaux
>>     objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
>>     HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
>>     krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
>>     <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
>>     krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
>>     25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
>>     result: 0 Success # numResponses: 2 # numEntries: 1
>>
>>     [root at ipa01 ipa]# ldapsearch -D "cn=Directory Manager" -W -b $DN
>>     -s base Enter LDAP Password: # extended LDIF # # LDAPv3 # base
>>     <krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=pakos,dc=uk>
>>     with scope baseObject # filter: (objectclass=*) # requesting: ALL
>>     # # HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>, services, accounts, pakos.uk
>>     <http://pakos.uk> dn:
>>     krbprincipalname=HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK>,cn=services,cn=accounts,dc=p
>>     akos,dc=uk krbExtraData::
>>     AAJS5mRYSFRUUC9pcGEwMS5wYWtvcy51a0BQQUtPUy5VSwA=
>>     krbLastPwdChange: 20161229103250Z krbPrincipalKey::
>>     MIHeoAMCAQGhAwIBAaIDAgEBowMCAQGkgccwgcQwaKAbMBmgAwIBBKESBBB5
>>     NUQyJVZFPGYyMTZAUU0+oUkwR6ADAgESoUAEPiAA1r2NfOUD/7xph6tSb4hg/nTOwIVYhOusG/omq
>>     a1qMz/ZVA/nn4pct9yNwFxKUGOFOz1suDz0l2Rur2vUMFigGzAZoAMCAQShEgQQOiQnZGE8Nk93V3
>>     pvJSRLVaE5MDegAwIBEaEwBC4QAJbWI/ipYCPMu9I/jUqL39P0a9WHq8BdW2kpY9kYqsoy7D+A3fP
>>     LwmAX3lYm objectClass: ipaobject objectClass: ipaservice
>>     objectClass: krbticketpolicyaux objectClass: ipakrbprincipal
>>     objectClass: krbprincipal objectClass: krbprincipalaux
>>     objectClass: pkiuser objectClass: top ipaKrbPrincipalAlias:
>>     HTTP/ipa01.pakos.uk at PAKOS.UK <mailto:ipa01.pakos.uk at PAKOS.UK>
>>     krbCanonicalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> managedBy: fqdn=ipa01.pakos.uk
>>     <http://ipa01.pakos.uk>,cn=computers,cn=accounts,dc=pakos,dc=uk
>>     krbPrincipalName: HTTP/ipa01.pakos.uk at PAKOS.UK
>>     <mailto:ipa01.pakos.uk at PAKOS.UK> ipaUniqueID:
>>     25dc5432-cdb2-11e6-a20e-005056a2f7f5 # search result search: 2
>>     result: 0 Success # numResponses: 2 # numEntries: 1
>>
>>     I must say that this a show stopper for us at WANdisco which is
>>     holding back the upgrade from FreeIPA 4.2 to FreeIPA 4.4.
>>     If there is anything else I can do to help with the
>>     investigation, please just let me know.
>>     Many thanks in advance.
>>     -- 
>>     Kind regards,
>>      Peter Pakos
>>
>> -- 
>> Kind regards,
>>  Peter Pakos
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/0498277f/attachment.htm>

From christophe.trefois at uni.lu  Wed Jan  4 13:04:05 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Wed, 4 Jan 2017 13:04:05 +0000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>,
	<1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
Message-ID: <F71FCCA2-0E3F-4D82-9A2C-3956DD3DA074@uni.lu>

Hi Flo,

The id needed to execute that command would come from where exactly? Is it the one from getcert list -n ipaCert?

Thanks
Christophe 

Sent from my iPhone

> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com> wrote:
> 
>> On 01/04/2017 12:41 PM, Christophe TREFOIS wrote:
>> Hi Fraser,
>> 
>> We encountered the same issue. We exported the certificate from a "good"
>> replica, using certutil.
>> We then used certutil -A -n ipaCert -d /etc/httpd/alias/ -i
>> /opt/sysadmin/cacert.crt -a -t CT,C on the bad server and then restarted
>> ipa, and certmonger.
>> 
>> Now, the certificate is correct both using the certutil command and the
>> getcert list -n ipaCert command.
>> 
>> However, we see an "ca-error: Invalid cookie: ''  "  in the output of
>> getcert list -n ipaCert.
>> 
> Hi Christophe,
> 
> is this error displayed on the renewal master? If not, you can run
> $ getcert resubmit -i <id for ipaCert>
> and the error should go away. On non-renewal master, resubmit downloads the certificate from LDAP (it does not ask for renewal), meaning that this operation cannot be harmful.
> 
> To know which server is the renewal master:
> $ ldapsearch -h localhost -p 389 -D 'cn=Directory Manager' -w password -b "cn=masters,cn=ipa,cn=etc,$BASEDN" '(&(cn=CA)(ipaConfigString=caRenewalMaster))' dn
> dn: cn=CA,cn=server.example.com,cn=masters,cn=ipa,cn=etc,$BASEDN
> 
> => the renewal master is server.example.com
> 
> HTH,
> Flo
> 
>> Did we import the certificate correctly and should we worry about this
>> ca-error?
>> It seems replication is going fine, and also ipa-server-upgrade completes
>> successfully when run manually (whereas it failed previously from the same
>> error as in this thread)
>> 
>> Thanks for any pointers on how to clean the issue up properly,
>> Kind regards,
>> 
>> Christophe
>> 
>>> -----Original Message-----
>>> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
>>> bounces at redhat.com] On Behalf Of Fraser Tweedale
>>> Sent: lundi 19 d?cembre 2016 00:11
>>> To: Christopher Young <mexigabacho at gmail.com>
>>> Cc: freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] Replica issue / Certificate Authority
>>> 
>>>> On Fri, Dec 16, 2016 at 05:29:18PM -0500, Rob Crittenden wrote:
>>>> Christopher Young wrote:
>>>>> Ok.  I think I have a 'hint' here, but I could use some help getting
>> this fixed.
>>>>> 
>>>>> Comparing the two IPA servers, I found the following (modified SOME
>>>>> of the output myself):
>>>> 
>>>> You're right about the ipaCert. I'd export the renewed cert from your
>>>> working server using the same certutil command, just direct it to a
>>>> file instead. Then import it into the non-working server and restart
>>>> the httpd service. That should do it.
>>>> 
>>> I agree that this should fix it.
>>> 
>>> You could also try running `ipa-certupdate' as root, if the correct
>> certificate is
>>> to be found in cn=certificates,cn=ipa,cn=etc,{basedn}
>>> 
>>> Once everything is working again, you should check:
>>> 
>>> 1. renewal master configuration is correct
>>> 
>>> 2. certmonger tracking requests for the IPA RA cert are correct on
>>>   both servers
>>> 
>>> 3. the correct certificate is in
>>>   cn=certificates,cn=ipa,cn=etc,{basedn}
>>> 
>>> Thanks,
>>> Fraser
>>> 
>>>> Or you can try restarting certmonger on the non-working server to see
>>>> if
>>>> 
>>>> that triggers it to pull in the updated cert. Theoretically this
>>>> should do it as well but given potential past replication problems it
>>>> is possible the entry doesn't exist.
>>>> 
>>>> getcert list -n ipaCert on each will show some basic information. The
>>>> important thing is to see if there is some root cause that will make
>>>> this blow up again at renewal time.
>>>> 
>>>> rob
>>>> 
>>>>> 
>>>>> on 'ipa02' (the 'good' one):
>>>>> -----
>>>>> ipa cert-show 1
>>>>>  Issuing CA: ipa
>>>>>  Certificate: <<<proper cert data here>>>
>>>>>  Subject: CN=Certificate Authority,O=xxxx.LOCAL
>>>>>  Issuer: CN=Certificate Authority,O=xxxx.LOCAL
>>>>>  Not Before: Thu Jan 01 06:23:38 2015 UTC
>>>>>  Not After: Mon Jan 01 06:23:38 2035 UTC
>>>>>  Fingerprint (MD5): a6:aa:88:d4:66:e2:70:c1:e3:8c:37:0b:f3:eb:19:7d
>>>>>  Fingerprint (SHA1):
>>>>> 11:c2:5a:58:bc:77:55:37:39:9b:13:b1:1a:a2:02:50:be:2e:a0:7f
>>>>>  Serial number: 1
>>>>>  Serial number (hex): 0x1
>>>>>  Revoked: False
>>>>> ------
>>>>> 
>>>>> 
>>>>> on 'ipa01'
>>>>> -----
>>>>> ipa cert-show 1
>>>>> ipa: ERROR: Certificate operation cannot be completed: EXCEPTION
>>>>> (Invalid Credential.)
>>>>> -----
>>>>> 
>>>>> Thinking about this, I decided to just start checking for
>>>>> inconsistencies and I noticed the following:
>>>>> 
>>>>> ipa02:
>>>>> -----------
>>>>> [root at ipa02 ~]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
>>>>> openssl x509 -text  | head
>>>>> Certificate:
>>>>>    Data:
>>>>>        Version: 3 (0x2)
>>>>>        Serial Number: 268304413 (0xffe001d)
>>>>>    Signature Algorithm: sha256WithRSAEncryption
>>>>>        Issuer: O=xxxxx.LOCAL, CN=Certificate Authority
>>>>>        Validity
>>>>>            Not Before: Nov 23 18:19:31 2016 GMT
>>>>>            Not After : Nov 13 18:19:31 2018 GMT
>>>>>        Subject: O=xxxxx.LOCAL, CN=IPA RA
>>>>> 
>>>>> ----------
>>>>> ipa01:
>>>>> ----------
>>>>> [root at ipa01 tmp]# certutil -L -d /etc/httpd/alias/ -n ipaCert -a |
>>>>> openssl x509 -text  | head
>>>>> Certificate:
>>>>>    Data:
>>>>>        Version: 3 (0x2)
>>>>>        Serial Number: 7 (0x7)
>>>>>    Signature Algorithm: sha256WithRSAEncryption
>>>>>        Issuer: O=xxxx.LOCAL, CN=Certificate Authority
>>>>>        Validity
>>>>>            Not Before: Jan  1 06:24:23 2015 GMT
>>>>>            Not After : Dec 21 06:24:23 2016 GMT
>>>>>        Subject: O=xxxx.LOCAL, CN=IPA RA
>>>>> 
>>>>> ----------
>>>>> 
>>>>> So, it looks like somewhere in the process, the certificate got
>>>>> renewed but not updated on 'ipa01'?  I apologize as I'm trying to
>>>>> understand this.  I believe that my end goal is probably still the
>>>>> same (verify replication and get things working properly on the
>>>>> 'ipa01' system.
>>>>> 
>>>>> Any help is very much appreciated!
>>>>> 
>>>>> -- Chris
>>>>> 
>>>>> 
>>>>> On Fri, Dec 16, 2016 at 3:35 PM, Christopher Young
>>>>> <mexigabacho at gmail.com> wrote:
>>>>>> I'm hoping to provide enough information to get some help to a very
>>>>>> important issue that I'm currently having.
>>>>>> 
>>>>>> I have two IPA servers at a single location that recently had a
>>>>>> replication issue that I eventually resolved by reinitializing one
>>>>>> of the masters/replicas with one that seemed to be the most 'good'.
>>>>>> 
>>>>>> In any case, somewhere in this process, the new IPA 4.4 was release
>>>>>> with/for CentOS 7.3.
>>>>>> 
>>>>>> At this moment, regular replication seems to be working properly
>>>>>> (in that I don't have any obvious issues and web interfaces on both
>>>>>> systems seem to be consistent for updates EXCEPT when it comes to
>>>>>> the certificates).
>>>>>> 
>>>>>> Before I get to the errors, here is the output of some of the
>>>>>> commands that I would expect anyone would need:
>>>>>> 
>>>>>> ----------
>>>>>> [root at ipa01 ~]# ipa-replica-manage list
>>>>>> ipa01.passur.local: master
>>>>>> ipa02.passur.local: master
>>>>>> -----
>>>>>> [root at ipa01 ~]# ipa-replica-manage list -v ipa01.passur.local
>>>>>> ipa02.passur.local: replica
>>>>>>  last init status: None
>>>>>>  last init ended: 1970-01-01 00:00:00+00:00
>>>>>>  last update status: Error (0) Replica acquired successfully:
>>>>>> Incremental update succeeded
>>>>>>  last update ended: 2016-12-16 20:25:40+00:00
>>>>>> -----
>>>>>> [root at ipa01 ~]# ipa-replica-manage list -v ipa02.passur.local
>>>>>> ipa01.passur.local: replica
>>>>>>  last init status: None
>>>>>>  last init ended: 1970-01-01 00:00:00+00:00
>>>>>>  last update status: Error (0) Replica acquired successfully:
>>>>>> Incremental update succeeded
>>>>>>  last update ended: 2016-12-16 20:25:40+00:00
>>>>>> -----
>>>>>> [root at ipa01 ~]# ipa-replica-manage list-ruv Replica Update Vectors:
>>>>>>        ipa01.passur.local:389: 4
>>>>>>        ipa02.passur.local:389: 6
>>>>>> Certificate Server Replica Update Vectors:
>>>>>>        ipa02.passur.local:389: 97
>>>>>>        ipa01.passur.local:389: 96
>>>>>> ----------
>>>>>> 
>>>>>> 
>>>>>> After the yum updates were applied to each system, I noticed that the
>>>>>> results of 'ipa-server-upgrade' were quite different.  The 'ipa02'
>>>>>> system went through without errors (this was also the system I used
>> to
>>>>>> reinitialize the other when I had a replication issue recently).
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 'ipa01', I have following at the end of the 'ipaupgrade.log' file:
>>>>>> ----------
>>>>>> 2016-12-14T18:09:26Z ERROR IPA server upgrade failed: Inspect
>>>>>> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
>>>>>> 2016-12-14T18:09:26Z DEBUG   File
>>>>>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
>>>>>> in execute
>>>>>>    return_value = self.run()
>>>>>>  File "/usr/lib/python2.7/site-
>>> packages/ipaserver/install/ipa_server_upgrade.py",
>>>>>> line 46, in run
>>>>>>    server.upgrade()
>>>>>>  File "/usr/lib/python2.7/site-
>>> packages/ipaserver/install/server/upgrade.py",
>>>>>> line 1863, in upgrade
>>>>>>    upgrade_configuration()
>>>>>>  File "/usr/lib/python2.7/site-
>>> packages/ipaserver/install/server/upgrade.py",
>>>>>> line 1785, in upgrade_configuration
>>>>>>    ca_enable_ldap_profile_subsystem(ca)
>>>>>>  File "/usr/lib/python2.7/site-
>>> packages/ipaserver/install/server/upgrade.py",
>>>>>> line 336, in ca_enable_ldap_profile_subsystem
>>>>>>    cainstance.migrate_profiles_to_ldap()
>>>>>>  File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>>>>> line 1984, in migrate_profiles_to_ldap
>>>>>>    _create_dogtag_profile(profile_id, profile_data, overwrite=False)
>>>>>>  File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>>>>> line 1990, in _create_dogtag_profile
>>>>>>    with api.Backend.ra_certprofile as profile_api:
>>>>>>  File
>> "/usr/lib/python2.7/site-packages/ipaserver/plugins/dogtag.py",
>>>>>> line 2060, in __enter__
>>>>>>    raise errors.RemoteRetrieveError(reason=_('Failed to authenticate
>>>>>> to CA REST API'))
>>>>>> 
>>>>>> 2016-12-14T18:09:26Z DEBUG The ipa-server-upgrade command failed,
>>>>>> exception: RemoteRetrieveError: Failed to authenticate to CA REST API
>>>>>> 2016-12-14T18:09:26Z ERROR Unexpected error - see
>>>>>> /var/log/ipaupgrade.log for details:
>>>>>> RemoteRetrieveError: Failed to authenticate to CA REST API
>>>>>> 2016-12-14T18:09:26Z ERROR The ipa-server-upgrade command failed.
>>> See
>>>>>> /var/log/ipaupgrade.log for more information
>>>>>> ----------
>>>>>> 
>>>>>> 
>>>>>> In addition, when I go to the IPA web interface on the 'ipa01'
>> system,
>>>>>> I get the following when I try to view any of the certificates:
>>>>>> ----------
>>>>>> IPA Error 4301: CertificateOperationError
>>>>>> 
>>>>>> Certificate operation cannot be completed: EXCEPTION (Invalid
>>> Credential.)
>>>>>> ----------
>>>>>> 
>>>>>> 
>>>>>> I was wondering if there was a method for taking all the CA
>>>>>> details/tree/what have you from my 'ipa02' system and using it to
>>>>>> repopulate the 'ipa01'.   Since everything else seems to be working
>>>>>> correctly after a reinitialize on 'ipa01', I thought this would be
>> the
>>>>>> safest way, but I'm opening any solutions as I need to get this fixed
>>>>>> ASAP.
>>>>>> 
>>>>>> Please let me know any additional details that may help OR if there
>> is
>>>>>> a procedure that I could use to quickly and easily recreate 'ipa01'
>>>>>> WITH the certificate authority properly working on both.  I may need
>>>>>> some educate there.
>>>>>> 
>>>>>> 
>>>>>> Thanks!
>>>>>> 
>>>>>> -- Chris
>>>>> 
>>>> 
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>> 
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>> 
>>> 
> 



From christophe.trefois at uni.lu  Wed Jan  4 13:19:19 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Wed, 4 Jan 2017 13:19:19 +0000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
	<1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
Message-ID: <35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>

Hi Florence,

I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
Then i did ?resubmit? again and now the status is back to MONITORING, but the cookie error is back.

Any advice?

[root at lums3 ~]# getcert list -n ipaCert
Number of certificates and requests being tracked: 8.
Request ID '20161216025136':
	status: MONITORING
	ca-error: Invalid cookie: ''
	stuck: no
	key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
	certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
	CA: dogtag-ipa-ca-renew-agent
	issuer: CN=Certificate Authority,O=UNI.LU
	subject: CN=IPA RA,O=UNI.LU
	expires: 2018-12-16 03:13:48 UTC
	key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
	eku: id-kp-serverAuth,id-kp-clientAuth
	pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
	post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
	track: yes
	auto-renew: yes

-- 

Dr Christophe Trefois, Dipl.-Ing.  
Technical Specialist / Post-Doc

UNIVERSIT? DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine  
6, avenue du Swing 
L-4367 Belvaux  
T: +352 46 66 44 6124 
F: +352 46 66 44 6949  
http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
 <https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   <https://plus.google.com/+ChristopheTrefois/>   <https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call>
----
This message is confidential and may contain privileged information. 
It is intended for the named recipient only. 
If you receive it in error please notify me and permanently delete the original message and any copies. 
----

  

> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com> wrote:
> 
> getcert resubmit -i <id for ipaCert>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5d59004a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3509 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5d59004a/attachment.p7s>

From Dan.Finkelstein at high5games.com  Wed Jan  4 13:27:30 2017
From: Dan.Finkelstein at high5games.com (Dan.Finkelstein at high5games.com)
Date: Wed, 4 Jan 2017 13:27:30 +0000
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <a6505a1c-1a29-d6db-9187-d2a8051bf332@redhat.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
	<09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
	<a6505a1c-1a29-d6db-9187-d2a8051bf332@redhat.com>
Message-ID: <95AC7F6C-9150-405E-8459-78B1B0E4CE69@high5games.com>

Yes, along with two name-conflicted "duplicates":

[cid:image001.png at 01D26664.649DC670]


[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007

www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>

This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.

From: Martin Basti <mbasti at redhat.com>
Date: Wednesday, January 4, 2017 at 06:28
To: Dan Finkelstein <Dan.Finkelstein at high5games.com>, "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] LDAP replication conflicts, but no apparent data damage


Probably entries already exists
for example for ipaservers do you have following entry cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local  on the replica?

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/841b2380/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 37676 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/841b2380/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image002.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/841b2380/attachment.jpg>

From mbasti at redhat.com  Wed Jan  4 13:39:35 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 4 Jan 2017 14:39:35 +0100
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <95AC7F6C-9150-405E-8459-78B1B0E4CE69@high5games.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
	<09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
	<a6505a1c-1a29-d6db-9187-d2a8051bf332@redhat.com>
	<95AC7F6C-9150-405E-8459-78B1B0E4CE69@high5games.com>
Message-ID: <c2c93211-c18e-16f2-b670-7aac49e541ce@redhat.com>

Then you have to update cn=ipaservers entry with correct values and 
remove the others


On 04.01.2017 14:27, Dan.Finkelstein at high5games.com wrote:
>
> Yes, along with two name-conflicted "duplicates":
>
> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_| 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
> *From: *Martin Basti <mbasti at redhat.com>
> *Date: *Wednesday, January 4, 2017 at 06:28
> *To: *Dan Finkelstein <Dan.Finkelstein at high5games.com>, 
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
> apparent data damage
>
> Probably entries already exists
>
> for example foripaserversdo you have following entry 
> cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local  on the replica?
>
> Martin
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/156b140d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 37676 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/156b140d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/156b140d/attachment.jpe>

From rcritten at redhat.com  Wed Jan  4 13:44:29 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Wed, 4 Jan 2017 08:44:29 -0500
Subject: [Freeipa-users] Kerberos authentication failed: kinit: Included
 profile directory could not be read while initializing Kerberos 5 library
In-Reply-To: <7AAAC935-2110-4160-8275-E9BFD8B4F8D6@instinctualsoftware.com>
References: <A33B8E01-36CB-4DA4-A66D-7F4E08B401D7@instinctualsoftware.com>
	<f03686ac-5192-10e8-5cd5-f61af5accb44@redhat.com>
	<30192950-AE2A-4E18-8B7E-05A62E62EBD7@instinctualsoftware.com>
	<586C16CB.4030202@redhat.com>
	<C71CBDB0-E985-44DA-8F3B-D01DDD014103@instinctualsoftware.com>
	<75A314FC-94AC-4A60-8835-F47ED7C2FD7B@instinctualsoftware.com>
	<586C7B2B.5030601@redhat.com>
	<7AAAC935-2110-4160-8275-E9BFD8B4F8D6@instinctualsoftware.com>
Message-ID: <586CFC3D.1010300@redhat.com>

Alan Latteri wrote:
> Well on new installs of Cent 7.2, when I do `yum install ipa-client`, that is the version provided.
> Unfortunately, most of our systems have to be on Cent 7.2, not 7.3, and it is out of our control.

Either way it's a bug somewhere in ipa-client, it should require a
minimum version of krb5-libs which provides this file (or explicitly
check for existence of this directory). I opened a ticket on it,
https://fedorahosted.org/freeipa/ticket/6589

rob

> 
> Alan
> 
>> On Jan 3, 2017, at 8:33 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>
>> Alan Latteri wrote:
>>> Further investigation.
>>>
>>> On a clean install of CentOS 7.2 with IPA Client 4.4, /etc/krb5.conf.d/ is missing, and therefore initial setup will fail unless manual creation of /etc/krb5.conf.d/
>>> Maybe the install script for the client can be updated to check for and create?
>>
>> Is there a reason you're running 7.3 packages on a 7.2 system? I suspect
>> that is the problem. AFAIU in 7.3 this directory is provided by krb5-libs.
>>
>> Is there some feature you need in the 4.4 client installer on 7.2?
>>
>> rob
>>
>>>
>>> Thanks,
>>> Alan
>>>
>>>> On Jan 3, 2017, at 1:44 PM, Alan Latteri <alan at instinctualsoftware.com> wrote:
>>>>
>>>> Thanks Rob.
>>>>
>>>> /etc/krb5.conf.d/  was in fact missing from the client, which is still on CentOS 7.2 for reasons out of our control.
>>>> Other hosts that are CentOS 7.2 running IPA Client 4.2.0 also do not have the /etc/krb5.conf.d/ directory, but are running fine.  So maybe the 4.4 client requires that dir but is not making it on upgrade and the cause of the failure?
>>>>
>>>> Alan
>>>>
>>>>> On Jan 3, 2017, at 1:25 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>>>>
>>>>> Alan Latteri wrote:
>>>>>> Log is attached.
>>>>>
>>>>> Look and see if /etc/krb5.conf.d/ and
>>>>> /var/lib/sss/pubconf/krb5.include.d exist and are readable (and check
>>>>> for SELinux AVCs). I'm pretty sure this all runs as root so I doubt
>>>>> filesystem perms are an issue but who knows.
>>>>>
>>>>> You can also brute force things using strace -f to find out exactly what
>>>>> can't be read.
>>>>>
>>>>> rob
>>>>>
>>>>
>>>>
>>>> -- 
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>>
> 



From daniel at schimpfoessl.com  Wed Jan  4 14:38:37 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Wed, 4 Jan 2017 08:38:37 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
Message-ID: <CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>

Do you have a list of all log files involved in IPA?
Would be good to consolidate them into ELK for analysis.

2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:

> On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>
>> Thanks for your reply.
>>
>> This was the initial error I asked for help a while ago and did not get
>> resolved. Further digging showed the recent errors.
>> The service was running (using ipactl start --force) and only after a
>> restart I am getting a stack trace for two primary messages:
>>
>> Could not connect to LDAP server host wwgwho01.webwim.com
>> <http://wwgwho01.webwim.com> port 636 Error netscape.ldap.LDAPException:
>> Authentication failed (48)
>> ...
>>
>> Internal Database Error encountered: Could not connect to LDAP server
>> host wwgwho01.webwim.com <http://wwgwho01.webwim.com> port 636 Error
>> netscape.ldap.LDAPException: Authentication failed (48)
>> ...
>>
>> and finally:
>> [02/Jan/2017:12:20:34][localhost-startStop-1]: CMSEngine.shutdown()
>>
>>
>> 2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>> <mailto:flo at redhat.com>>:
>>
>>     systemctl start pki-tomcatd at pki-tomcat.service
>>
>>
>>
>> Hi Daniel,
>
> the next step would be to understand the root cause of this
> "Authentication failed (48)" error. Note the exact time of this log and
> look for a corresponding log in the LDAP server logs
> (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing BIND with
> err=48. This may help diagnose the issue (if we can see which certificate
> is used for the bind or if there is a specific error message).
>
> For the record, a successful bind over SSL would produce this type of log
> where we can see the certificate subject and the user mapped to this
> certificate:
> [...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
> 10.34.58.150
> [...] conn=47 TLS1.2 128-bit AES; client CN=CA Subsystem,O=DOMAIN.COM;
> issuer CN=Certificate Authority,O=DOMAIN.COM
> [...] conn=47 TLS1.2 client bound as uid=pkidbuser,ou=people,o=ipaca
> [...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
> [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
> dn="uid=pkidbuser,ou=people,o=ipaca"
>
> Flo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/bac76235/attachment.htm>

From tbordaz at redhat.com  Wed Jan  4 14:57:18 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Wed, 4 Jan 2017 15:57:18 +0100
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
	<09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
Message-ID: <586D0D4E.4040308@redhat.com>

Hello,

I fail to reproduce the problem with retroCL. The error means that the 
changelog index was back in the past. I have no clue how it happened. Do 
you know if it happened at the same time of the attempts to rename 
conflict entries ?

I reproduced failure to rename a conflict entry. This is a new bug.
The problem comes from the access to rdn attribute 'nsuniqueid' that the 
server prevents to update.
Curriously it looking there are two bugs, as the deleteoldrdn is not 
taken into consideration and access to the attribute is tested even if 
the deletion of the oldrdn is not requested.
I will open a ticket for it.


regards
thierry
On 01/03/2017 06:20 PM, Dan.Finkelstein at high5games.com wrote:
>
> Also, after attempting to rename one of the duplicated attributes, I 
> get this in the error logs:
>
> 03/Jan/2017:17:19:30.605440097 +0000] retrocl-plugin - retrocl_postob: 
> operation failure [68]
>
> [03/Jan/2017:17:19:32.056965127 +0000] DSRetroclPlugin - replog: an 
> error occured while adding change number 4799286, dn = 
> changenumber=4799286,cn=changelog: Already exists.
>
> [03/Jan/2017:17:19:32.058077520 +0000] retrocl-plugin - 
> retrocl_postob: operation failure [68]
>
> [03/Jan/2017:17:19:32.297145459 +0000] DSRetroclPlugin - replog: an 
> error occured while adding change number 4799286, dn = 
> changenumber=4799286,cn=changelog: Already exists.
>
> [03/Jan/2017:17:19:32.298205569 +0000] retrocl-plugin - 
> retrocl_postob: operation failure [68]
>
> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
> *From: *<freeipa-users-bounces at redhat.com> on behalf of Dan 
> Finkelstein <Dan.Finkelstein at high5games.com>
> *Date: *Tuesday, January 3, 2017 at 11:08
> *To: *"mbasti at redhat.com" <mbasti at redhat.com>, 
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
> apparent data damage
>
> I've read through that page before, just last week, but I confess it's 
> gone over my head. Could you give me an example of how to fix /one/ of 
> the conflicts below? I think when I see how it's done, I can do the rest.
>
> Thanks,
>
> Dan
>
> <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
> www.high5games.com <http://www.high5games.com/>
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
> Shake the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
> <https://twitter.com/High5Games>, YouTube 
> <http://www.youtube.com/High5Games>, Linkedin 
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
> //
>
> /This message and any attachments may contain confidential or 
> privileged information and are only for the use of the intended 
> recipient of this message. If you are not the intended recipient, 
> please notify the sender by return email, and delete or destroy this 
> and all copies of this message and all attachments. Any unauthorized 
> disclosure, use, distribution, or reproduction of this message or any 
> attachments is prohibited and may be unlawful./
>
> *From: *Martin Basti <mbasti at redhat.com>
> *Date: *Tuesday, January 3, 2017 at 09:07
> *To: *Dan Finkelstein <Dan.Finkelstein at high5games.com>, 
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
> apparent data damage
>
> Here is a directory server documentation about replication conflicts 
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
> I hope it will help
>
> Martin
>
> On 03.01.2017 14:20, Dan.Finkelstein at high5games.com 
> <mailto:Dan.Finkelstein at high5games.com> wrote:
>
>     I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have
>     been cleaning up various dangling replicas and other cruft, but
>     when I run the ipa consistency checker, it produces output that
>     LDAP has conflicts. I then run:
>
>     ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local"
>     "nsds5ReplConflict=*" \* nsds5ReplConflict
>
>     Which produces output as follows (which I don't know what to do
>     with, yet):
>
>     # extended LDIF
>
>     #
>
>     # LDAPv3
>
>     # base <dc=test,dc=local> with scope subtree
>
>     # filter: nsds5ReplConflict=*
>
>     # requesting: * nsds5ReplConflict
>
>     #
>
>     # ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups,
>     accounts, test.l
>
>     ocal
>
>     dn:
>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
>
>     ,cn=accounts,dc=test,dc=local
>
>     memberOf: cn=Replication
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Add Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Modify Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Remove Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=h5
>
>     c,dc=local
>
>     memberOf: cn=Modify PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     memberOf: cn=Read LDBM Database
>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>
>     =local
>
>     memberOf: cn=Add Configuration
>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
>     l
>
>     memberOf:
>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
>
>     n=alt,dc=test,dc=local
>
>     member:
>     fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
>     cal
>
>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: ipahostgroup
>
>     objectClass: ipaobject
>
>     objectClass: groupOfNames
>
>     objectClass: nestedGroup
>
>     objectClass: mepOriginEntry
>
>     description: IPA server hosts
>
>     cn: ipaservers
>
>     ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
>     5c,dc=local
>
>     # ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt,
>     test.local
>
>     dn:
>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
>
>     dc=test,dc=local
>
>     memberHost:
>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
>
>     stgroups,cn=accounts,dc=test,dc=local
>
>     objectClass: ipanisnetgroup
>
>     objectClass: ipaobject
>
>     objectClass: mepManagedEntry
>
>     objectClass: ipaAssociation
>
>     objectClass: top
>
>     nisDomainName: test.local
>
>     cn: ipaservers
>
>     description: ipaNetgroup ipaservers
>
>     mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
>     ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     # domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa,
>     etc, test.local
>
>     dn:
>     cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
>
>     a,cn=etc,dc=test,dc=local
>
>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>     internalModifiersName in
>
>     ternalModifyTimestamp
>
>     ipaReplTopoConfRoot: dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>     entryusn krblasts
>
>     uccessfulauth krblastfailedauth krbloginfailedcount
>
>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>     idnssoaserial
>
>       entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
>     cn: domain
>
>     nsds5ReplConflict: namingConflict
>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
>
>     dn:
>     cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
>
>     dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: locations
>
>     nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Add IPA Locations";allow (add) groupdn =
>     "ldap:///cn=System <ldap://cn=System>: Ad
>
>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "description")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Modify IPA
>     Locations";allow (write)
>
>       groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>     Locations,cn=permissions,cn=pbac,dc
>
>     =test,dc=local";)
>
>     aci: (targetattr = "createtimestamp || description || entryusn ||
>     idnsname ||
>
>      modifytimestamp || objectclass")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Read IPA
>     Locations";allow (compare,
>
>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>: Read
>     IPA Locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>     "ldap:///cn=Syst <ldap://cn=Syst>
>
>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     # cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
>
>     dn:
>     cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
>
>     l
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: cas
>
>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>
>     pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Delete CA,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || description")(targetfilter =
>     "(objectclass=ipaca)")(
>
>     version 3.0;acl "permission:System: Modify CA";allow (write)
>     groupdn = "ldap:
>
>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || createtimestamp || description ||
>     entryusn || ipacai
>
>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>     objectclass")(targ
>
>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System: Read CA
>
>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>
>     # custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
>
>     dn:
>     cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
>
>     c=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: custodia
>
>     nsds5ReplConflict: namingConflict
>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
>     # dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia +
>     9865b2e2-c9a411e6-a9
>
>     37f721-75eb0f97, ipa, etc, test.local
>
>     dn:
>     cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
>
>     queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: dogtag
>
>     nsds5ReplConflict: namingConflict
>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc,
>     test.local
>
>     dn:
>     cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
>
>     =etc,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     cn: ca
>
>     ipaReplTopoConfRoot: o=ipaca
>
>     nsds5ReplConflict: namingConflict
>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
>     cal
>
>     # System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, test.
>
>     local
>
>     dn: cn=System: Add
>     CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add
>     ca,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     # System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Delete
>     CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Delete CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: delete
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Modify
>     CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97,
>     permissions, pbac, h5
>
>     c.local
>
>     dn: cn=System: Read
>     CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: all
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read CAs
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: ipacaissuerdn
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipacasubjectdn
>
>     ipaPermDefaultAttr: ipacaid
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read
>     cas,cn=permissions,cn=pbac,d
>
>     c=test,dc=local
>
>     # System: Modify DNS Servers Configuration +
>     9865b2fe-c9a411e6-a937f721-75eb0f9
>
>     7, permissions, pbac, test.local
>
>     dn: cn=System: Modify DNS Servers
>     Configuration+nsuniqueid=9865b2fe-c9a411e6-a
>
>     937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>     configuration,
>
>     cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read DNS Servers Configuration +
>     9865b302-c9a411e6-a937f721-75eb0f97,
>
>     permissions, pbac, test.local
>
>     dn: cn=System: Read DNS Servers
>     Configuration+nsuniqueid=9865b302-c9a411e6-a93
>
>     7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermDefaultAttr: idnsserverid
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>     configuration,cn
>
>     =permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Host Principals +
>     9865b329-c9a411e6-a937f721-75eb0f97, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage Host
>     Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
>
>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipahost)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Host Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage host
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97,
>     permissions,
>
>       pbac, test.local
>
>     dn: cn=System: Add IPA
>     Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
>
>     7,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add ipa
>     locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local
>
>     # System: Modify IPA Locations +
>     9865b343-c9a411e6-a937f721-75eb0f97, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Modify IPA
>     Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
>
>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read IPA Locations +
>     9865b347-c9a411e6-a937f721-75eb0f97, permissions
>
>     , pbac, test.local
>
>     dn: cn=System: Read IPA
>     Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
>
>     97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: idnsname
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read ipa
>     locations,cn=permissions
>
>     ,cn=pbac,dc=test,dc=local
>
>     # System: Remove IPA Locations +
>     9865b34b-c9a411e6-a937f721-75eb0f97, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Remove IPA
>     Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
>
>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Remove IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read Locations of IPA Servers +
>     9865b34f-c9a411e6-a937f721-75eb0f97,
>
>      permissions, pbac, test.local
>
>     dn: cn=System: Read Locations of IPA
>     Servers+nsuniqueid=9865b34f-c9a411e6-a937
>
>     f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Locations of IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaserviceweight
>
>     ipaPermDefaultAttr: ipalocation
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read locations of ipa
>     servers,cn=
>
>     permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read Status of Services on IPA Servers +
>     9865b353-c9a411e6-a937f721-7
>
>     5eb0f97, permissions, pbac, test.local
>
>     dn: cn=System: Read Status of Services on IPA
>     Servers+nsuniqueid=9865b353-c9a4
>
>     11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Status of Services on IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaconfigstring
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read status of
>     services on ipa se
>
>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Service Principals +
>     9865b357-c9a411e6-a937f721-75eb0f97, perm
>
>     issions, pbac, test.local
>
>     dn: cn=System: Manage Service
>     Principals+nsuniqueid=9865b357-c9a411e6-a937f721
>
>     -75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaservice)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Service Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Service
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage service
>     principals,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     # System: Manage User Principals +
>     9865b364-c9a411e6-a937f721-75eb0f97, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage User
>     Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
>
>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=posixaccount)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage User Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Modify Users and Reset
>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage user
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
>
>     dn:
>     cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
>
>     =local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: servers
>
>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
>     # ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas +
>     9865b2b1-c9a411e6-a937f721-7
>
>     5eb0f97, ca, test.local
>
>     dn:
>     cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
>
>     65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
>
>     description: IPA CA
>
>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     objectClass: top
>
>     objectClass: ipaca
>
>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
>     cn: ipa
>
>     nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
>     # ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups,
>     accounts, test.l
>
>     ocal
>
>     dn:
>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
>
>     ,cn=accounts,dc=test,dc=local
>
>     memberOf: cn=Replication
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Add Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Modify Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Remove Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=h5
>
>     c,dc=local
>
>     memberOf: cn=Modify PassSync Managers
>     Configuration,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     memberOf: cn=Read LDBM Database
>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>
>     =local
>
>     memberOf: cn=Add Configuration
>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>
>     memberOf: cn=Read Replication
>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>
>     l
>
>     memberOf:
>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
>
>     n=alt,dc=test,dc=local
>
>     member:
>     fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>
>     cal
>
>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: ipahostgroup
>
>     objectClass: ipaobject
>
>     objectClass: groupOfNames
>
>     objectClass: nestedGroup
>
>     objectClass: mepOriginEntry
>
>     description: IPA server hosts
>
>     cn: ipaservers
>
>     ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>
>     5c,dc=local
>
>     # ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt,
>     test.local
>
>     dn:
>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
>
>     dc=test,dc=local
>
>     memberHost:
>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
>
>     stgroups,cn=accounts,dc=test,dc=local
>
>     objectClass: ipanisnetgroup
>
>     objectClass: ipaobject
>
>     objectClass: mepManagedEntry
>
>     objectClass: ipaAssociation
>
>     objectClass: top
>
>     nisDomainName: test.local
>
>     cn: ipaservers
>
>     description: ipaNetgroup ipaservers
>
>     mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>
>     ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
>
>     nsds5ReplConflict: namingConflict
>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>
>     # domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa,
>     etc, test.local
>
>     dn:
>     cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
>
>     a,cn=etc,dc=test,dc=local
>
>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>     internalModifiersName in
>
>     ternalModifyTimestamp
>
>     ipaReplTopoConfRoot: dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>     entryusn krblasts
>
>     uccessfulauth krblastfailedauth krbloginfailedcount
>
>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>     idnssoaserial
>
>       entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>
>     cn: domain
>
>     nsds5ReplConflict: namingConflict
>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
>
>     dn:
>     cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
>
>     dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: locations
>
>     nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Add IPA Locations";allow (add) groupdn =
>     "ldap:///cn=System <ldap://cn=System>: Ad
>
>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "description")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Modify IPA
>     Locations";allow (write)
>
>       groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>     Locations,cn=permissions,cn=pbac,dc
>
>     =test,dc=local";)
>
>     aci: (targetattr = "createtimestamp || description || entryusn ||
>     idnsname ||
>
>      modifytimestamp || objectclass")(targetfilter =
>     "(objectclass=ipaLocationObje
>
>     ct)")(version 3.0;acl "permission:System: Read IPA
>     Locations";allow (compare,
>
>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>: Read
>     IPA Locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>     3.0;acl "permi
>
>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>     "ldap:///cn=Syst <ldap://cn=Syst>
>
>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     # cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
>
>     dn:
>     cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
>
>     l
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: cas
>
>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>
>     pbac,dc=test,dc=local";)
>
>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System
>
>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>     <ldap://cn=System>: Delete CA,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || description")(targetfilter =
>     "(objectclass=ipaca)")(
>
>     version 3.0;acl "permission:System: Modify CA";allow (write)
>     groupdn = "ldap:
>
>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>
>     aci: (targetattr = "cn || createtimestamp || description ||
>     entryusn || ipacai
>
>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>     objectclass")(targ
>
>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>     "permission:System: Read CA
>
>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>
>     # custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
>
>     dn:
>     cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
>
>     c=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: custodia
>
>     nsds5ReplConflict: namingConflict
>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>
>     # dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia +
>     6f47223b-c9a811e6-94
>
>     3e8d1c-0faa636d, ipa, etc, test.local
>
>     dn:
>     cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
>
>     queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: dogtag
>
>     nsds5ReplConflict: namingConflict
>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>
>     c=local
>
>     # ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc,
>     test.local
>
>     dn:
>     cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
>
>     =etc,dc=test,dc=local
>
>     objectClass: top
>
>     objectClass: iparepltopoconf
>
>     cn: ca
>
>     ipaReplTopoConfRoot: o=ipaca
>
>     nsds5ReplConflict: namingConflict
>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>
>     cal
>
>     # System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, test.
>
>     local
>
>     dn: cn=System: Add
>     CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
>
>     sions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add
>     ca,cn=permissions,cn=pbac,dc=
>
>     test,dc=local
>
>     # System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Delete
>     CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Delete CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: delete
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h
>
>     5c.local
>
>     dn: cn=System: Modify
>     CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
>
>     missions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify CA
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify
>     ca,cn=permissions,cn=pbac,
>
>     dc=test,dc=local
>
>     # System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d,
>     permissions, pbac, h5
>
>     c.local
>
>     dn: cn=System: Read
>     CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaca)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: all
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read CAs
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: ipacaissuerdn
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipacasubjectdn
>
>     ipaPermDefaultAttr: ipacaid
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read
>     cas,cn=permissions,cn=pbac,d
>
>     c=test,dc=local
>
>     # System: Modify DNS Servers Configuration +
>     6f472257-c9a811e6-943e8d1c-0faa636
>
>     d, permissions, pbac, test.local
>
>     dn: cn=System: Modify DNS Servers
>     Configuration+nsuniqueid=6f472257-c9a811e6-9
>
>     43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>     configuration,
>
>     cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read DNS Servers Configuration +
>     6f47225b-c9a811e6-943e8d1c-0faa636d,
>
>     permissions, pbac, test.local
>
>     dn: cn=System: Read DNS Servers
>     Configuration+nsuniqueid=6f47225b-c9a811e6-943
>
>     e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read DNS Servers Configuration
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: idnsforwardpolicy
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: idnsforwarders
>
>     ipaPermDefaultAttr: idnsserverid
>
>     ipaPermDefaultAttr: idnssubstitutionvariable
>
>     ipaPermDefaultAttr: idnssoamname
>
>     ipaPermLocation: dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>     configuration,cn
>
>     =permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Host Principals +
>     6f472282-c9a811e6-943e8d1c-0faa636d, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage Host
>     Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
>
>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipahost)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Host Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage host
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d,
>     permissions,
>
>       pbac, test.local
>
>     dn: cn=System: Add IPA
>     Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
>
>     d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: add
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Add IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: add ipa
>     locations,cn=permissions,
>
>     cn=pbac,dc=test,dc=local
>
>     # System: Modify IPA Locations +
>     6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Modify IPA
>     Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
>
>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Modify IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: description
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read IPA Locations +
>     6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
>
>     , pbac, test.local
>
>     dn: cn=System: Read IPA
>     Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
>
>     6d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: description
>
>     ipaPermDefaultAttr: idnsname
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read ipa
>     locations,cn=permissions
>
>     ,cn=pbac,dc=test,dc=local
>
>     # System: Remove IPA Locations +
>     6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
>
>     ns, pbac, test.local
>
>     dn: cn=System: Remove IPA
>     Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
>
>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>
>     ipaPermRight: delete
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Remove IPA Locations
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>     locations,cn=permissio
>
>     ns,cn=pbac,dc=test,dc=local
>
>     # System: Read Locations of IPA Servers +
>     6f4722a8-c9a811e6-943e8d1c-0faa636d,
>
>      permissions, pbac, test.local
>
>     dn: cn=System: Read Locations of IPA
>     Servers+nsuniqueid=6f4722a8-c9a811e6-943e
>
>     8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Locations of IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaserviceweight
>
>     ipaPermDefaultAttr: ipalocation
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read locations of ipa
>     servers,cn=
>
>     permissions,cn=pbac,dc=test,dc=local
>
>     # System: Read Status of Services on IPA Servers +
>     6f4722ac-c9a811e6-943e8d1c-0
>
>     faa636d, permissions, pbac, test.local
>
>     dn: cn=System: Read Status of Services on IPA
>     Servers+nsuniqueid=6f4722ac-c9a8
>
>     11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>
>     ipaPermRight: read
>
>     ipaPermRight: compare
>
>     ipaPermRight: search
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Read Status of Services on IPA Servers
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: objectclass
>
>     ipaPermDefaultAttr: ipaconfigstring
>
>     ipaPermDefaultAttr: cn
>
>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: read status of
>     services on ipa se
>
>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>
>     # System: Manage Service Principals +
>     6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
>
>     issions, pbac, test.local
>
>     dn: cn=System: Manage Service
>     Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
>
>     -0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=ipaservice)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage Service Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=Service
>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage service
>     principals,cn=perm
>
>     issions,cn=pbac,dc=test,dc=local
>
>     # System: Manage User Principals +
>     6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
>
>     ions, pbac, test.local
>
>     dn: cn=System: Manage User
>     Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
>
>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>
>     ipaPermTargetFilter: (objectclass=posixaccount)
>
>     ipaPermRight: write
>
>     ipaPermBindRuleType: permission
>
>     ipaPermissionType: V2
>
>     ipaPermissionType: MANAGED
>
>     ipaPermissionType: SYSTEM
>
>     cn: System: Manage User Principals
>
>     objectClass: ipapermission
>
>     objectClass: top
>
>     objectClass: groupofnames
>
>     objectClass: ipapermissionv2
>
>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>
>     member: cn=Modify Users and Reset
>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>
>     cal
>
>     ipaPermDefaultAttr: krbprincipalname
>
>     ipaPermDefaultAttr: krbcanonicalname
>
>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>
>     nsds5ReplConflict: namingConflict cn=system: manage user
>     principals,cn=permiss
>
>     ions,cn=pbac,dc=test,dc=local
>
>     # servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
>
>     dn:
>     cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
>
>     =local
>
>     objectClass: nsContainer
>
>     objectClass: top
>
>     cn: servers
>
>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>
>     # ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas +
>     6f47220a-c9a811e6-943e8d1c-0
>
>     faa636d, ca, test.local
>
>     dn:
>     cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
>
>     47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
>
>     description: IPA CA
>
>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     objectClass: top
>
>     objectClass: ipaca
>
>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>
>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>
>     cn: ipa
>
>     nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>
>     # search result
>
>     search: 2
>
>     result: 0 Success
>
>     # numResponses: 51
>
>     # numEntries: 50
>
>     <http://www.high5games.com/>
>
>     *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
>     _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ |
>     212.604.3447
>
>     One World Trade Center, New York, NY 10007
>
>     www.high5games.com <http://www.high5games.com/>
>
>     Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and
>     Shake the Sky <https://apps.facebook.com/shakethesky/>
>
>     Follow us on: Facebook <http://www.facebook.com/high5games>,
>     Twitter <https://twitter.com/High5Games>, YouTube
>     <http://www.youtube.com/High5Games>, Linkedin
>     <http://www.linkedin.com/company/1072533?trk=tyah>
>
>     //
>
>     /This message and any attachments may contain confidential or
>     privileged information and are only for the use of the intended
>     recipient of this message. If you are not the intended recipient,
>     please notify the sender by return email, and delete or destroy
>     this and all copies of this message and all attachments. Any
>     unauthorized disclosure, use, distribution, or reproduction of
>     this message or any attachments is prohibited and may be unlawful./
>
>
>
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/e5673f23/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/e5673f23/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4335 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/e5673f23/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4336 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/e5673f23/attachment-0002.jpe>

From jan.karasek at elostech.cz  Wed Jan  4 15:19:04 2017
From: jan.karasek at elostech.cz (Jan =?utf-8?Q?Kar=C3=A1sek?=)
Date: Wed, 4 Jan 2017 16:19:04 +0100 (CET)
Subject: [Freeipa-users] Unable to resolve AD users from IPA clients
In-Reply-To: <mailman.18154.1483529333.4108.freeipa-users@redhat.com>
References: <mailman.18154.1483529333.4108.freeipa-users@redhat.com>
Message-ID: <1261853511.668.1483543144236.JavaMail.zimbra@elostech.cz>

Hi, 
thank you for help. 

I have tried to add 

subdomain_inherit = ignore_group_members 
ignore_group_members = True 

into sssd.conf on server but problem still persists. 

>By the way, did you install 7.3 cleanly or did you upgrade? 
It has been upgraded. 

>D id you ever removed the cache post-upgrade on the server? 
Yes I did it couple of times both on server and client 

I find out that when client return value from id it differ from id output on server: 

Client: 
id tst99655 at example.com 
uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix) 

Server: 
uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix),930000008(final_test_group) 
root at tidmipa01:~# 

Csunix group is in AD, final_test_group is group from IPA server. There is no 930000008(final_test_group) in output from client. 

This is log from client when the sss_cache is empty - no response: 

==> sssd_nss.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected! 
... 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f864e2a6880:1:tst99655 at example.com@example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [example.com][0x1][BE_REQ_USER][1][name=tst99655 at example.com:-] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f864e2a6880:1:tst99655 at example.com@example.com] 

==> sssd_vs.example.com.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=tst99655 at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): DP Request [Account #6]: New request. Flags [0x0001]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=tst99655))][cn=Default Trust View,cn=views,cn=accounts,dc=vs,dc=example,dc=cz]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_done] (0x0400): DP Request [Account #6]: Request handler finished [0]: Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [_dp_req_recv] (0x0400): DP Request [Account #6]: Receiving request data. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #6]: Finished. Success. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #6]: Returning [Success]: 0,0,Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::example.com:name=tst99655 at example.com] from reply table 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): DP Request [Account #6]: Request removed. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 

==> sssd_nss.log <== 
... 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f864e2a6880:1:tst99655 at example.com:U at vs.example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [vs.example.com][0x1][BE_REQ_USER][1][name=tst99655 at example.com:U] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f864e2a6880:1:tst99655 at example.com:U at vs.example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f864e2a6880:1:tst99655 at example.com@example.com] 

==> sssd_vs.example.com.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=tst99655 at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): DP Request [Account #7]: New request. Flags [0x0001]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_search_user_next_base] (0x0400): Searching for users with base [cn=accounts,dc=vs,dc=example,dc=cz] 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(|(krbPrincipalName=tst99655 at example.com)(mail=tst99655 at example.com)(krbPrincipalName=tst99655\\@example.com at VS.EXAMPLE.COM))(objectclass=posixAccount)(uid=*)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=vs,dc=example,dc=cz]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid] 
... 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_search_user_process] (0x0400): Search for users, returned 0 results. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sdap_get_users_done] (0x0040): Failed to retrieve users [2][No such file or directory]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sysdb_search_by_name] (0x0400): No such entry 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory) 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [tst99655 at example.com] found. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_id_get_account_info_orig_done] (0x0080): Object not found, ending request 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_done] (0x0400): DP Request [Account #7]: Request handler finished [0]: Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [_dp_req_recv] (0x0400): DP Request [Account #7]: Receiving request data. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #7]: Finished. Success. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #7]: Returning [Success]: 0,0,Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1:U:vs.example.com:name=tst99655 at example.com] from reply table 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): DP Request [Account #7]: Request removed. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 

==> sssd_nss.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7f864e2a6880:1:tst99655 at example.com:U at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [example.com][0x1][BE_REQ_USER][1][name=tst99655 at example.com:U] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7f864e2a6880:1:tst99655 at example.com:U at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f864e2a6880:1:tst99655 at example.com:U at vs.example.com] 

==> sssd_v.example.com.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=tst99655 at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): DP Request [Account #8]: New request. Flags [0x0001]. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_done] (0x0400): DP Request [Account #8]: Request handler finished [0]: Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [_dp_req_recv] (0x0400): DP Request [Account #8]: Receiving request data. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #8]: Finished. Success. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #8]: Returning [Success]: 0,0,Success 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1:U:example.com:name=tst99655 at example.com] from reply table 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): DP Request [Account #8]: Request removed. 
(Wed Jan 4 15:21:22 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 
==> sssd_nss.log <== 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst99655 at example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sysdb_search_user_by_upn] (0x0400): No entry with upn [tst99655 at example.com] found. 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/cen.example.com/@tst99655 at example.com] to negative cache 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): User [tst99655 at example.com] does not exist in [cen.example.com]! (negative cache) 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0080): No matching domain found for [tst99655 at example.com], fail! 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7f864e2a6880:1:tst99655 at example.com:U at cen.example.com] 
(Wed Jan 4 15:21:22 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected! 


This is log from client after: 
getent group csunix at cen.example.com 
id tst99655 at example.com 
uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix) 

==> sssd_nss.log <== 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fe107283880:1:tst99655 at example.com@example.com] 

==> sssd_vs.example.com.log <== 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=tst99655 at example.com] 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): DP Request [Account #9]: New request. Flags [0x0001]. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_attach_req] (0x0400): Number of active DP request: 1 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=tst99655))][cn=Default Trust View,cn=views,cn=accounts,dc=vs,dc=example,dc=cz]. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_send] (0x0400): Executing extended operation 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: No such object(32), (null). 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_req_done] (0x0400): DP Request [Account #9]: Request handler finished [0]: Success 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [_dp_req_recv] (0x0400): DP Request [Account #9]: Receiving request data. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #9]: Finished. Success. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_req_reply_std] (0x1000): DP Request [Account #9]: Returning [Success]: 0,0,Success 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::example.com:name=tst99655 at example.com] from reply table 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): DP Request [Account #9]: Request removed. 
(Wed Jan 4 16:00:29 2017) [sssd[be[vs.example.com]]] [dp_req_destructor] (0x0400): Number of active DP request: 0 

==> sssd_nss.log <== 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst99655 at example.com] 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [sss_ncache_set_str] (0x0400): Adding [NCE/USER/example.com/tst99655 at example.com] to negative cache 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [tst99655 at example.com] 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values. 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning.. 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400): Returning info for user [tst99655 at example.com] 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fe107283880:1:tst99655 at example.com@example.com] 
(Wed Jan 4 16:00:29 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected! 

looks like user's information are already in cache ... But why it can not be resolved without running getent group csunix first ? 
Sorry for long post. 

Jan 


---- 
> Hi, 
> 
> I have trouble with resolving AD users from my IPA clients. 
> 
> Environment: 2x IPA server with trust into AD - both IPA servers and clients running latest rhel 7.3. 
> 
> IPA domain: vs.example.com 
> AD domain: example.com, cen.example.com 
> 
> All tstxxxxx users are in cen.example.com but their UPN is set to tstxxxxx at example.com 
> 
> I can run id and getent passwd commands without problem from both IPA servers: 
> 
> id tst99655 at example.com 
> uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix),930000008(final_test_group) 
> 
> getent tst99655 at example.com 
> tst99655 at cen.example.com:*:20018:5001:ipa_test:/home/cen.example.com/tst99655:/bin/bash 
> 
> But from client: 
> 
> root at trh7clnt02:~# id tst99655 at example.com 
> id: tst99655 at example.com: no such user 
> root at trh7clnt02:~#getent passwd tst99655 at example.com 
> ... no reply 
> 
> 
> But when I run on client: 
> getent group csunix at cen.example.com - it takes more then 30s 
> csunix at cen.example.com:*:5001: .... and really long list of users 
> 
> Then again from client: 
> 
> root at trh7clnt02:~# id tst99655 at example.com 
> uid=20018(tst99655 at cen.example.com) gid=5001(csunix) groups=5001(csunix) 
> 
> root at trh7clnt02:~# getent passwd tst99655 at example.com 
> tst99655 at cen.example.com:*:20018:5001:ipatest:/home/cen.example.com/tst99655:/bin/bash 
> 
> This time it works and it keeps working until I clean the sssd cache on client. Then I have to run that getent group csunix command again. 
> 
> I would say it is some timeout issue with enumerating csunix group. I have tried to fix it by adding: 
> 
> ldap_search_timeout = 50 

> I don't think this would be related to the searches timing out but 
> probably parsing and storing the entries on the server and the client. 

> Could you try adding this on the server side's sssd.conf? 

> [domain/domname] 
> subdomain_inherit = ignore_group_members 
> ignore_group_members = True 

> By the way, did you install 7.3 cleanly or did you upgrade? And if you 
> upgraded, did you ever removed the cache post-upgrade on the server? 

> There's been some improvements related to performance in 7.3 and even 
> more are coming in 7.4. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/a4ad2d19/attachment.htm>

From taraksinha09 at gmail.com  Wed Jan  4 15:37:42 2017
From: taraksinha09 at gmail.com (tarak sinha)
Date: Wed, 4 Jan 2017 21:07:42 +0530
Subject: [Freeipa-users] Fwd: Unspecified GSS failure. Minor code may
 provide more information KDC has no support for encryption type
In-Reply-To: <CACg_jARnQLAtvKXEsKyxxmUSW7V8ExYwdUAyJ86UDCeppnh1zA@mail.gmail.com>
References: <CACg_jAS0aCFRBK4gd91LDD-Nd8F8cYtrV8_SNMOih9YVtzZVVQ@mail.gmail.com>
	<20170104105819.GC32220@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<CACg_jAT9f9xrron9MWpA5Z=poXk3NT8T6PJc5a3S8GLcn9fxjg@mail.gmail.com>
	<20170104145809.GF32220@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<CACg_jATuAq_P-MLX2jJ1dvfy83X4ePeVjQAvV-MrknaD0KxfXw@mail.gmail.com>
	<CACg_jARnQLAtvKXEsKyxxmUSW7V8ExYwdUAyJ86UDCeppnh1zA@mail.gmail.com>
Message-ID: <CACg_jARzRO4XDqXBJOhvuE04KaDzi39gwsnz4ti41B6dr0xqog@mail.gmail.com>

Hi Team,

My other node's are working fine. It's not asking any password. Please let
me know to fix this issue. thanks to reach out me
Here it is output from working node:---

debug1: Authentications that can continue: publickey,gssapi-with-mic,
password
debug1: Next authentication method: gssapi-with-mic
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Authentication succeeded (gssapi-with-mic).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Wed Jan  4 07:31:27 2017 from 10.229.67.109

###########################

logs from failure node while do ssh

ebug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
KDC has no support for encryption type

debug1: Unspecified GSS failure.  Minor code may provide more information
KDC has no support for encryption type

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Authentications that can continue: publickey,gssapi-with-mic,
password
debug1: Next authentication method: publickey
debug1: Offering public key: /uhome/tsinha/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,
password
debug1: Trying private key: /uhome/tsinha/.ssh/id_dsa
debug1: Trying private key: /uhome/tsinha/.ssh/id_ecdsa
debug1: Next authentication method: password


@@@@@@@@@@@@@@@


Thanks,

Tarak


On Wed, Jan 4, 2017 at 8:35 PM, tarak sinha <taraksinha09 at gmail.com> wrote:

> It showing below encryption type..
>
> Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS
> mode with 96-bit SHA-1 HMAC
>
> On Wed, Jan 4, 2017 at 8:28 PM, Sumit Bose <sbose at redhat.com> wrote:
>
>> On Wed, Jan 04, 2017 at 08:01:54PM +0530, tarak sinha wrote:
>> > Hi Sumit.
>> >
>> > I am getting this error on host .
>>
>> In which log file do you see the message? Can you send the full message
>> and a bit of context from the log file?
>>
>> What encryption types does 'klist -k -e' show for the host key on the
>> host?  What encryption types does 'klist -e' show on the client after
>> calling ssh?
>>
>> bye,
>> Sumit
>>
>> >
>> > Thanks
>> >
>> > On Wed, Jan 4, 2017 at 4:28 PM, Sumit Bose <sbose at redhat.com> wrote:
>> >
>> > > On Mon, Jan 02, 2017 at 11:03:36PM +0530, tarak sinha wrote:
>> > > > Hi Team,
>> > > >
>> > > > I am getting below error while trying to ssh my host without
>> password.
>> > > >
>> > > > Unspecified GSS failure. Minor code may provide more information
>> KDC has
>> > > no
>> > > > support for encryption type
>> > >
>> > > Where do you see this error, on the client where you call ssh or in
>> the
>> > > logs on the host you try to log in to? Are you using IPA user or do
>> you
>> > > use trust and AD users from a trusted domain?
>> > >
>> > > Do you see any related messages in the KDC logs?
>> > >
>> > > bye,
>> > > Sumit
>> > >
>> > > >
>> > > > Thanks in advance
>> > > >
>> > > > *Thanks,*
>> > > >
>> > > > *Tarak Nath Sinha*
>> > >
>> > > > --
>> > > > Manage your subscription for the Freeipa-users mailing list:
>> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > > > Go to http://freeipa.org for more info on the project
>> > >
>> > > --
>> > > Manage your subscription for the Freeipa-users mailing list:
>> > > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > > Go to http://freeipa.org for more info on the project
>> > >
>> >
>> >
>> >
>> > --
>> >
>> > *Thanks,*
>> >
>> > *Tarak Nath Sinha*
>> >
>> > *Mobile: **+91 8197522750*
>>
>
>
>
> --
>
> *Thanks,*
>
> *Tarak Nath Sinha*
>
> *Mobile: **+91 8197522750*
>



-- 

*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*



-- 

*Thanks,*

*Tarak Nath Sinha*

*Mobile: **+91 8197522750*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/07e863bc/attachment.htm>

From janorel at gmail.com  Wed Jan  4 15:46:17 2017
From: janorel at gmail.com (Jan Orel)
Date: Wed, 4 Jan 2017 16:46:17 +0100
Subject: [Freeipa-users] CA crt renew -- encoding mismatch
Message-ID: <CAKZDQWKzoOqYkPcTK1G6TF7-PWVoRJX0vOKvSUADRJJ8aQb1QA@mail.gmail.com>

Hello,

recently we renewed our CA crt. Later we noticed the new CA certificate
uses different encoding in Issuer and Subject:

subject=
    organizationName          = UTF8STRING:INTGDC.COM
    commonName                = UTF8STRING:Certificate Authority
issuer=
    organizationName          = PRINTABLESTRING:INTGDC.COM
    commonName                = PRINTABLESTRING:Certificate Authority

The former CA certificate is PRINTABLESTRING in both fields, as well as all
the older certs.

Since the renewal we have issues with trusting newly issued certificates,
which also have different encoding in subject and issuer.

What should be the default (correct) encoding for the certificates?

According to the: http://www.freeipa.org/page/Troubleshooting seems it
should be UTF8

but from the certmonger:
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=e6ecd5d8df3413a9717c57ee7fb8702ece23afd6

seems PRINTABLESTRING is used.

How to fix? Do we need to re-new the CA certificate once again?

Thank you
Jan Orel

We run:
ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
certmonger-0.78.4-1.el7.x86_64
nuxwdog-1.0.3-4.el7_2.x86_64
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/5e48f41f/attachment.htm>

From tbordaz at redhat.com  Wed Jan  4 16:02:40 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Wed, 4 Jan 2017 17:02:40 +0100
Subject: [Freeipa-users] LDAP replication conflicts,
 but no apparent data damage
In-Reply-To: <586D0D4E.4040308@redhat.com>
References: <145020D6-0409-4651-9C76-B6F31EB62753@high5games.com>
	<11390f0d-5d31-21af-dea3-54f189ae2e7c@redhat.com>
	<E685425B-A87E-4F54-93C7-C6131A80EEA6@high5games.com>
	<09E0FF83-D51C-46B8-93C9-B13B5B13E61D@high5games.com>
	<586D0D4E.4040308@redhat.com>
Message-ID: <586D1CA0.6030200@redhat.com>



On 01/04/2017 03:57 PM, thierry bordaz wrote:
> Hello,
>
> I fail to reproduce the problem with retroCL. The error means that the 
> changelog index was back in the past. I have no clue how it happened. 
> Do you know if it happened at the same time of the attempts to rename 
> conflict entries ?
>
> I reproduced failure to rename a conflict entry. This is a new bug.
> The problem comes from the access to rdn attribute 'nsuniqueid' that 
> the server prevents to update.
> Curriously it looking there are two bugs, as the deleteoldrdn is not 
> taken into consideration and access to the attribute is tested even if 
> the deletion of the oldrdn is not requested.
> I will open a ticket for it.
Hummm ... typo in my tests. the deleteoldrdn is correctly handled and as 
long as you do not attempt to delete the oldrdn, the rename of a 
conflict entry will succeed.
>
>
> regards
> thierry
> On 01/03/2017 06:20 PM, Dan.Finkelstein at high5games.com wrote:
>>
>> Also, after attempting to rename one of the duplicated attributes, I 
>> get this in the error logs:
>>
>> 03/Jan/2017:17:19:30.605440097 +0000] retrocl-plugin - 
>> retrocl_postob: operation failure [68]
>>
>> [03/Jan/2017:17:19:32.056965127 +0000] DSRetroclPlugin - replog: an 
>> error occured while adding change number 4799286, dn = 
>> changenumber=4799286,cn=changelog: Already exists.
>>
>> [03/Jan/2017:17:19:32.058077520 +0000] retrocl-plugin - 
>> retrocl_postob: operation failure [68]
>>
>> [03/Jan/2017:17:19:32.297145459 +0000] DSRetroclPlugin - replog: an 
>> error occured while adding change number 4799286, dn = 
>> changenumber=4799286,cn=changelog: Already exists.
>>
>> [03/Jan/2017:17:19:32.298205569 +0000] retrocl-plugin - 
>> retrocl_postob: operation failure [68]
>>
>> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>>
>> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>>
>> One World Trade Center, New York, NY 10007
>>
>> www.high5games.com <http://www.high5games.com/>
>>
>> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
>> Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
>> <https://twitter.com/High5Games>, YouTube 
>> <http://www.youtube.com/High5Games>, Linkedin 
>> <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>> //
>>
>> /This message and any attachments may contain confidential or 
>> privileged information and are only for the use of the intended 
>> recipient of this message. If you are not the intended recipient, 
>> please notify the sender by return email, and delete or destroy this 
>> and all copies of this message and all attachments. Any unauthorized 
>> disclosure, use, distribution, or reproduction of this message or any 
>> attachments is prohibited and may be unlawful./
>>
>> *From: *<freeipa-users-bounces at redhat.com> on behalf of Dan 
>> Finkelstein <Dan.Finkelstein at high5games.com>
>> *Date: *Tuesday, January 3, 2017 at 11:08
>> *To: *"mbasti at redhat.com" <mbasti at redhat.com>, 
>> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
>> apparent data damage
>>
>> I've read through that page before, just last week, but I confess 
>> it's gone over my head. Could you give me an example of how to fix 
>> /one/ of the conflicts below? I think when I see how it's done, I can 
>> do the rest.
>>
>> Thanks,
>>
>> Dan
>>
>> <http://www.high5games.com/>
>>
>> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>>
>> One World Trade Center, New York, NY 10007
>>
>> www.high5games.com <http://www.high5games.com/>
>>
>> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and 
>> Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter 
>> <https://twitter.com/High5Games>, YouTube 
>> <http://www.youtube.com/High5Games>, Linkedin 
>> <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>> //
>>
>> /This message and any attachments may contain confidential or 
>> privileged information and are only for the use of the intended 
>> recipient of this message. If you are not the intended recipient, 
>> please notify the sender by return email, and delete or destroy this 
>> and all copies of this message and all attachments. Any unauthorized 
>> disclosure, use, distribution, or reproduction of this message or any 
>> attachments is prohibited and may be unlawful./
>>
>> *From: *Martin Basti <mbasti at redhat.com>
>> *Date: *Tuesday, January 3, 2017 at 09:07
>> *To: *Dan Finkelstein <Dan.Finkelstein at high5games.com>, 
>> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no 
>> apparent data damage
>>
>> Here is a directory server documentation about replication conflicts 
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>
>> I hope it will help
>>
>> Martin
>>
>> On 03.01.2017 14:20, 
>> <mailto:Dan.Finkelstein at high5games.com>Dan.Finkelstein at high5games.com 
>> wrote:
>>
>>     I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have
>>     been cleaning up various dangling replicas and other cruft, but
>>     when I run the ipa consistency checker, it produces output that
>>     LDAP has conflicts. I then run:
>>
>>     ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local"
>>     "nsds5ReplConflict=*" \* nsds5ReplConflict
>>
>>     Which produces output as follows (which I don't know what to do
>>     with, yet):
>>
>>     # extended LDIF
>>
>>     #
>>
>>     # LDAPv3
>>
>>     # base <dc=test,dc=local> with scope subtree
>>
>>     # filter: nsds5ReplConflict=*
>>
>>     # requesting: * nsds5ReplConflict
>>
>>     #
>>
>>     # ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups,
>>     accounts, test.l
>>
>>     ocal
>>
>>     dn:
>>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
>>
>>     ,cn=accounts,dc=test,dc=local
>>
>>     memberOf: cn=Replication
>>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Add Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Modify Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Remove Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Read PassSync Managers
>>     Configuration,cn=permissions,cn=pbac,dc=h5
>>
>>     c,dc=local
>>
>>     memberOf: cn=Modify PassSync Managers
>>     Configuration,cn=permissions,cn=pbac,dc=
>>
>>     test,dc=local
>>
>>     memberOf: cn=Read LDBM Database
>>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>>
>>     =local
>>
>>     memberOf: cn=Add Configuration
>>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Read Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>>
>>     l
>>
>>     memberOf:
>>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
>>
>>     n=alt,dc=test,dc=local
>>
>>     member:
>>     fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>>
>>     cal
>>
>>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: ipahostgroup
>>
>>     objectClass: ipaobject
>>
>>     objectClass: groupOfNames
>>
>>     objectClass: nestedGroup
>>
>>     objectClass: mepOriginEntry
>>
>>     description: IPA server hosts
>>
>>     cn: ipaservers
>>
>>     ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>>
>>     5c,dc=local
>>
>>     # ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt,
>>     test.local
>>
>>     dn:
>>     cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
>>
>>     dc=test,dc=local
>>
>>     memberHost:
>>     cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
>>
>>     stgroups,cn=accounts,dc=test,dc=local
>>
>>     objectClass: ipanisnetgroup
>>
>>     objectClass: ipaobject
>>
>>     objectClass: mepManagedEntry
>>
>>     objectClass: ipaAssociation
>>
>>     objectClass: top
>>
>>     nisDomainName: test.local
>>
>>     cn: ipaservers
>>
>>     description: ipaNetgroup ipaservers
>>
>>     mepManagedBy:
>>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>>
>>     ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>>     # domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa,
>>     etc, test.local
>>
>>     dn:
>>     cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
>>
>>     a,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>>     internalModifiersName in
>>
>>     ternalModifyTimestamp
>>
>>     ipaReplTopoConfRoot: dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: iparepltopoconf
>>
>>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>>     entryusn krblasts
>>
>>     uccessfulauth krblastfailedauth krbloginfailedcount
>>
>>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>>     idnssoaserial
>>
>>     entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>>
>>     cn: domain
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>>
>>     c=local
>>
>>     # locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
>>
>>     dn:
>>     cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
>>
>>     dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: locations
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=locations,cn=etc,dc=test,dc=local
>>
>>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>     3.0;acl "permi
>>
>>     ssion:System: Add IPA Locations";allow (add) groupdn =
>>     "ldap:///cn=System: Ad
>>
>>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "description")(targetfilter =
>>     "(objectclass=ipaLocationObje
>>
>>     ct)")(version 3.0;acl "permission:System: Modify IPA
>>     Locations";allow (write)
>>
>>     groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>>     Locations,cn=permissions,cn=pbac,dc
>>
>>     =test,dc=local";)
>>
>>     aci: (targetattr = "createtimestamp || description || entryusn ||
>>     idnsname ||
>>
>>      modifytimestamp || objectclass")(targetfilter =
>>     "(objectclass=ipaLocationObje
>>
>>     ct)")(version 3.0;acl "permission:System: Read IPA
>>     Locations";allow (compare,
>>
>>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>:
>>     Read IPA Locations,cn=permissions,
>>
>>     cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>     3.0;acl "permi
>>
>>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>>     "ldap:///cn=Syst
>>
>>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     # cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
>>
>>     dn:
>>     cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
>>
>>     l
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: cas
>>
>>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>>
>>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System
>>
>>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>>
>>     pbac,dc=test,dc=local";)
>>
>>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System
>>
>>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>>     <ldap://cn=System>: Delete CA,cn=permis
>>
>>     sions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "cn || description")(targetfilter =
>>     "(objectclass=ipaca)")(
>>
>>     version 3.0;acl "permission:System: Modify CA";allow (write)
>>     groupdn = "ldap:
>>
>>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "cn || createtimestamp || description ||
>>     entryusn || ipacai
>>
>>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>>     objectclass")(targ
>>
>>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System: Read CA
>>
>>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>>
>>     # custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc,
>>     test.local
>>
>>     dn:
>>     cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
>>
>>     c=test,dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: custodia
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     # dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia +
>>     9865b2e2-c9a411e6-a9
>>
>>     37f721-75eb0f97, ipa, etc, test.local
>>
>>     dn:
>>     cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
>>
>>     queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: dogtag
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>>
>>     c=local
>>
>>     # ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc,
>>     test.local
>>
>>     dn:
>>     cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
>>
>>     =etc,dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: iparepltopoconf
>>
>>     cn: ca
>>
>>     ipaReplTopoConfRoot: o=ipaca
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>>
>>     cal
>>
>>     # System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97,
>>     permissions, pbac, test.
>>
>>     local
>>
>>     dn: cn=System: Add
>>     CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
>>
>>     sions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: add
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Add CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: add
>>     ca,cn=permissions,cn=pbac,dc=
>>
>>     test,dc=local
>>
>>     # System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97,
>>     permissions, pbac, h
>>
>>     5c.local
>>
>>     dn: cn=System: Delete
>>     CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
>>
>>     missions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: delete
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Delete CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: delete
>>     ca,cn=permissions,cn=pbac,
>>
>>     dc=test,dc=local
>>
>>     # System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97,
>>     permissions, pbac, h
>>
>>     5c.local
>>
>>     dn: cn=System: Modify
>>     CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
>>
>>     missions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify
>>     ca,cn=permissions,cn=pbac,
>>
>>     dc=test,dc=local
>>
>>     # System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97,
>>     permissions, pbac, h5
>>
>>     c.local
>>
>>     dn: cn=System: Read
>>     CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
>>
>>     issions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: all
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read CAs
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: ipacaissuerdn
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipacasubjectdn
>>
>>     ipaPermDefaultAttr: ipacaid
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read
>>     cas,cn=permissions,cn=pbac,d
>>
>>     c=test,dc=local
>>
>>     # System: Modify DNS Servers Configuration +
>>     9865b2fe-c9a411e6-a937f721-75eb0f9
>>
>>     7, permissions, pbac, test.local
>>
>>     dn: cn=System: Modify DNS Servers
>>     Configuration+nsuniqueid=9865b2fe-c9a411e6-a
>>
>>     937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify DNS Servers Configuration
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: idnssoamname
>>
>>     ipaPermDefaultAttr: idnssubstitutionvariable
>>
>>     ipaPermDefaultAttr: idnsforwardpolicy
>>
>>     ipaPermDefaultAttr: idnsforwarders
>>
>>     ipaPermLocation: dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>>     configuration,
>>
>>     cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Read DNS Servers Configuration +
>>     9865b302-c9a411e6-a937f721-75eb0f97,
>>
>>     permissions, pbac, test.local
>>
>>     dn: cn=System: Read DNS Servers
>>     Configuration+nsuniqueid=9865b302-c9a411e6-a93
>>
>>     7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read DNS Servers Configuration
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: idnsforwardpolicy
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: idnsforwarders
>>
>>     ipaPermDefaultAttr: idnsserverid
>>
>>     ipaPermDefaultAttr: idnssubstitutionvariable
>>
>>     ipaPermDefaultAttr: idnssoamname
>>
>>     ipaPermLocation: dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>>     configuration,cn
>>
>>     =permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage Host Principals +
>>     9865b329-c9a411e6-a937f721-75eb0f97, permiss
>>
>>     ions, pbac, test.local
>>
>>     dn: cn=System: Manage Host
>>     Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
>>
>>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipahost)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage Host Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage host
>>     principals,cn=permiss
>>
>>     ions,cn=pbac,dc=test,dc=local
>>
>>     # System: Add IPA Locations +
>>     9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
>>
>>       pbac, test.local
>>
>>     dn: cn=System: Add IPA
>>     Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
>>
>>     7,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: add
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Add IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: add ipa
>>     locations,cn=permissions,
>>
>>     cn=pbac,dc=test,dc=local
>>
>>     # System: Modify IPA Locations +
>>     9865b343-c9a411e6-a937f721-75eb0f97, permissio
>>
>>     ns, pbac, test.local
>>
>>     dn: cn=System: Modify IPA
>>     Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
>>
>>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>>     locations,cn=permissio
>>
>>     ns,cn=pbac,dc=test,dc=local
>>
>>     # System: Read IPA Locations +
>>     9865b347-c9a411e6-a937f721-75eb0f97, permissions
>>
>>     , pbac, test.local
>>
>>     dn: cn=System: Read IPA
>>     Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
>>
>>     97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: idnsname
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read ipa
>>     locations,cn=permissions
>>
>>     ,cn=pbac,dc=test,dc=local
>>
>>     # System: Remove IPA Locations +
>>     9865b34b-c9a411e6-a937f721-75eb0f97, permissio
>>
>>     ns, pbac, test.local
>>
>>     dn: cn=System: Remove IPA
>>     Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
>>
>>     0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: delete
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Remove IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>>     locations,cn=permissio
>>
>>     ns,cn=pbac,dc=test,dc=local
>>
>>     # System: Read Locations of IPA Servers +
>>     9865b34f-c9a411e6-a937f721-75eb0f97,
>>
>>      permissions, pbac, test.local
>>
>>     dn: cn=System: Read Locations of IPA
>>     Servers+nsuniqueid=9865b34f-c9a411e6-a937
>>
>>     f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read Locations of IPA Servers
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipaserviceweight
>>
>>     ipaPermDefaultAttr: ipalocation
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read locations of
>>     ipa servers,cn=
>>
>>     permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Read Status of Services on IPA Servers +
>>     9865b353-c9a411e6-a937f721-7
>>
>>     5eb0f97, permissions, pbac, test.local
>>
>>     dn: cn=System: Read Status of Services on IPA
>>     Servers+nsuniqueid=9865b353-c9a4
>>
>>     11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read Status of Services on IPA Servers
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipaconfigstring
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read status of
>>     services on ipa se
>>
>>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage Service Principals +
>>     9865b357-c9a411e6-a937f721-75eb0f97, perm
>>
>>     issions, pbac, test.local
>>
>>     dn: cn=System: Manage Service
>>     Principals+nsuniqueid=9865b357-c9a411e6-a937f721
>>
>>     -75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaservice)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage Service Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=Service
>>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage service
>>     principals,cn=perm
>>
>>     issions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage User Principals +
>>     9865b364-c9a411e6-a937f721-75eb0f97, permiss
>>
>>     ions, pbac, test.local
>>
>>     dn: cn=System: Manage User
>>     Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
>>
>>     eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=posixaccount)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage User Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=Modify Users and Reset
>>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage user
>>     principals,cn=permiss
>>
>>     ions,cn=pbac,dc=test,dc=local
>>
>>     # servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
>>
>>     dn:
>>     cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
>>
>>     =local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: servers
>>
>>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>>
>>     # ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas +
>>     9865b2b1-c9a411e6-a937f721-7
>>
>>     5eb0f97, ca, test.local
>>
>>     dn:
>>     cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
>>
>>     65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
>>
>>     description: IPA CA
>>
>>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>>     objectClass: top
>>
>>     objectClass: ipaca
>>
>>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>>
>>     cn: ipa
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>>
>>     # ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups,
>>     accounts, test.l
>>
>>     ocal
>>
>>     dn:
>>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
>>
>>     ,cn=accounts,dc=test,dc=local
>>
>>     memberOf: cn=Replication
>>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Add Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Modify Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Remove Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Read PassSync Managers
>>     Configuration,cn=permissions,cn=pbac,dc=h5
>>
>>     c,dc=local
>>
>>     memberOf: cn=Modify PassSync Managers
>>     Configuration,cn=permissions,cn=pbac,dc=
>>
>>     test,dc=local
>>
>>     memberOf: cn=Read LDBM Database
>>     Configuration,cn=permissions,cn=pbac,dc=test,dc
>>
>>     =local
>>
>>     memberOf: cn=Add Configuration
>>     Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     memberOf: cn=Read Replication
>>     Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>>
>>     l
>>
>>     memberOf:
>>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
>>
>>     n=alt,dc=test,dc=local
>>
>>     member:
>>     fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>>
>>     cal
>>
>>     mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: ipahostgroup
>>
>>     objectClass: ipaobject
>>
>>     objectClass: groupOfNames
>>
>>     objectClass: nestedGroup
>>
>>     objectClass: mepOriginEntry
>>
>>     description: IPA server hosts
>>
>>     cn: ipaservers
>>
>>     ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>>
>>     5c,dc=local
>>
>>     # ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt,
>>     test.local
>>
>>     dn:
>>     cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
>>
>>     dc=test,dc=local
>>
>>     memberHost:
>>     cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
>>
>>     stgroups,cn=accounts,dc=test,dc=local
>>
>>     objectClass: ipanisnetgroup
>>
>>     objectClass: ipaobject
>>
>>     objectClass: mepManagedEntry
>>
>>     objectClass: ipaAssociation
>>
>>     objectClass: top
>>
>>     nisDomainName: test.local
>>
>>     cn: ipaservers
>>
>>     description: ipaNetgroup ipaservers
>>
>>     mepManagedBy:
>>     cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>>
>>     ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>>     # domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa,
>>     etc, test.local
>>
>>     dn:
>>     cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
>>
>>     a,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>>     internalModifiersName in
>>
>>     ternalModifyTimestamp
>>
>>     ipaReplTopoConfRoot: dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: iparepltopoconf
>>
>>     nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>>     entryusn krblasts
>>
>>     uccessfulauth krblastfailedauth krbloginfailedcount
>>
>>     nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>>     idnssoaserial
>>
>>     entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>>
>>     cn: domain
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>>
>>     c=local
>>
>>     # locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
>>
>>     dn:
>>     cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
>>
>>     dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: locations
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=locations,cn=etc,dc=test,dc=local
>>
>>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>     3.0;acl "permi
>>
>>     ssion:System: Add IPA Locations";allow (add) groupdn =
>>     "ldap:///cn=System: Ad
>>
>>     d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "description")(targetfilter =
>>     "(objectclass=ipaLocationObje
>>
>>     ct)")(version 3.0;acl "permission:System: Modify IPA
>>     Locations";allow (write)
>>
>>     groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>>     Locations,cn=permissions,cn=pbac,dc
>>
>>     =test,dc=local";)
>>
>>     aci: (targetattr = "createtimestamp || description || entryusn ||
>>     idnsname ||
>>
>>      modifytimestamp || objectclass")(targetfilter =
>>     "(objectclass=ipaLocationObje
>>
>>     ct)")(version 3.0;acl "permission:System: Read IPA
>>     Locations";allow (compare,
>>
>>     read,search) groupdn = "ldap:///cn=System <ldap://cn=System>:
>>     Read IPA Locations,cn=permissions,
>>
>>     cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>>     3.0;acl "permi
>>
>>     ssion:System: Remove IPA Locations";allow (delete) groupdn =
>>     "ldap:///cn=Syst
>>
>>     em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     # cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
>>
>>     dn:
>>     cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
>>
>>     l
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: cas
>>
>>     nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>>
>>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System
>>
>>     : Add CA";allow (add) groupdn = "ldap:///cn=System
>>     <ldap://cn=System>: Add CA,cn=permissions,cn=
>>
>>     pbac,dc=test,dc=local";)
>>
>>     aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System
>>
>>     : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>>     <ldap://cn=System>: Delete CA,cn=permis
>>
>>     sions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "cn || description")(targetfilter =
>>     "(objectclass=ipaca)")(
>>
>>     version 3.0;acl "permission:System: Modify CA";allow (write)
>>     groupdn = "ldap:
>>
>>     ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>>     aci: (targetattr = "cn || createtimestamp || description ||
>>     entryusn || ipacai
>>
>>     d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>>     objectclass")(targ
>>
>>     etfilter = "(objectclass=ipaca)")(version 3.0;acl
>>     "permission:System: Read CA
>>
>>     s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>>
>>     # custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc,
>>     test.local
>>
>>     dn:
>>     cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
>>
>>     c=test,dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: custodia
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     # dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia +
>>     6f47223b-c9a811e6-94
>>
>>     3e8d1c-0faa636d, ipa, etc, test.local
>>
>>     dn:
>>     cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
>>
>>     queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: dogtag
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>>
>>     c=local
>>
>>     # ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc,
>>     test.local
>>
>>     dn:
>>     cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
>>
>>     =etc,dc=test,dc=local
>>
>>     objectClass: top
>>
>>     objectClass: iparepltopoconf
>>
>>     cn: ca
>>
>>     ipaReplTopoConfRoot: o=ipaca
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>>
>>     cal
>>
>>     # System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d,
>>     permissions, pbac, test.
>>
>>     local
>>
>>     dn: cn=System: Add
>>     CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
>>
>>     sions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: add
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Add CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: add
>>     ca,cn=permissions,cn=pbac,dc=
>>
>>     test,dc=local
>>
>>     # System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d,
>>     permissions, pbac, h
>>
>>     5c.local
>>
>>     dn: cn=System: Delete
>>     CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
>>
>>     missions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: delete
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Delete CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: delete
>>     ca,cn=permissions,cn=pbac,
>>
>>     dc=test,dc=local
>>
>>     # System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d,
>>     permissions, pbac, h
>>
>>     5c.local
>>
>>     dn: cn=System: Modify
>>     CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
>>
>>     missions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify CA
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify
>>     ca,cn=permissions,cn=pbac,
>>
>>     dc=test,dc=local
>>
>>     # System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d,
>>     permissions, pbac, h5
>>
>>     c.local
>>
>>     dn: cn=System: Read
>>     CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
>>
>>     issions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaca)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: all
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read CAs
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: ipacaissuerdn
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipacasubjectdn
>>
>>     ipaPermDefaultAttr: ipacaid
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read
>>     cas,cn=permissions,cn=pbac,d
>>
>>     c=test,dc=local
>>
>>     # System: Modify DNS Servers Configuration +
>>     6f472257-c9a811e6-943e8d1c-0faa636
>>
>>     d, permissions, pbac, test.local
>>
>>     dn: cn=System: Modify DNS Servers
>>     Configuration+nsuniqueid=6f472257-c9a811e6-9
>>
>>     43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify DNS Servers Configuration
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: idnssoamname
>>
>>     ipaPermDefaultAttr: idnssubstitutionvariable
>>
>>     ipaPermDefaultAttr: idnsforwardpolicy
>>
>>     ipaPermDefaultAttr: idnsforwarders
>>
>>     ipaPermLocation: dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify dns servers
>>     configuration,
>>
>>     cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Read DNS Servers Configuration +
>>     6f47225b-c9a811e6-943e8d1c-0faa636d,
>>
>>     permissions, pbac, test.local
>>
>>     dn: cn=System: Read DNS Servers
>>     Configuration+nsuniqueid=6f47225b-c9a811e6-943
>>
>>     e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read DNS Servers Configuration
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: idnsforwardpolicy
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: idnsforwarders
>>
>>     ipaPermDefaultAttr: idnsserverid
>>
>>     ipaPermDefaultAttr: idnssubstitutionvariable
>>
>>     ipaPermDefaultAttr: idnssoamname
>>
>>     ipaPermLocation: dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read dns servers
>>     configuration,cn
>>
>>     =permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage Host Principals +
>>     6f472282-c9a811e6-943e8d1c-0faa636d, permiss
>>
>>     ions, pbac, test.local
>>
>>     dn: cn=System: Manage Host
>>     Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
>>
>>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipahost)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage Host Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage host
>>     principals,cn=permiss
>>
>>     ions,cn=pbac,dc=test,dc=local
>>
>>     # System: Add IPA Locations +
>>     6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
>>
>>       pbac, test.local
>>
>>     dn: cn=System: Add IPA
>>     Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
>>
>>     d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: add
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Add IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: add ipa
>>     locations,cn=permissions,
>>
>>     cn=pbac,dc=test,dc=local
>>
>>     # System: Modify IPA Locations +
>>     6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
>>
>>     ns, pbac, test.local
>>
>>     dn: cn=System: Modify IPA
>>     Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
>>
>>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Modify IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: modify ipa
>>     locations,cn=permissio
>>
>>     ns,cn=pbac,dc=test,dc=local
>>
>>     # System: Read IPA Locations +
>>     6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
>>
>>     , pbac, test.local
>>
>>     dn: cn=System: Read IPA
>>     Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
>>
>>     6d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: description
>>
>>     ipaPermDefaultAttr: idnsname
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read ipa
>>     locations,cn=permissions
>>
>>     ,cn=pbac,dc=test,dc=local
>>
>>     # System: Remove IPA Locations +
>>     6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
>>
>>     ns, pbac, test.local
>>
>>     dn: cn=System: Remove IPA
>>     Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
>>
>>     636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>>     ipaPermRight: delete
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Remove IPA Locations
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: remove ipa
>>     locations,cn=permissio
>>
>>     ns,cn=pbac,dc=test,dc=local
>>
>>     # System: Read Locations of IPA Servers +
>>     6f4722a8-c9a811e6-943e8d1c-0faa636d,
>>
>>      permissions, pbac, test.local
>>
>>     dn: cn=System: Read Locations of IPA
>>     Servers+nsuniqueid=6f4722a8-c9a811e6-943e
>>
>>     8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read Locations of IPA Servers
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipaserviceweight
>>
>>     ipaPermDefaultAttr: ipalocation
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read locations of
>>     ipa servers,cn=
>>
>>     permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Read Status of Services on IPA Servers +
>>     6f4722ac-c9a811e6-943e8d1c-0
>>
>>     faa636d, permissions, pbac, test.local
>>
>>     dn: cn=System: Read Status of Services on IPA
>>     Servers+nsuniqueid=6f4722ac-c9a8
>>
>>     11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>>     ipaPermRight: read
>>
>>     ipaPermRight: compare
>>
>>     ipaPermRight: search
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Read Status of Services on IPA Servers
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: objectclass
>>
>>     ipaPermDefaultAttr: ipaconfigstring
>>
>>     ipaPermDefaultAttr: cn
>>
>>     ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: read status of
>>     services on ipa se
>>
>>     rvers,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage Service Principals +
>>     6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
>>
>>     issions, pbac, test.local
>>
>>     dn: cn=System: Manage Service
>>     Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
>>
>>     -0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=ipaservice)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage Service Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=Service
>>     Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage service
>>     principals,cn=perm
>>
>>     issions,cn=pbac,dc=test,dc=local
>>
>>     # System: Manage User Principals +
>>     6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
>>
>>     ions, pbac, test.local
>>
>>     dn: cn=System: Manage User
>>     Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
>>
>>     aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>>     ipaPermTargetFilter: (objectclass=posixaccount)
>>
>>     ipaPermRight: write
>>
>>     ipaPermBindRuleType: permission
>>
>>     ipaPermissionType: V2
>>
>>     ipaPermissionType: MANAGED
>>
>>     ipaPermissionType: SYSTEM
>>
>>     cn: System: Manage User Principals
>>
>>     objectClass: ipapermission
>>
>>     objectClass: top
>>
>>     objectClass: groupofnames
>>
>>     objectClass: ipapermissionv2
>>
>>     member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>>     member: cn=Modify Users and Reset
>>     passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>>
>>     cal
>>
>>     ipaPermDefaultAttr: krbprincipalname
>>
>>     ipaPermDefaultAttr: krbcanonicalname
>>
>>     ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>>
>>     nsds5ReplConflict: namingConflict cn=system: manage user
>>     principals,cn=permiss
>>
>>     ions,cn=pbac,dc=test,dc=local
>>
>>     # servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
>>
>>     dn:
>>     cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
>>
>>     =local
>>
>>     objectClass: nsContainer
>>
>>     objectClass: top
>>
>>     cn: servers
>>
>>     nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>>
>>     # ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas +
>>     6f47220a-c9a811e6-943e8d1c-0
>>
>>     faa636d, ca, test.local
>>
>>     dn:
>>     cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
>>
>>     47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
>>
>>     description: IPA CA
>>
>>     ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>>     objectClass: top
>>
>>     objectClass: ipaca
>>
>>     ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>>     ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>>
>>     cn: ipa
>>
>>     nsds5ReplConflict: namingConflict
>>     cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>>
>>     # search result
>>
>>     search: 2
>>
>>     result: 0 Success
>>
>>     # numResponses: 51
>>
>>     # numEntries: 50
>>
>>     <http://www.high5games.com/>
>>
>>     *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>>     _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ |
>>     212.604.3447
>>
>>     One World Trade Center, New York, NY 10007
>>
>>     www.high5games.com <http://www.high5games.com/>
>>
>>     Play High 5 Casino <https://apps.facebook.com/highfivecasino/>
>>     and Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>>     Follow us on: Facebook <http://www.facebook.com/high5games>,
>>     Twitter <https://twitter.com/High5Games>, YouTube
>>     <http://www.youtube.com/High5Games>, Linkedin
>>     <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>>     //
>>
>>     /This message and any attachments may contain confidential or
>>     privileged information and are only for the use of the intended
>>     recipient of this message. If you are not the intended recipient,
>>     please notify the sender by return email, and delete or destroy
>>     this and all copies of this message and all attachments. Any
>>     unauthorized disclosure, use, distribution, or reproduction of
>>     this message or any attachments is prohibited and may be unlawful./
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4335 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4336 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment-0002.jpe>

From christophe.trefois at uni.lu  Wed Jan  4 16:40:16 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Wed, 4 Jan 2017 16:40:16 +0000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
	<1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
	<35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>
Message-ID: <2990A948-62CC-4868-A3D2-DC54A663B8E5@uni.lu>

To all,

So to recap, if I hit resubmit once, I get a CA_WORKING, if I do it immediately after again, I get a MONITORING, but the ?ca-error: Invalid cookie? comes back.

How can I get a valid cookie back?

Thanks for your help,
Christophe

> On 4 Jan 2017, at 14:19, Christophe TREFOIS <christophe.trefois at uni.lu> wrote:
> 
> Hi Florence,
> 
> I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
> Then i did ?resubmit? again and now the status is back to MONITORING, but the cookie error is back.
> 
> Any advice?
> 
> [root at lums3 ~]# getcert list -n ipaCert
> Number of certificates and requests being tracked: 8.
> Request ID '20161216025136':
> 	status: MONITORING
> 	ca-error: Invalid cookie: ''
> 	stuck: no
> 	key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> 	certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
> 	CA: dogtag-ipa-ca-renew-agent
> 	issuer: CN=Certificate Authority,O=UNI.LU
> 	subject: CN=IPA RA,O=UNI.LU
> 	expires: 2018-12-16 03:13:48 UTC
> 	key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> 	eku: id-kp-serverAuth,id-kp-clientAuth
> 	pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
> 	post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
> 	track: yes
> 	auto-renew: yes
> 
> -- 
> 
> Dr Christophe Trefois, Dipl.-Ing.  
> Technical Specialist / Post-Doc
> 
> UNIVERSIT? DU LUXEMBOURG
> 
> LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
> Campus Belval | House of Biomedicine  
> 6, avenue du Swing 
> L-4367 Belvaux  
> T: +352 46 66 44 6124 
> F: +352 46 66 44 6949  
> http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
>  <https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   <https://plus.google.com/+ChristopheTrefois/>   <https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call>
> 
> ----
> This message is confidential and may contain privileged information. 
> It is intended for the named recipient only. 
> If you receive it in error please notify me and permanently delete the original message and any copies. 
> ----
> 
>   
> 
>> On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com <mailto:flo at redhat.com>> wrote:
>> 
>> getcert resubmit -i <id for ipaCert>
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/9c22fd31/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3509 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/9c22fd31/attachment.p7s>

From daniel at schimpfoessl.com  Wed Jan  4 18:24:26 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Wed, 4 Jan 2017 12:24:26 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
Message-ID: <CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>

>From the logs:
/var/log/dirsrv/slapd-DOMAIN-COM/errors
... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
[04/Jan/2017:12:14:21.392642021 -0600] slapd started.  Listening on All
Interfaces port 389 for LDAP requests

/var/log/dirsrv/slapd-DOMAIN-COM/access
... lots of entries, not sure what to look for some lines contain RESULT
with err!=0
[04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT err=32 tag=101
nentries=0 etime=0
[04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress

/var/log/dirsrv/slapd-DOMAIN-COM/errors
[04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down - signaling
operation threads - op stack size 5 max work q size 2 max work q stack size
2
[04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down - closing down
internal subsystems and plugins


2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com>:

> Do you have a list of all log files involved in IPA?
> Would be good to consolidate them into ELK for analysis.
>
> 2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:
>
>> On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>> Thanks for your reply.
>>>
>>> This was the initial error I asked for help a while ago and did not get
>>> resolved. Further digging showed the recent errors.
>>> The service was running (using ipactl start --force) and only after a
>>> restart I am getting a stack trace for two primary messages:
>>>
>>> Could not connect to LDAP server host wwgwho01.webwim.com
>>> <http://wwgwho01.webwim.com> port 636 Error netscape.ldap.LDAPException:
>>> Authentication failed (48)
>>> ...
>>>
>>> Internal Database Error encountered: Could not connect to LDAP server
>>> host wwgwho01.webwim.com <http://wwgwho01.webwim.com> port 636 Error
>>> netscape.ldap.LDAPException: Authentication failed (48)
>>> ...
>>>
>>> and finally:
>>> [02/Jan/2017:12:20:34][localhost-startStop-1]: CMSEngine.shutdown()
>>>
>>>
>>> 2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>>> <mailto:flo at redhat.com>>:
>>>
>>>     systemctl start pki-tomcatd at pki-tomcat.service
>>>
>>>
>>>
>>> Hi Daniel,
>>
>> the next step would be to understand the root cause of this
>> "Authentication failed (48)" error. Note the exact time of this log and
>> look for a corresponding log in the LDAP server logs
>> (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing BIND with
>> err=48. This may help diagnose the issue (if we can see which certificate
>> is used for the bind or if there is a specific error message).
>>
>> For the record, a successful bind over SSL would produce this type of log
>> where we can see the certificate subject and the user mapped to this
>> certificate:
>> [...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
>> 10.34.58.150
>> [...] conn=47 TLS1.2 128-bit AES; client CN=CA Subsystem,O=DOMAIN.COM;
>> issuer CN=Certificate Authority,O=DOMAIN.COM
>> [...] conn=47 TLS1.2 client bound as uid=pkidbuser,ou=people,o=ipaca
>> [...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
>> [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
>> dn="uid=pkidbuser,ou=people,o=ipaca"
>>
>> Flo
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/4b864568/attachment.htm>

From jgoddard at emerlyn.com  Wed Jan  4 21:21:09 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Wed, 4 Jan 2017 16:21:09 -0500
Subject: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
Message-ID: <CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>

I don't want to hijack someone else's thread but I'm having what appears to
be the same problem and have not seen a solution presented yet.

Here is the output of journalctl -xe after having tried to start named:

Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
loading configuration from '/etc/named.conf'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
reading built-in trusted keys from file '/etc/named.iscdlv.key'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
using default UDP/IPv4 port range: [1024, 65535]
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
using default UDP/IPv6 port range: [1024, 65535]
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
listening on IPv6 interfaces, port 53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
listening on IPv4 interface lo, 127.0.0.1#53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
listening on IPv4 interface ens32, 10.73.100.31#53
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
generating session key for dynamic DNS
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
sizing zone task pool based on 6 zones
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
set up managed keys zone for view _default, file
'/var/named/dynamic/managed-keys.bind'
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
4.8.5 20150623 (Red Hat 4.8.5-11)
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
option 'serial_autoincrement' is not supported, ignoring
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]: GSSAPI
server step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
GSSAPI client step 1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]: GSSAPI
server step 2
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
GSSAPI client step 2
Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]: GSSAPI
server step 3
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
LDAP error: Invalid credentials: bind to LDAP server failed
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
couldn't establish connection in LDAP connection pool: permission denied
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
dynamic database 'ipa' configuration failed: permission denied
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
loading configuration: permission denied
Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
exiting (due to fatal error)
Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
named-pkcs11.service: control process exited, code=exited status=1
Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed to
start Berkeley Internet Name Domain (DNS) with native PKCS#11.
-- Subject: Unit named-pkcs11.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named-pkcs11.service has failed.
--
-- The result is failed.
Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
named-pkcs11.service entered failed state.
Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
named-pkcs11.service failed.
Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
Unregistered Authentication Agent for unix-process:3936:380486 (system bus
name :1.59, object path /org/freedesktop/Policy

Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep
ipa-dnskeysyncdcat:

[04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
base="dc=internal,dc=emerlyn,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM)))"
attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH
base="krbprincipalname=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber
krbPrincipalName krbCanonicalName krbTicketPolicyReference
krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags
ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath
ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD
dn="krbprincipalname=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
[04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH
base="dc=internal,dc=emerlyn,dc=com" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM))"
attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
ipatokenRadiusConfigLink objectClass"
[04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0 tag=97
nentries=0 etime=0 dn="krbprincipalname=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at internal.emerlyn.com
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"

My environment:
Freeipa 4.2.0
OS is Centos 7.2

This is a secondary replica (master) and the other replica can be pinged
but nslookup and dig fail to provide results even though the values are in
the /etc/hosts file:

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.72.100.16 id-management-1.internal.emerlyn.com
10.73.100.31 id-management-2.internal.emerlyn.com


Any assistance is in solving this would be greatly appreciated and thanks
for both the great product and the support already provided.

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/a270b267/attachment.htm>

From lslebodn at redhat.com  Wed Jan  4 21:39:44 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Wed, 4 Jan 2017 22:39:44 +0100
Subject: [Freeipa-users] nfsv4+kerberos: group ID not mapped on newly
 create users, however user id is correct
In-Reply-To: <89213DDB84447F44A8E8950A5C2185E04832AD0B@SJN01013.jnmain00.corp.jndata.net>
References: <89213DDB84447F44A8E8950A5C2185E04832AC30@SJN01013.jnmain00.corp.jndata.net>
	<cb8c6d44-bbb1-61da-80ea-b76ae468964b@redhat.com>
	<89213DDB84447F44A8E8950A5C2185E04832AD0B@SJN01013.jnmain00.corp.jndata.net>
Message-ID: <20170104213943.GA5053@10.4.128.1>

On (08/12/16 10:24), Bjarne Blichfeldt wrote:
>> -----Original Message-----
>> From: David Kupka [mailto:dkupka at redhat.com]
>> Sent: 8. december 2016 09:40
>> To: Bjarne Blichfeldt <BJB at jndata.dk>; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] nfsv4+kerberos: group ID not mapped on newly
>> create users, however user id is correct
>> 
>> On 08/12/16 08:57, Bjarne Blichfeldt wrote:
>> > Anybody have any suggestion as how to continue debugging this? The nfs server
>> resolves usernames by loopkup in free-ipa lda.
>> >
>> > After a lot of digging, I see the 4.4 introduced "krbcanonicalname", no idea if that
>> is relevant. Are there some update ldap procedure I am missing? Just in case I ran
>> a ipa-server-upgrade, which did not resolve the issue.
>> >
>> >
>:snip
>> >
>> >
>> 
>> Hello,
>> I'm almost sure that 'krbcanonicalname' has nothing to do with this.
>> Adding krbcanonicalname attribute was done to allow principal aliases (multiple
>> kerberos principals for one user/host/service), see [1] for details.
>> 
>> Unfortunately, I don't know what's wrong. SSSD is taking care of resolving users
>> and groups on enrolled systems. "id mgm" should output something like
>> "id=1414(mgm) gid=1414(mgm) groups=1414(mgm)" if it works properly.
>> 
>> [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases
>> 
>> --
>> David Kupka
>
>Thank you for that info. That led me somewhat further by increasing the debug on sssd which led me to :
>
>Dec  8 10:42:48 client nfsidmap[6663]: key: 0xae72f5 type: uid value: mqm2 at REALM.COM timeout 600
>Dec  8 10:42:48 client nfsidmap[6663]: nfs4_name_to_uid: calling nsswitch->name_to_uid
>Dec  8 10:42:48 client nfsidmap[6663]: nss_getpwnam: name 'mqm2 at REALM.COM' domain 'REALM.COM': resulting localname 'mqm2'
>Dec  8 10:42:48 client nfsidmap[6663]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
>Dec  8 10:42:48 client nfsidmap[6663]: nfs4_name_to_uid: final return value is 0
>
>Dec  8 10:42:48 client nfsidmap[6665]: key: 0xf56593 type: gid value: Null timeout 600
>                                                                                           ^^^^^^^^^
>Dec  8 10:42:48 client nfsidmap[6665]: nfs4_name_to_gid: calling nsswitch->name_to_gid
>Dec  8 10:42:48 client nfsidmap[6665]: nfs4_name_to_gid: nsswitch->name_to_gid returned -22
>Dec  8 10:42:48 client nfsidmap[6665]: nfs4_name_to_gid: final return value is -22Seems nfsidmap is not called with a gid value.
>
>It seems nfsidmap is not called with a proper gid.
>hm, the saga continues...
>
You might want to use sss nfsidmap plugin.
* set method in /etc/idmap.conf to sss
* restart nfsidmapd

BTW In fedora and sssd-1.14 + it is part of recomended
package sssd-nfs-idmap (weak dependency)
older versions and other distributions might have packages in sssd-common
   /usr/lib64/libnfsidmap/sss.so

LS



From jason at tresgeek.net  Wed Jan  4 22:40:38 2017
From: jason at tresgeek.net (Jason B. Nance)
Date: Wed, 4 Jan 2017 16:40:38 -0600 (CST)
Subject: [Freeipa-users] Lookups Failing With AD Forwarder (and DNSSEC)
Message-ID: <1875491957.2678.1483569638544.JavaMail.zimbra@tresgeek.net>

Hello everyone,

I have a pair of FreeIPA 4.4.0 servers setup whose forwarders are each set to an Active Directory domain controller.  When a client attempts to lookup any DNS record other than those to which FreeIPA is authoritative the client reports NXDOMAIN and the FreeIPA server has the following in its logs:

(first lookup)
Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no valid RRSIG) resolving 'zone/DS/IN': 10.48.8.18#53
Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no valid DS) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53

(subsequent lookups)
Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: validating @0x7f7a40983ea0: sl1mmgpwtdc0001.tkc.gen.zone A: bad cache hit (zone/DS)
Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (broken trust chain) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53

In my case, ipa.tkc.gen.zone is served by FreeIPA and tkc.gen.zone is served by AD (as is gen.zone).  10.48.8.18 is an AD domain controller for tkc.gen.zone (and the forwarder the FreeIPA servers are pointed at).

I've tried "rndc flush" and "rndc flushname ." on the FreeIPA boxes.  We've tried both NSEC3 and NSEC.

Anyone have guidance as to what may be going on?

Thanks,

j



From tgeier at accertify.com  Wed Jan  4 23:22:30 2017
From: tgeier at accertify.com (Timothy Geier)
Date: Wed, 4 Jan 2017 23:22:30 +0000
Subject: [Freeipa-users] IPA to IPA migration
Message-ID: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>

This is something I?ve looked at lately and a manual proof of concept I just did (using ideas from https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA) makes it seem theoretically possible (though it looks like, barring the migration of the kerberos master key, all enrolled hosts would need to use ipa-getkeytab to get a replacement keytab from the new server and copy it to /etc/krb5.keytab so that sssd will work properly..the alternative is re-enrollment.  All other keytabs in use by other applications would have to be similarly replaced).

Is https://fedorahosted.org/freeipa/ticket/3656 something that?s coming sooner or later to a future version of FreeIPA?  Has anyone done a manual migration on a moderate-to-large setup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/102c6ec1/attachment.htm>

From bentech4you at gmail.com  Thu Jan  5 04:33:02 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Thu, 5 Jan 2017 07:33:02 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
Message-ID: <CA+C_GOV5PP7GDx1iqUDx_aFd0ernEuN9V8jpQuYJ=m-FJ6ww4w@mail.gmail.com>

HI

anyone please help me to fix this.

Regards,
Ben

On Wed, Jan 4, 2017 at 3:12 PM, Ben .T.George <bentech4you at gmail.com> wrote:

> HI
>
> port 8009 is not listening in master server
>
> and i added ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6 in hosts file.
>
> still getting same error
>
>  [28/44]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server (Command
> '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> exit status 1). See the installation log for details.
>   [29/44]: setting up initial replication
>   [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> Connection refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more information
>
>
> Also  ipv6 is disabled on both nodes
>
> Regards,
> Ben
>
> On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <pvoborni at redhat.com> wrote:
>
>> On 01/04/2017 10:59 AM, Ben .T.George wrote:
>> > HI
>> >
>> > i tried the method mentioned on that document and it end up with below
>> error. My
>> > DNS is managed by external box and i dont want to create any DNS record
>> on these
>> > servers.
>> >
>> > and the command which i tried is(non client server)
>> >
>> > ipa-replica-install --principal admin --admin-password P at ssw0rd
>> --domain
>> > kw.example.com <http://kw.example.com> --server
>> zkwipamstr01.kw.example.com
>> > <http://zkwipamstr01.kw.example.com>
>> >
>> >
>> >
>> > ipa         : CRITICAL Failed to restart the directory server (Command
>> > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
>> non-zero exit
>> > status 1). See the installation log for details.
>> >    [29/44]: setting up initial replication
>> >    [error] error: [Errno 111] Connection refused
>> > Your system may be partly configured.
>> > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>> >
>> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
>> Connection
>> > refused
>> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>> > ipa-replica-install command failed. See /var/log/ipareplica-install.log
>> for more
>> > information
>>
>> This looks like bug https://fedorahosted.org/freeipa/ticket/6575
>>
>> To verify that, could you check if master server internally listens on
>> port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
>> near  step 27.
>>
>> Usual fix is to add following line to /etc/hosts
>>   ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>>
>>
>> > [root at zkwiparepa01 ~]# /bin/systemctl restart
>> dirsrv at KW-EXAMPLE-COM.service
>> > Job for dirsrv at KW-EXAMPLE-COM.service failed because the control
>> process exited
>> > with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
>> and
>> > "journalctl -xe" for details.
>> >
>> > [root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
>> > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
>> >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled;
>> vendor
>> > preset: disabled)
>> >     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46
>> AST; 13s ago
>> >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i
>> -i
>> > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
>> >    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
>> > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
>> >   Main PID: 14893 (code=exited, status=1/FAILURE)
>> >
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error:
>> > betxnpostoperation plu...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object
>> plugin
>> > Roles Pl...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error:
>> preoperation
>> > plugin su...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object
>> plugin USN
>> > is n...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object
>> plugin
>> > Views is...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error:
>> extendedop plugin
>> > whoa...arted
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited,
>> code=exited,
>> > status=1/FAILURE
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
>> > Jan 04 12:54:46 zkwiparepa01.kw.example.com <
>> http://zkwiparepa01.kw.example.com>
>> > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
>> > Hint: Some lines were ellipsized, use -l to show in full.
>> >
>> >
>> >
>> > Regards,
>> > Ben
>> >
>> >
>> > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com
>> > <mailto:mbabinsk at redhat.com>> wrote:
>> >
>> >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
>> >
>> >         HI
>> >
>> >         while trying to create ipa replica, i am getting below error,
>> >
>> >         Replica creation using 'ipa-replica-prepare' to generate
>> replica file
>> >         is supported only in 0-level IPA domain.
>> >
>> >         The current IPA domain level is 1 and thus the replica must
>> >         be created by promoting an existing IPA client.
>> >
>> >         To set up a replica use the following procedure:
>> >              1.) set up a client on the host using 'ipa-client-install'
>> >              2.) promote the client to replica running
>> 'ipa-replica-install'
>> >                  *without* replica file specified
>> >
>> >         'ipa-replica-prepare' is allowed only in domain level 0
>> >         The ipa-replica-prepare command failed.
>> >
>> >
>> >         i have IPA master server without AD integration and DNS is
>> managed by
>> >         3rd party appliances.
>> >
>> >
>> >
>> >         Regards,
>> >         Ben
>> >
>> >
>> >
>> >     Hi Ben,
>> >
>> >     If you installed IPA 4.4 server then domain level 1 is the default.
>> This
>> >     domain level uses different mechanism to stand up replicas. See the
>> latest
>> >     IdM documentation[1] for more details.
>> >
>> >     [1]
>> >     https://access.redhat.com/documentation/en-US/Red_Hat_Enter
>> prise_Linux/7/html/Linux_Domain_Identity_Authentication_and_
>> Policy_Guide/creating-the-replica.html
>> >     <https://access.redhat.com/documentation/en-US/Red_Hat_Ente
>> rprise_Linux/7/html/Linux_Domain_Identity_Authentication_
>> and_Policy_Guide/creating-the-replica.html>
>> >
>> >     --
>> >     Martin^3 Babinsky
>> >
>> >     --
>> >     Manage your subscription for the Freeipa-users mailing list:
>> >     https://www.redhat.com/mailman/listinfo/freeipa-users
>> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>> >     Go to http://freeipa.org for more info on the project
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Petr Vobornik
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/8006155f/attachment.htm>

From ftweedal at redhat.com  Thu Jan  5 06:03:27 2017
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Thu, 5 Jan 2017 16:03:27 +1000
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
Message-ID: <20170105060326.GG4539@dhcp-40-8.bne.redhat.com>

On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> HI
> 
> port 8009 is not listening in master server
> 
> and i added ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6 in hosts file.
> 

Did you add this to the host file on the master (then `systemctl
restart pki-tomcatd at pki-tomcat` and confirm it is listening on port
8009)?  Or just the client you are trying to promote?

It is needed on the master.  Won't hurt to make this change to
/etc/hosts on both machines, though.

HTH,
Fraser

> still getting same error
> 
>  [28/44]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server (Command
> '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> exit status 1). See the installation log for details.
>   [29/44]: setting up initial replication
>   [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> Connection refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log for
> more information
> 
> 
> Also  ipv6 is disabled on both nodes
> 
> Regards,
> Ben
> 
> On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <pvoborni at redhat.com> wrote:
> 
> > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > > HI
> > >
> > > i tried the method mentioned on that document and it end up with below
> > error. My
> > > DNS is managed by external box and i dont want to create any DNS record
> > on these
> > > servers.
> > >
> > > and the command which i tried is(non client server)
> > >
> > > ipa-replica-install --principal admin --admin-password P at ssw0rd --domain
> > > kw.example.com <http://kw.example.com> --server
> > zkwipamstr01.kw.example.com
> > > <http://zkwipamstr01.kw.example.com>
> > >
> > >
> > >
> > > ipa         : CRITICAL Failed to restart the directory server (Command
> > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> > non-zero exit
> > > status 1). See the installation log for details.
> > >    [29/44]: setting up initial replication
> > >    [error] error: [Errno 111] Connection refused
> > > Your system may be partly configured.
> > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >
> > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> > Connection
> > > refused
> > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > ipa-replica-install command failed. See /var/log/ipareplica-install.log
> > for more
> > > information
> >
> > This looks like bug https://fedorahosted.org/freeipa/ticket/6575
> >
> > To verify that, could you check if master server internally listens on
> > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
> > near  step 27.
> >
> > Usual fix is to add following line to /etc/hosts
> >   ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> >
> >
> > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > dirsrv at KW-EXAMPLE-COM.service
> > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the control
> > process exited
> > > with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
> > and
> > > "journalctl -xe" for details.
> > >
> > > [root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
> > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
> > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled;
> > vendor
> > > preset: disabled)
> > >     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46
> > AST; 13s ago
> > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i
> > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> > >    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
> > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > >
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error:
> > > betxnpostoperation plu...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object
> > plugin
> > > Roles Pl...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error:
> > preoperation
> > > plugin su...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object
> > plugin USN
> > > is n...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object
> > plugin
> > > Views is...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error:
> > extendedop plugin
> > > whoa...arted
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited,
> > code=exited,
> > > status=1/FAILURE
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
> > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > > Hint: Some lines were ellipsized, use -l to show in full.
> > >
> > >
> > >
> > > Regards,
> > > Ben
> > >
> > >
> > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com
> > > <mailto:mbabinsk at redhat.com>> wrote:
> > >
> > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > >
> > >         HI
> > >
> > >         while trying to create ipa replica, i am getting below error,
> > >
> > >         Replica creation using 'ipa-replica-prepare' to generate replica
> > file
> > >         is supported only in 0-level IPA domain.
> > >
> > >         The current IPA domain level is 1 and thus the replica must
> > >         be created by promoting an existing IPA client.
> > >
> > >         To set up a replica use the following procedure:
> > >              1.) set up a client on the host using 'ipa-client-install'
> > >              2.) promote the client to replica running
> > 'ipa-replica-install'
> > >                  *without* replica file specified
> > >
> > >         'ipa-replica-prepare' is allowed only in domain level 0
> > >         The ipa-replica-prepare command failed.
> > >
> > >
> > >         i have IPA master server without AD integration and DNS is
> > managed by
> > >         3rd party appliances.
> > >
> > >
> > >
> > >         Regards,
> > >         Ben
> > >
> > >
> > >
> > >     Hi Ben,
> > >
> > >     If you installed IPA 4.4 server then domain level 1 is the default.
> > This
> > >     domain level uses different mechanism to stand up replicas. See the
> > latest
> > >     IdM documentation[1] for more details.
> > >
> > >     [1]
> > >     https://access.redhat.com/documentation/en-US/Red_Hat_
> > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
> > Guide/creating-the-replica.html
> > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
> > Guide/creating-the-replica.html>
> > >
> > >     --
> > >     Martin^3 Babinsky
> > >
> > >     --
> > >     Manage your subscription for the Freeipa-users mailing list:
> > >     https://www.redhat.com/mailman/listinfo/freeipa-users
> > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > >     Go to http://freeipa.org for more info on the project
> > >
> > >
> > >
> > >
> >
> >
> > --
> > Petr Vobornik
> >

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From bentech4you at gmail.com  Thu Jan  5 06:10:43 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Thu, 5 Jan 2017 09:10:43 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
Message-ID: <CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>

HI

yes i did the same and still port is not listening.

[root at zkwipamstr01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.151.4.64     zkwipamstr01.kw.example.com        zkwipamstr01
10.151.4.65     zkwiparepa01.kw.example.com        zkwiparepa01
[root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
[root at zkwipamstr01 ~]# netstat -tunap | grep 8009


Regards
Ben

On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com> wrote:

> On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> > HI
> >
> > port 8009 is not listening in master server
> >
> > and i added ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6 in hosts file.
> >
>
> Did you add this to the host file on the master (then `systemctl
> restart pki-tomcatd at pki-tomcat` and confirm it is listening on port
> 8009)?  Or just the client you are trying to promote?
>
> It is needed on the master.  Won't hurt to make this change to
> /etc/hosts on both machines, though.
>
> HTH,
> Fraser
>
> > still getting same error
> >
> >  [28/44]: restarting directory server
> > ipa         : CRITICAL Failed to restart the directory server (Command
> > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> > exit status 1). See the installation log for details.
> >   [29/44]: setting up initial replication
> >   [error] error: [Errno 111] Connection refused
> > Your system may be partly configured.
> > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> > Connection refused
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for
> > more information
> >
> >
> > Also  ipv6 is disabled on both nodes
> >
> > Regards,
> > Ben
> >
> > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <pvoborni at redhat.com>
> wrote:
> >
> > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > > > HI
> > > >
> > > > i tried the method mentioned on that document and it end up with
> below
> > > error. My
> > > > DNS is managed by external box and i dont want to create any DNS
> record
> > > on these
> > > > servers.
> > > >
> > > > and the command which i tried is(non client server)
> > > >
> > > > ipa-replica-install --principal admin --admin-password P at ssw0rd
> --domain
> > > > kw.example.com <http://kw.example.com> --server
> > > zkwipamstr01.kw.example.com
> > > > <http://zkwipamstr01.kw.example.com>
> > > >
> > > >
> > > >
> > > > ipa         : CRITICAL Failed to restart the directory server
> (Command
> > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> > > non-zero exit
> > > > status 1). See the installation log for details.
> > > >    [29/44]: setting up initial replication
> > > >    [error] error: [Errno 111] Connection refused
> > > > Your system may be partly configured.
> > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > >
> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
> 111]
> > > Connection
> > > > refused
> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > > ipa-replica-install command failed. See /var/log/ipareplica-install.
> log
> > > for more
> > > > information
> > >
> > > This looks like bug https://fedorahosted.org/freeipa/ticket/6575
> > >
> > > To verify that, could you check if master server internally listens on
> > > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
> > > near  step 27.
> > >
> > > Usual fix is to add following line to /etc/hosts
> > >   ::1         localhost localhost.localdomain localhost6
> > > localhost6.localdomain6
> > >
> > >
> > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > > dirsrv at KW-EXAMPLE-COM.service
> > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the control
> > > process exited
> > > > with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service
> "
> > > and
> > > > "journalctl -xe" for details.
> > > >
> > > > [root at zkwiparepa01 ~]# systemctl status
> dirsrv at KW-EXAMPLE-COM.service
> > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server
> KW-EXAMPLE-COM.
> > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service;
> enabled;
> > > vendor
> > > > preset: disabled)
> > > >     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46
> > > AST; 13s ago
> > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-%i -i
> > > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
> > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > > >
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error:
> > > > betxnpostoperation plu...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error:
> object
> > > plugin
> > > > Roles Pl...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error:
> > > preoperation
> > > > plugin su...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error:
> object
> > > plugin USN
> > > > is n...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error:
> object
> > > plugin
> > > > Views is...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error:
> > > extendedop plugin
> > > > whoa...arted
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited,
> > > code=exited,
> > > > status=1/FAILURE
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
> > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > > > Hint: Some lines were ellipsized, use -l to show in full.
> > > >
> > > >
> > > >
> > > > Regards,
> > > > Ben
> > > >
> > > >
> > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> mbabinsk at redhat.com
> > > > <mailto:mbabinsk at redhat.com>> wrote:
> > > >
> > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > > >
> > > >         HI
> > > >
> > > >         while trying to create ipa replica, i am getting below error,
> > > >
> > > >         Replica creation using 'ipa-replica-prepare' to generate
> replica
> > > file
> > > >         is supported only in 0-level IPA domain.
> > > >
> > > >         The current IPA domain level is 1 and thus the replica must
> > > >         be created by promoting an existing IPA client.
> > > >
> > > >         To set up a replica use the following procedure:
> > > >              1.) set up a client on the host using
> 'ipa-client-install'
> > > >              2.) promote the client to replica running
> > > 'ipa-replica-install'
> > > >                  *without* replica file specified
> > > >
> > > >         'ipa-replica-prepare' is allowed only in domain level 0
> > > >         The ipa-replica-prepare command failed.
> > > >
> > > >
> > > >         i have IPA master server without AD integration and DNS is
> > > managed by
> > > >         3rd party appliances.
> > > >
> > > >
> > > >
> > > >         Regards,
> > > >         Ben
> > > >
> > > >
> > > >
> > > >     Hi Ben,
> > > >
> > > >     If you installed IPA 4.4 server then domain level 1 is the
> default.
> > > This
> > > >     domain level uses different mechanism to stand up replicas. See
> the
> > > latest
> > > >     IdM documentation[1] for more details.
> > > >
> > > >     [1]
> > > >     https://access.redhat.com/documentation/en-US/Red_Hat_
> > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> > > Guide/creating-the-replica.html
> > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> > > Guide/creating-the-replica.html>
> > > >
> > > >     --
> > > >     Martin^3 Babinsky
> > > >
> > > >     --
> > > >     Manage your subscription for the Freeipa-users mailing list:
> > > >     https://www.redhat.com/mailman/listinfo/freeipa-users
> > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > >     Go to http://freeipa.org for more info on the project
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Petr Vobornik
> > >
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/19a737fd/attachment.htm>

From ftweedal at redhat.com  Thu Jan  5 06:33:27 2017
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Thu, 5 Jan 2017 16:33:27 +1000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
	<1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
	<35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>
Message-ID: <20170105063326.GI4539@dhcp-40-8.bne.redhat.com>

On Wed, Jan 04, 2017 at 01:19:19PM +0000, Christophe TREFOIS wrote:
> Hi Florence,
> 
> I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
> Then i did ?resubmit? again and now the status is back to MONITORING, but the cookie error is back.
> 
> Any advice?
> 
I have encountered the cookie error before. IIRC it was caused by
authn certs in Dogtag user entries not matching the client certs
used.

Check the following entries:

1. ``ldapsearch -LLL -D cn=directory\ manager -w4me2Test \
   -b uid=pkidbuser,ou=people,o=ipaca userCertificate``

   should match

   ``certutil -d /etc/pki/pki-tomcat/alias -L -n "subsystemCert cert-pki-ca"``

2. ``ldapsearch -LLL -D cn=directory\ manager -w4me2Test \
   -b uid=ipara,ou=people,o=ipaca userCertificate``

   should match

   ``certutil -d /etc/httpd/alias -L -n "ipaCert"``

If either of these do not match, update LDAP with what is in the
certificate databases (a.k.a. NSSDBs).  Ensure all certs are
non-expired, etc.

HTH,
Fraser


> [root at lums3 ~]# getcert list -n ipaCert
> Number of certificates and requests being tracked: 8.
> Request ID '20161216025136':
> 	status: MONITORING
> 	ca-error: Invalid cookie: ''
> 	stuck: no
> 	key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> 	certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
> 	CA: dogtag-ipa-ca-renew-agent
> 	issuer: CN=Certificate Authority,O=UNI.LU
> 	subject: CN=IPA RA,O=UNI.LU
> 	expires: 2018-12-16 03:13:48 UTC
> 	key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> 	eku: id-kp-serverAuth,id-kp-clientAuth
> 	pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
> 	post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
> 	track: yes
> 	auto-renew: yes
> 
> -- 
> 
> Dr Christophe Trefois, Dipl.-Ing.  
> Technical Specialist / Post-Doc
> 
> UNIVERSIT? DU LUXEMBOURG
> 
> LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
> Campus Belval | House of Biomedicine  
> 6, avenue du Swing 
> L-4367 Belvaux  
> T: +352 46 66 44 6124 
> F: +352 46 66 44 6949  
> http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
>  <https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   <https://plus.google.com/+ChristopheTrefois/>   <https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call>
> ----
> This message is confidential and may contain privileged information. 
> It is intended for the named recipient only. 
> If you receive it in error please notify me and permanently delete the original message and any copies. 
> ----
> 
>   
> 
> > On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com> wrote:
> > 
> > getcert resubmit -i <id for ipaCert>
> 




From pvoborni at redhat.com  Thu Jan  5 08:12:03 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Thu, 5 Jan 2017 09:12:03 +0100
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
Message-ID: <5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>

On 01/05/2017 07:10 AM, Ben .T.George wrote:
> HI
> 
> yes i did the same and still port is not listening.
> 
> [root at zkwipamstr01 ~]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
> 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com>     
>     zkwipamstr01
> 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.example.com>     
>     zkwiparepa01
> [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> 
> 
> Regards
> Ben

Also IPv6 stack needs to be enabled.

> 
> On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com 
> <mailto:ftweedal at redhat.com>> wrote:
> 
>     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
>     > HI
>     >
>     > port 8009 is not listening in master server
>     >
>     > and i added ::1         localhost localhost.localdomain localhost6
>     > localhost6.localdomain6 in hosts file.
>     >
> 
>     Did you add this to the host file on the master (then `systemctl
>     restart pki-tomcatd at pki-tomcat` and confirm it is listening on port
>     8009)?  Or just the client you are trying to promote?
> 
>     It is needed on the master.  Won't hurt to make this change to
>     /etc/hosts on both machines, though.
> 
>     HTH,
>     Fraser
> 
>      > still getting same error
>      >
>      >  [28/44]: restarting directory server
>      > ipa         : CRITICAL Failed to restart the directory server (Command
>      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
>      > exit status 1). See the installation log for details.
>      >   [29/44]: setting up initial replication
>      >   [error] error: [Errno 111] Connection refused
>      > Your system may be partly configured.
>      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>      >
>      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
>      > Connection refused
>      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>      > ipa-replica-install command failed. See /var/log/ipareplica-install.log for
>      > more information
>      >
>      >
>      > Also  ipv6 is disabled on both nodes
>      >
>      > Regards,
>      > Ben
>      >
>      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <pvoborni at redhat.com
>     <mailto:pvoborni at redhat.com>> wrote:
>      >
>      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
>      > > > HI
>      > > >
>      > > > i tried the method mentioned on that document and it end up with below
>      > > error. My
>      > > > DNS is managed by external box and i dont want to create any DNS record
>      > > on these
>      > > > servers.
>      > > >
>      > > > and the command which i tried is(non client server)
>      > > >
>      > > > ipa-replica-install --principal admin --admin-password P at ssw0rd --domain
>      > > > kw.example.com <http://kw.example.com> <http://kw.example.com> --server
>      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com>
>      > > > <http://zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com>>
>      > > >
>      > > >
>      > > >
>      > > > ipa         : CRITICAL Failed to restart the directory server (Command
>      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
>      > > non-zero exit
>      > > > status 1). See the installation log for details.
>      > > >    [29/44]: setting up initial replication
>      > > >    [error] error: [Errno 111] Connection refused
>      > > > Your system may be partly configured.
>      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>      > > >
>      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
>      > > Connection
>      > > > refused
>      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>      > > > ipa-replica-install command failed. See /var/log/ipareplica-install.log
>      > > for more
>      > > > information
>      > >
>      > > This looks like bug https://fedorahosted.org/freeipa/ticket/6575
>     <https://fedorahosted.org/freeipa/ticket/6575>
>      > >
>      > > To verify that, could you check if master server internally listens on
>      > > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE string
>      > > near  step 27.
>      > >
>      > > Usual fix is to add following line to /etc/hosts
>      > >   ::1         localhost localhost.localdomain localhost6
>      > > localhost6.localdomain6
>      > >
>      > >
>      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
>      > > dirsrv at KW-EXAMPLE-COM.service
>      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the control
>      > > process exited
>      > > > with error code. See "systemctl status dirsrv at KW-EXAMPLE-COM.service"
>      > > and
>      > > > "journalctl -xe" for details.
>      > > >
>      > > > [root at zkwiparepa01 ~]# systemctl status dirsrv at KW-EXAMPLE-COM.service
>      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server KW-EXAMPLE-COM.
>      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service; enabled;
>      > > vendor
>      > > > preset: disabled)
>      > > >     Active: failed (Result: exit-code) since Wed 2017-01-04 12:54:46
>      > > AST; 13s ago
>      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i
>      > > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
>      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_systemd_ask_password_acl
>      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
>      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
>      > > >
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300] Error:
>      > > > betxnpostoperation plu...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300] Error: object
>      > > plugin
>      > > > Roles Pl...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300] Error:
>      > > preoperation
>      > > > plugin su...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300] Error: object
>      > > plugin USN
>      > > > is n...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300] Error: object
>      > > plugin
>      > > > Views is...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300] Error:
>      > > extendedop plugin
>      > > > whoa...arted
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process exited,
>      > > code=exited,
>      > > > status=1/FAILURE
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > systemd[1]: Failed to start 389 Directory Server KW-EXAMPLE-COM..
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered failed state.
>      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>      > > example.com <http://example.com>>
>      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
>      > > > Hint: Some lines were ellipsized, use -l to show in full.
>      > > >
>      > > >
>      > > >
>      > > > Regards,
>      > > > Ben
>      > > >
>      > > >
>      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <mbabinsk at redhat.com
>     <mailto:mbabinsk at redhat.com>
>      > > > <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>>> wrote:
>      > > >
>      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
>      > > >
>      > > >         HI
>      > > >
>      > > >         while trying to create ipa replica, i am getting below error,
>      > > >
>      > > >         Replica creation using 'ipa-replica-prepare' to generate replica
>      > > file
>      > > >         is supported only in 0-level IPA domain.
>      > > >
>      > > >         The current IPA domain level is 1 and thus the replica must
>      > > >         be created by promoting an existing IPA client.
>      > > >
>      > > >         To set up a replica use the following procedure:
>      > > >              1.) set up a client on the host using 'ipa-client-install'
>      > > >              2.) promote the client to replica running
>      > > 'ipa-replica-install'
>      > > >                  *without* replica file specified
>      > > >
>      > > >         'ipa-replica-prepare' is allowed only in domain level 0
>      > > >         The ipa-replica-prepare command failed.
>      > > >
>      > > >
>      > > >         i have IPA master server without AD integration and DNS is
>      > > managed by
>      > > >         3rd party appliances.
>      > > >
>      > > >
>      > > >
>      > > >         Regards,
>      > > >         Ben
>      > > >
>      > > >
>      > > >
>      > > >     Hi Ben,
>      > > >
>      > > >     If you installed IPA 4.4 server then domain level 1 is the default.
>      > > This
>      > > >     domain level uses different mechanism to stand up replicas. See the
>      > > latest
>      > > >     IdM documentation[1] for more details.
>      > > >
>      > > >     [1]
>      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
>     <https://access.redhat.com/documentation/en-US/Red_Hat_>
>      > > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
>      > > Guide/creating-the-replica.html
>      > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
>     <https://access.redhat.com/documentation/en-US/Red_Hat_>
>      > > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
>      > > Guide/creating-the-replica.html>
>      > > >
>      > > >     --
>      > > >     Martin^3 Babinsky
>      > > >
>      > > >     --
>      > > >     Manage your subscription for the Freeipa-users mailing list:
>      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>      > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>      > > >     Go to http://freeipa.org for more info on the project
>      > > >
>      > > >
>      > > >
>      > > >
>      > >
>      > >
>      > > --
>      > > Petr Vobornik
>      > >
> 
>      > --
>      > Manage your subscription for the Freeipa-users mailing list:
>      > https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>      > Go to http://freeipa.org for more info on the project
> 
> 


-- 
Petr Vobornik



From mbasti at redhat.com  Thu Jan  5 08:38:31 2017
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 5 Jan 2017 09:38:31 +0100
Subject: [Freeipa-users] Lookups Failing With AD Forwarder (and DNSSEC)
In-Reply-To: <1875491957.2678.1483569638544.JavaMail.zimbra@tresgeek.net>
References: <1875491957.2678.1483569638544.JavaMail.zimbra@tresgeek.net>
Message-ID: <98eb6aab-1412-e63c-8251-6fce8d737b77@redhat.com>



On 04.01.2017 23:40, Jason B. Nance wrote:
> Hello everyone,
>
> I have a pair of FreeIPA 4.4.0 servers setup whose forwarders are each set to an Active Directory domain controller.  When a client attempts to lookup any DNS record other than those to which FreeIPA is authoritative the client reports NXDOMAIN and the FreeIPA server has the following in its logs:
>
> (first lookup)
> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no valid RRSIG) resolving 'zone/DS/IN': 10.48.8.18#53
> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no valid DS) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53
>
> (subsequent lookups)
> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: validating @0x7f7a40983ea0: sl1mmgpwtdc0001.tkc.gen.zone A: bad cache hit (zone/DS)
> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (broken trust chain) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53
>
> In my case, ipa.tkc.gen.zone is served by FreeIPA and tkc.gen.zone is served by AD (as is gen.zone).  10.48.8.18 is an AD domain controller for tkc.gen.zone (and the forwarder the FreeIPA servers are pointed at).
>
> I've tried "rndc flush" and "rndc flushname ." on the FreeIPA boxes.  We've tried both NSEC3 and NSEC.
>
> Anyone have guidance as to what may be going on?
>
> Thanks,
>
> j
>

Hello,

you use non-existent TLD domain or TLD domain doesn't have DS record of 
your zone, so this is expected behavior for DNSSEC considered as attack. 
You have to disable DNSSEC validation on all IPA DNS servers in 
/etc/named.conf in first case or fix incorrect/missing DS record in 
second case.

The 'zone.' is registered TLD, so if you own it you have probably 
missing DS record in path, thus broken trust chain.
If you don't own the TLD, you shouldn't use it at all.

Martin



From mbasti at redhat.com  Thu Jan  5 08:43:05 2017
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 5 Jan 2017 09:43:05 +0100
Subject: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
Message-ID: <495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>



On 04.01.2017 22:21, Jeff Goddard wrote:
> I don't want to hijack someone else's thread but I'm having what 
> appears to be the same problem and have not seen a solution presented yet.
>
> Here is the output of journalctl -xe after having tried to start named:
>
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> loading configuration from '/etc/named.conf'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> reading built-in trusted keys from file '/etc/named.iscdlv.key'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> using default UDP/IPv4 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> using default UDP/IPv6 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> listening on IPv6 interfaces, port 53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> listening on IPv4 interface lo, 127.0.0.1#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> listening on IPv4 interface ens32, 10.73.100.31#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> generating session key for dynamic DNS
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> sizing zone task pool based on 6 zones
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: set 
> up managed keys zone for view _default, file 
> '/var/named/dynamic/managed-keys.bind'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, 
> compiler 4.8.5 20150623 (Red Hat 4.8.5-11)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> option 'serial_autoincrement' is not supported, ignoring
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]: GSSAPI 
> server step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]: GSSAPI 
> server step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> GSSAPI client step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]: GSSAPI 
> server step 3
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: LDAP 
> error: Invalid credentials: bind to LDAP server failed
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> couldn't establish connection in LDAP connection pool: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> dynamic database 'ipa' configuration failed: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> loading configuration: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]: 
> exiting (due to fatal error)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> systemd[1]: 
> named-pkcs11.service: control process exited, code=exited status=1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> systemd[1]: Failed to 
> start Berkeley Internet Name Domain (DNS) with native PKCS#11.
> -- Subject: Unit named-pkcs11.service has failed
> -- Defined-By: systemd
> -- Support: 
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel 
> <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
> --
> -- Unit named-pkcs11.service has failed.
> --
> -- The result is failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> systemd[1]: Unit 
> named-pkcs11.service entered failed state.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> systemd[1]: 
> named-pkcs11.service failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com> polkitd[949]: 
> Unregistered Authentication Agent for unix-process:3936:380486 (system 
> bus name :1.59, object path /org/freedesktop/Policy
>
> Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep 
> ipa-dnskeysyncdcat:
>
> [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH 
> base="dc=internal,dc=emerlyn,dc=com" scope=2 
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>)))" 
> attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey 
> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration 
> krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange 
> krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth 
> krbLoginFailedCount krbPrincipalAuthInd krbExtraData 
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife 
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData 
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH 
> base="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com" 
> scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn 
> gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference 
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference 
> krbPrincipalType krbLastPwdChange krbPrincipalAliases 
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount 
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier 
> ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory 
> ipaNTHomeDirectoryDrive"
> [04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD 
> dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
> [04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH 
> base="dc=internal,dc=emerlyn,dc=com" scope=2 
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>))" 
> attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey 
> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration 
> krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange 
> krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth 
> krbLoginFailedCount krbPrincipalAuthInd krbExtraData 
> krbLastAdminUnlock krbObjectReferences krbTicketFlags krbMaxTicketLife 
> krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData 
> ipaUserAuthType ipatokenRadiusConfigLink objectClass"
> [04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0 
> tag=97 nentries=0 etime=0 
> dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at internal.emerlyn.com 
> <mailto:id-management-2.internal.emerlyn.com at internal.emerlyn.com>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>
> My environment:
> Freeipa 4.2.0
> OS is Centos 7.2
>
> This is a secondary replica (master) and the other replica can be 
> pinged but nslookup and dig fail to provide results even though the 
> values are in the /etc/hosts file:
>
> 127.0.0.1   localhost localhost.localdomain localhost4 
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 
> localhost6.localdomain6
> 10.72.100.16 id-management-1.internal.emerlyn.com 
> <http://id-management-1.internal.emerlyn.com>
> 10.73.100.31 id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>
>
>
> Any assistance is in solving this would be greatly appreciated and 
> thanks for both the great product and the support already provided.
>
> Jeff
>
>
>


Hello,

what contains the  /etc/sysconfig/dirsrv file

can you kinit as DNS?

kinit -kt /etc/named.keytab DNS/$HOSTNAME

Martin^2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/415b2f32/attachment.htm>

From jhrozek at redhat.com  Thu Jan  5 09:17:46 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 5 Jan 2017 10:17:46 +0100
Subject: [Freeipa-users] Unable to resolve AD users from IPA clients
In-Reply-To: <1261853511.668.1483543144236.JavaMail.zimbra@elostech.cz>
References: <mailman.18154.1483529333.4108.freeipa-users@redhat.com>
	<1261853511.668.1483543144236.JavaMail.zimbra@elostech.cz>
Message-ID: <20170105091746.hiyebtyyd6yjjmbm@hendrix>

On Wed, Jan 04, 2017 at 04:19:04PM +0100, Jan Kar?sek wrote:
> Hi, 
> thank you for help. 
> 
> I have tried to add 
> 
> subdomain_inherit = ignore_group_members 
> ignore_group_members = True 
> 
> into sssd.conf on server but problem still persists. 
> 
> >By the way, did you install 7.3 cleanly or did you upgrade? 
> It has been upgraded. 
> 
> >D id you ever removed the cache post-upgrade on the server? 
> Yes I did it couple of times both on server and client 
> 
> I find out that when client return value from id it differ from id output on server: 

I'm sorry but I would need to see the whole logs to give a qualified
answer, really. Could you please remove or invalidate the caches on the
server and the client, then run:
    date; id tst99655 at example.com; date
and then attach or send directly to me the logs from both the server and
the client so I can match the logs with the date timestamps?

Feel free to obfuscate the domain, user and group names in the logs.



From bentech4you at gmail.com  Thu Jan  5 09:43:47 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Thu, 5 Jan 2017 12:43:47 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
	<5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>
Message-ID: <CA+C_GOWO=WvkpUJm-iNCY7AnPfALx1MAb4ohsy2F4nF_VY8EMQ@mail.gmail.com>

HI,

on master server and replica server, i have enabled ipv6

below on master server

[root at zkwipamstr01 ~]# ip addr | grep inet6

    inet6 fe80::250:56ff:fea0:3857/64 scope link

[root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
[root at zkwipamstr01 ~]# netstat -tunap | grep 8009
tcp6       0      0 ::1:8009                :::*                    LISTEN
     12692/java


after that 8009 is listening on master server.

on replica side uninstalled ipa and tried to enrolled again. Do i need to
enable any service replica side?

[28/44]: restarting directory server
ipa         : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
exit status 1). See the installation log for details.
  [29/44]: setting up initial replication
  [error] error: [Errno 111] Connection refused
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
Connection refused
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See /var/log/ipareplica-install.log for
more information
[root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
Job for pki-tomcatd at pki-tomcat.service failed because the control process
exited with error code. See "systemctl status pki-tomcatd at pki-tomcat.service"
and "journalctl -xe" for details.

Still same error.

is this service restart pki-tomcatd at pki-tomcat only applicable on master
server?

Regards,
Ben


On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com> wrote:

> On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > HI
> >
> > yes i did the same and still port is not listening.
> >
> > [root at zkwipamstr01 ~]# cat /etc/hosts
> > 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> > ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> example.com>
> >     zkwipamstr01
> > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> example.com>
> >     zkwiparepa01
> > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> >
> >
> > Regards
> > Ben
>
> Also IPv6 stack needs to be enabled.
>
> >
> > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com
> > <mailto:ftweedal at redhat.com>> wrote:
> >
> >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> >     > HI
> >     >
> >     > port 8009 is not listening in master server
> >     >
> >     > and i added ::1         localhost localhost.localdomain localhost6
> >     > localhost6.localdomain6 in hosts file.
> >     >
> >
> >     Did you add this to the host file on the master (then `systemctl
> >     restart pki-tomcatd at pki-tomcat` and confirm it is listening on port
> >     8009)?  Or just the client you are trying to promote?
> >
> >     It is needed on the master.  Won't hurt to make this change to
> >     /etc/hosts on both machines, though.
> >
> >     HTH,
> >     Fraser
> >
> >      > still getting same error
> >      >
> >      >  [28/44]: restarting directory server
> >      > ipa         : CRITICAL Failed to restart the directory server
> (Command
> >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> non-zero
> >      > exit status 1). See the installation log for details.
> >      >   [29/44]: setting up initial replication
> >      >   [error] error: [Errno 111] Connection refused
> >      > Your system may be partly configured.
> >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >      >
> >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
> 111]
> >      > Connection refused
> >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> >      > ipa-replica-install command failed. See
> /var/log/ipareplica-install.log for
> >      > more information
> >      >
> >      >
> >      > Also  ipv6 is disabled on both nodes
> >      >
> >      > Regards,
> >      > Ben
> >      >
> >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> pvoborni at redhat.com
> >     <mailto:pvoborni at redhat.com>> wrote:
> >      >
> >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> >      > > > HI
> >      > > >
> >      > > > i tried the method mentioned on that document and it end up
> with below
> >      > > error. My
> >      > > > DNS is managed by external box and i dont want to create any
> DNS record
> >      > > on these
> >      > > > servers.
> >      > > >
> >      > > > and the command which i tried is(non client server)
> >      > > >
> >      > > > ipa-replica-install --principal admin --admin-password
> P at ssw0rd --domain
> >      > > > kw.example.com <http://kw.example.com> <http://kw.example.com>
> --server
> >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com
> >
> >      > > > <http://zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> example.com>>
> >      > > >
> >      > > >
> >      > > >
> >      > > > ipa         : CRITICAL Failed to restart the directory server
> (Command
> >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> returned
> >      > > non-zero exit
> >      > > > status 1). See the installation log for details.
> >      > > >    [29/44]: setting up initial replication
> >      > > >    [error] error: [Errno 111] Connection refused
> >      > > > Your system may be partly configured.
> >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >      > > >
> >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> [Errno 111]
> >      > > Connection
> >      > > > refused
> >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> >      > > > ipa-replica-install command failed. See
> /var/log/ipareplica-install.log
> >      > > for more
> >      > > > information
> >      > >
> >      > > This looks like bug https://fedorahosted.org/
> freeipa/ticket/6575
> >     <https://fedorahosted.org/freeipa/ticket/6575>
> >      > >
> >      > > To verify that, could you check if master server internally
> listens on
> >      > > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE
> string
> >      > > near  step 27.
> >      > >
> >      > > Usual fix is to add following line to /etc/hosts
> >      > >   ::1         localhost localhost.localdomain localhost6
> >      > > localhost6.localdomain6
> >      > >
> >      > >
> >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> >      > > dirsrv at KW-EXAMPLE-COM.service
> >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the
> control
> >      > > process exited
> >      > > > with error code. See "systemctl status
> dirsrv at KW-EXAMPLE-COM.service"
> >      > > and
> >      > > > "journalctl -xe" for details.
> >      > > >
> >      > > > [root at zkwiparepa01 ~]# systemctl status
> dirsrv at KW-EXAMPLE-COM.service
> >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server
> KW-EXAMPLE-COM.
> >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service;
> enabled;
> >      > > vendor
> >      > > > preset: disabled)
> >      > > >     Active: failed (Result: exit-code) since Wed 2017-01-04
> 12:54:46
> >      > > AST; 13s ago
> >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> /etc/dirsrv/slapd-%i -i
> >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> systemd_ask_password_acl
> >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> >      > > >
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300]
> Error:
> >      > > > betxnpostoperation plu...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300]
> Error: object
> >      > > plugin
> >      > > > Roles Pl...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300]
> Error:
> >      > > preoperation
> >      > > > plugin su...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300]
> Error: object
> >      > > plugin USN
> >      > > > is n...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300]
> Error: object
> >      > > plugin
> >      > > > Views is...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300]
> Error:
> >      > > extendedop plugin
> >      > > > whoa...arted
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process
> exited,
> >      > > code=exited,
> >      > > > status=1/FAILURE
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: Failed to start 389 Directory Server
> KW-EXAMPLE-COM..
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered
> failed state.
> >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> >      > > example.com <http://example.com>>
> >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> >      > > > Hint: Some lines were ellipsized, use -l to show in full.
> >      > > >
> >      > > >
> >      > > >
> >      > > > Regards,
> >      > > > Ben
> >      > > >
> >      > > >
> >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> mbabinsk at redhat.com
> >     <mailto:mbabinsk at redhat.com>
> >      > > > <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>>>
> wrote:
> >      > > >
> >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> >      > > >
> >      > > >         HI
> >      > > >
> >      > > >         while trying to create ipa replica, i am getting
> below error,
> >      > > >
> >      > > >         Replica creation using 'ipa-replica-prepare' to
> generate replica
> >      > > file
> >      > > >         is supported only in 0-level IPA domain.
> >      > > >
> >      > > >         The current IPA domain level is 1 and thus the
> replica must
> >      > > >         be created by promoting an existing IPA client.
> >      > > >
> >      > > >         To set up a replica use the following procedure:
> >      > > >              1.) set up a client on the host using
> 'ipa-client-install'
> >      > > >              2.) promote the client to replica running
> >      > > 'ipa-replica-install'
> >      > > >                  *without* replica file specified
> >      > > >
> >      > > >         'ipa-replica-prepare' is allowed only in domain level
> 0
> >      > > >         The ipa-replica-prepare command failed.
> >      > > >
> >      > > >
> >      > > >         i have IPA master server without AD integration and
> DNS is
> >      > > managed by
> >      > > >         3rd party appliances.
> >      > > >
> >      > > >
> >      > > >
> >      > > >         Regards,
> >      > > >         Ben
> >      > > >
> >      > > >
> >      > > >
> >      > > >     Hi Ben,
> >      > > >
> >      > > >     If you installed IPA 4.4 server then domain level 1 is
> the default.
> >      > > This
> >      > > >     domain level uses different mechanism to stand up
> replicas. See the
> >      > > latest
> >      > > >     IdM documentation[1] for more details.
> >      > > >
> >      > > >     [1]
> >      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
> >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> >      > > Guide/creating-the-replica.html
> >      > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> Authentication_and_Policy_
> >      > > Guide/creating-the-replica.html>
> >      > > >
> >      > > >     --
> >      > > >     Martin^3 Babinsky
> >      > > >
> >      > > >     --
> >      > > >     Manage your subscription for the Freeipa-users mailing
> list:
> >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >      > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> >      > > >     Go to http://freeipa.org for more info on the project
> >      > > >
> >      > > >
> >      > > >
> >      > > >
> >      > >
> >      > >
> >      > > --
> >      > > Petr Vobornik
> >      > >
> >
> >      > --
> >      > Manage your subscription for the Freeipa-users mailing list:
> >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >      > Go to http://freeipa.org for more info on the project
> >
> >
>
>
> --
> Petr Vobornik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/1222ba7e/attachment.htm>

From ftweedal at redhat.com  Thu Jan  5 10:05:49 2017
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Thu, 5 Jan 2017 20:05:49 +1000
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOWO=WvkpUJm-iNCY7AnPfALx1MAb4ohsy2F4nF_VY8EMQ@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
	<5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>
	<CA+C_GOWO=WvkpUJm-iNCY7AnPfALx1MAb4ohsy2F4nF_VY8EMQ@mail.gmail.com>
Message-ID: <20170105100549.GM4539@dhcp-40-8.bne.redhat.com>

On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> HI,
> 
> on master server and replica server, i have enabled ipv6
> 
> below on master server
> 
> [root at zkwipamstr01 ~]# ip addr | grep inet6
> 
>     inet6 fe80::250:56ff:fea0:3857/64 scope link
> 
> [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> tcp6       0      0 ::1:8009                :::*                    LISTEN
>      12692/java
> 
> 
> after that 8009 is listening on master server.
> 
> on replica side uninstalled ipa and tried to enrolled again. Do i need to
> enable any service replica side?
> 
> [28/44]: restarting directory server
> ipa         : CRITICAL Failed to restart the directory server (Command
> '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> exit status 1). See the installation log for details.
>   [29/44]: setting up initial replication
>   [error] error: [Errno 111] Connection refused
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
> 
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> Connection refused
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log for
> more information
> [root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> Job for pki-tomcatd at pki-tomcat.service failed because the control process
> exited with error code. See "systemctl status pki-tomcatd at pki-tomcat.service"
> and "journalctl -xe" for details.
> 
> Still same error.
> 
> is this service restart pki-tomcatd at pki-tomcat only applicable on master
> server?
> 
Yes, because no CA has been created on replica (yet).

Can you confirm that your firewall (if any/enabled) on master is
letting the traffic from client/replica through to :8009?
Executing: ``nc -v $MASTER_IP 8009`` from the client machine
suffices to check.

Thanks,
Fraser

> Regards,
> Ben
> 
> 
> On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com> wrote:
> 
> > On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > > HI
> > >
> > > yes i did the same and still port is not listening.
> > >
> > > [root at zkwipamstr01 ~]# cat /etc/hosts
> > > 127.0.0.1   localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> > > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > example.com>
> > >     zkwipamstr01
> > > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > example.com>
> > >     zkwiparepa01
> > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > >
> > >
> > > Regards
> > > Ben
> >
> > Also IPv6 stack needs to be enabled.
> >
> > >
> > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com
> > > <mailto:ftweedal at redhat.com>> wrote:
> > >
> > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> > >     > HI
> > >     >
> > >     > port 8009 is not listening in master server
> > >     >
> > >     > and i added ::1         localhost localhost.localdomain localhost6
> > >     > localhost6.localdomain6 in hosts file.
> > >     >
> > >
> > >     Did you add this to the host file on the master (then `systemctl
> > >     restart pki-tomcatd at pki-tomcat` and confirm it is listening on port
> > >     8009)?  Or just the client you are trying to promote?
> > >
> > >     It is needed on the master.  Won't hurt to make this change to
> > >     /etc/hosts on both machines, though.
> > >
> > >     HTH,
> > >     Fraser
> > >
> > >      > still getting same error
> > >      >
> > >      >  [28/44]: restarting directory server
> > >      > ipa         : CRITICAL Failed to restart the directory server
> > (Command
> > >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> > non-zero
> > >      > exit status 1). See the installation log for details.
> > >      >   [29/44]: setting up initial replication
> > >      >   [error] error: [Errno 111] Connection refused
> > >      > Your system may be partly configured.
> > >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >      >
> > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
> > 111]
> > >      > Connection refused
> > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > >      > ipa-replica-install command failed. See
> > /var/log/ipareplica-install.log for
> > >      > more information
> > >      >
> > >      >
> > >      > Also  ipv6 is disabled on both nodes
> > >      >
> > >      > Regards,
> > >      > Ben
> > >      >
> > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> > pvoborni at redhat.com
> > >     <mailto:pvoborni at redhat.com>> wrote:
> > >      >
> > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > >      > > > HI
> > >      > > >
> > >      > > > i tried the method mentioned on that document and it end up
> > with below
> > >      > > error. My
> > >      > > > DNS is managed by external box and i dont want to create any
> > DNS record
> > >      > > on these
> > >      > > > servers.
> > >      > > >
> > >      > > > and the command which i tried is(non client server)
> > >      > > >
> > >      > > > ipa-replica-install --principal admin --admin-password
> > P at ssw0rd --domain
> > >      > > > kw.example.com <http://kw.example.com> <http://kw.example.com>
> > --server
> > >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.example.com
> > >
> > >      > > > <http://zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > example.com>>
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > > > ipa         : CRITICAL Failed to restart the directory server
> > (Command
> > >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> > returned
> > >      > > non-zero exit
> > >      > > > status 1). See the installation log for details.
> > >      > > >    [29/44]: setting up initial replication
> > >      > > >    [error] error: [Errno 111] Connection refused
> > >      > > > Your system may be partly configured.
> > >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >      > > >
> > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> > [Errno 111]
> > >      > > Connection
> > >      > > > refused
> > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > >      > > > ipa-replica-install command failed. See
> > /var/log/ipareplica-install.log
> > >      > > for more
> > >      > > > information
> > >      > >
> > >      > > This looks like bug https://fedorahosted.org/
> > freeipa/ticket/6575
> > >     <https://fedorahosted.org/freeipa/ticket/6575>
> > >      > >
> > >      > > To verify that, could you check if master server internally
> > listens on
> > >      > > port 8009 or if ipareplica-install.log contains CA_UNREACHABLE
> > string
> > >      > > near  step 27.
> > >      > >
> > >      > > Usual fix is to add following line to /etc/hosts
> > >      > >   ::1         localhost localhost.localdomain localhost6
> > >      > > localhost6.localdomain6
> > >      > >
> > >      > >
> > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > >      > > dirsrv at KW-EXAMPLE-COM.service
> > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the
> > control
> > >      > > process exited
> > >      > > > with error code. See "systemctl status
> > dirsrv at KW-EXAMPLE-COM.service"
> > >      > > and
> > >      > > > "journalctl -xe" for details.
> > >      > > >
> > >      > > > [root at zkwiparepa01 ~]# systemctl status
> > dirsrv at KW-EXAMPLE-COM.service
> > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server
> > KW-EXAMPLE-COM.
> > >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv at .service;
> > enabled;
> > >      > > vendor
> > >      > > > preset: disabled)
> > >      > > >     Active: failed (Result: exit-code) since Wed 2017-01-04
> > 12:54:46
> > >      > > AST; 13s ago
> > >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> > /etc/dirsrv/slapd-%i -i
> > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited, status=1/FAILURE)
> > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> > systemd_ask_password_acl
> > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited, status=0/SUCCESS)
> > >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > >      > > >
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300]
> > Error:
> > >      > > > betxnpostoperation plu...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300]
> > Error: object
> > >      > > plugin
> > >      > > > Roles Pl...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300]
> > Error:
> > >      > > preoperation
> > >      > > > plugin su...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300]
> > Error: object
> > >      > > plugin USN
> > >      > > > is n...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300]
> > Error: object
> > >      > > plugin
> > >      > > > Views is...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300]
> > Error:
> > >      > > extendedop plugin
> > >      > > > whoa...arted
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process
> > exited,
> > >      > > code=exited,
> > >      > > > status=1/FAILURE
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > systemd[1]: Failed to start 389 Directory Server
> > KW-EXAMPLE-COM..
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered
> > failed state.
> > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > >      > > example.com <http://example.com>>
> > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > >      > > > Hint: Some lines were ellipsized, use -l to show in full.
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > > > Regards,
> > >      > > > Ben
> > >      > > >
> > >      > > >
> > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> > mbabinsk at redhat.com
> > >     <mailto:mbabinsk at redhat.com>
> > >      > > > <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>>>
> > wrote:
> > >      > > >
> > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > >      > > >
> > >      > > >         HI
> > >      > > >
> > >      > > >         while trying to create ipa replica, i am getting
> > below error,
> > >      > > >
> > >      > > >         Replica creation using 'ipa-replica-prepare' to
> > generate replica
> > >      > > file
> > >      > > >         is supported only in 0-level IPA domain.
> > >      > > >
> > >      > > >         The current IPA domain level is 1 and thus the
> > replica must
> > >      > > >         be created by promoting an existing IPA client.
> > >      > > >
> > >      > > >         To set up a replica use the following procedure:
> > >      > > >              1.) set up a client on the host using
> > 'ipa-client-install'
> > >      > > >              2.) promote the client to replica running
> > >      > > 'ipa-replica-install'
> > >      > > >                  *without* replica file specified
> > >      > > >
> > >      > > >         'ipa-replica-prepare' is allowed only in domain level
> > 0
> > >      > > >         The ipa-replica-prepare command failed.
> > >      > > >
> > >      > > >
> > >      > > >         i have IPA master server without AD integration and
> > DNS is
> > >      > > managed by
> > >      > > >         3rd party appliances.
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > > >         Regards,
> > >      > > >         Ben
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > > >     Hi Ben,
> > >      > > >
> > >      > > >     If you installed IPA 4.4 server then domain level 1 is
> > the default.
> > >      > > This
> > >      > > >     domain level uses different mechanism to stand up
> > replicas. See the
> > >      > > latest
> > >      > > >     IdM documentation[1] for more details.
> > >      > > >
> > >      > > >     [1]
> > >      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
> > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > Authentication_and_Policy_
> > >      > > Guide/creating-the-replica.html
> > >      > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_
> > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > Authentication_and_Policy_
> > >      > > Guide/creating-the-replica.html>
> > >      > > >
> > >      > > >     --
> > >      > > >     Martin^3 Babinsky
> > >      > > >
> > >      > > >     --
> > >      > > >     Manage your subscription for the Freeipa-users mailing
> > list:
> > >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > >      > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users
> > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> > >      > > >     Go to http://freeipa.org for more info on the project
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > > >
> > >      > >
> > >      > >
> > >      > > --
> > >      > > Petr Vobornik
> > >      > >
> > >
> > >      > --
> > >      > Manage your subscription for the Freeipa-users mailing list:
> > >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > >      > Go to http://freeipa.org for more info on the project
> > >
> > >
> >
> >
> > --
> > Petr Vobornik
> >



From bentech4you at gmail.com  Thu Jan  5 10:08:58 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Thu, 5 Jan 2017 13:08:58 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <20170105100549.GM4539@dhcp-40-8.bne.redhat.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
	<5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>
	<CA+C_GOWO=WvkpUJm-iNCY7AnPfALx1MAb4ohsy2F4nF_VY8EMQ@mail.gmail.com>
	<20170105100549.GM4539@dhcp-40-8.bne.redhat.com>
Message-ID: <CA+C_GOX6VWxFLXPWg56W2RzB_4q1FYbu3EMib9ukAB6f+OKP4g@mail.gmail.com>

HI

there is no filrewall running on both servers,

[root at zkwipamstr01 ~]# systemctl status firewalld
? firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

[root at zkwipamstr01 ~]# sestatus
SELinux status:                 disabled


On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale <ftweedal at redhat.com> wrote:

> On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> > HI,
> >
> > on master server and replica server, i have enabled ipv6
> >
> > below on master server
> >
> > [root at zkwipamstr01 ~]# ip addr | grep inet6
> >
> >     inet6 fe80::250:56ff:fea0:3857/64 scope link
> >
> > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > tcp6       0      0 ::1:8009                :::*
> LISTEN
> >      12692/java
> >
> >
> > after that 8009 is listening on master server.
> >
> > on replica side uninstalled ipa and tried to enrolled again. Do i need to
> > enable any service replica side?
> >
> > [28/44]: restarting directory server
> > ipa         : CRITICAL Failed to restart the directory server (Command
> > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> > exit status 1). See the installation log for details.
> >   [29/44]: setting up initial replication
> >   [error] error: [Errno 111] Connection refused
> > Your system may be partly configured.
> > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> >
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> > Connection refused
> > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for
> > more information
> > [root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > Job for pki-tomcatd at pki-tomcat.service failed because the control
> process
> > exited with error code. See "systemctl status
> pki-tomcatd at pki-tomcat.service"
> > and "journalctl -xe" for details.
> >
> > Still same error.
> >
> > is this service restart pki-tomcatd at pki-tomcat only applicable on master
> > server?
> >
> Yes, because no CA has been created on replica (yet).
>
> Can you confirm that your firewall (if any/enabled) on master is
> letting the traffic from client/replica through to :8009?
> Executing: ``nc -v $MASTER_IP 8009`` from the client machine
> suffices to check.
>
> Thanks,
> Fraser
>
> > Regards,
> > Ben
> >
> >
> > On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com>
> wrote:
> >
> > > On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > > > HI
> > > >
> > > > yes i did the same and still port is not listening.
> > > >
> > > > [root at zkwipamstr01 ~]# cat /etc/hosts
> > > > 127.0.0.1   localhost localhost.localdomain localhost4
> > > localhost4.localdomain4
> > > > ::1         localhost localhost.localdomain localhost6
> > > localhost6.localdomain6
> > > > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > > example.com>
> > > >     zkwipamstr01
> > > > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > example.com>
> > > >     zkwiparepa01
> > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > > >
> > > >
> > > > Regards
> > > > Ben
> > >
> > > Also IPv6 stack needs to be enabled.
> > >
> > > >
> > > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com
> > > > <mailto:ftweedal at redhat.com>> wrote:
> > > >
> > > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> > > >     > HI
> > > >     >
> > > >     > port 8009 is not listening in master server
> > > >     >
> > > >     > and i added ::1         localhost localhost.localdomain
> localhost6
> > > >     > localhost6.localdomain6 in hosts file.
> > > >     >
> > > >
> > > >     Did you add this to the host file on the master (then `systemctl
> > > >     restart pki-tomcatd at pki-tomcat` and confirm it is listening on
> port
> > > >     8009)?  Or just the client you are trying to promote?
> > > >
> > > >     It is needed on the master.  Won't hurt to make this change to
> > > >     /etc/hosts on both machines, though.
> > > >
> > > >     HTH,
> > > >     Fraser
> > > >
> > > >      > still getting same error
> > > >      >
> > > >      >  [28/44]: restarting directory server
> > > >      > ipa         : CRITICAL Failed to restart the directory server
> > > (Command
> > > >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> returned
> > > non-zero
> > > >      > exit status 1). See the installation log for details.
> > > >      >   [29/44]: setting up initial replication
> > > >      >   [error] error: [Errno 111] Connection refused
> > > >      > Your system may be partly configured.
> > > >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > >      >
> > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> [Errno
> > > 111]
> > > >      > Connection refused
> > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > >      > ipa-replica-install command failed. See
> > > /var/log/ipareplica-install.log for
> > > >      > more information
> > > >      >
> > > >      >
> > > >      > Also  ipv6 is disabled on both nodes
> > > >      >
> > > >      > Regards,
> > > >      > Ben
> > > >      >
> > > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> > > pvoborni at redhat.com
> > > >     <mailto:pvoborni at redhat.com>> wrote:
> > > >      >
> > > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > > >      > > > HI
> > > >      > > >
> > > >      > > > i tried the method mentioned on that document and it end
> up
> > > with below
> > > >      > > error. My
> > > >      > > > DNS is managed by external box and i dont want to create
> any
> > > DNS record
> > > >      > > on these
> > > >      > > > servers.
> > > >      > > >
> > > >      > > > and the command which i tried is(non client server)
> > > >      > > >
> > > >      > > > ipa-replica-install --principal admin --admin-password
> > > P at ssw0rd --domain
> > > >      > > > kw.example.com <http://kw.example.com> <
> http://kw.example.com>
> > > --server
> > > >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> example.com
> > > >
> > > >      > > > <http://zkwipamstr01.kw.example.com <
> http://zkwipamstr01.kw.
> > > example.com>>
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > > > ipa         : CRITICAL Failed to restart the directory
> server
> > > (Command
> > > >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> > > returned
> > > >      > > non-zero exit
> > > >      > > > status 1). See the installation log for details.
> > > >      > > >    [29/44]: setting up initial replication
> > > >      > > >    [error] error: [Errno 111] Connection refused
> > > >      > > > Your system may be partly configured.
> > > >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > >      > > >
> > > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> > > [Errno 111]
> > > >      > > Connection
> > > >      > > > refused
> > > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
>   The
> > > >      > > > ipa-replica-install command failed. See
> > > /var/log/ipareplica-install.log
> > > >      > > for more
> > > >      > > > information
> > > >      > >
> > > >      > > This looks like bug https://fedorahosted.org/
> > > freeipa/ticket/6575
> > > >     <https://fedorahosted.org/freeipa/ticket/6575>
> > > >      > >
> > > >      > > To verify that, could you check if master server internally
> > > listens on
> > > >      > > port 8009 or if ipareplica-install.log contains
> CA_UNREACHABLE
> > > string
> > > >      > > near  step 27.
> > > >      > >
> > > >      > > Usual fix is to add following line to /etc/hosts
> > > >      > >   ::1         localhost localhost.localdomain localhost6
> > > >      > > localhost6.localdomain6
> > > >      > >
> > > >      > >
> > > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > > >      > > dirsrv at KW-EXAMPLE-COM.service
> > > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the
> > > control
> > > >      > > process exited
> > > >      > > > with error code. See "systemctl status
> > > dirsrv at KW-EXAMPLE-COM.service"
> > > >      > > and
> > > >      > > > "journalctl -xe" for details.
> > > >      > > >
> > > >      > > > [root at zkwiparepa01 ~]# systemctl status
> > > dirsrv at KW-EXAMPLE-COM.service
> > > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server
> > > KW-EXAMPLE-COM.
> > > >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv@
> .service;
> > > enabled;
> > > >      > > vendor
> > > >      > > > preset: disabled)
> > > >      > > >     Active: failed (Result: exit-code) since Wed
> 2017-01-04
> > > 12:54:46
> > > >      > > AST; 13s ago
> > > >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> > > /etc/dirsrv/slapd-%i -i
> > > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited,
> status=1/FAILURE)
> > > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> > > systemd_ask_password_acl
> > > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited,
> status=0/SUCCESS)
> > > >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > > >      > > >
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300]
> > > Error:
> > > >      > > > betxnpostoperation plu...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300]
> > > Error: object
> > > >      > > plugin
> > > >      > > > Roles Pl...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300]
> > > Error:
> > > >      > > preoperation
> > > >      > > > plugin su...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300]
> > > Error: object
> > > >      > > plugin USN
> > > >      > > > is n...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300]
> > > Error: object
> > > >      > > plugin
> > > >      > > > Views is...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300]
> > > Error:
> > > >      > > extendedop plugin
> > > >      > > > whoa...arted
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process
> > > exited,
> > > >      > > code=exited,
> > > >      > > > status=1/FAILURE
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > systemd[1]: Failed to start 389 Directory Server
> > > KW-EXAMPLE-COM..
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered
> > > failed state.
> > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > >      > > example.com <http://example.com>>
> > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > > >      > > > Hint: Some lines were ellipsized, use -l to show in full.
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > > > Regards,
> > > >      > > > Ben
> > > >      > > >
> > > >      > > >
> > > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> > > mbabinsk at redhat.com
> > > >     <mailto:mbabinsk at redhat.com>
> > > >      > > > <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com
> >>>
> > > wrote:
> > > >      > > >
> > > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > > >      > > >
> > > >      > > >         HI
> > > >      > > >
> > > >      > > >         while trying to create ipa replica, i am getting
> > > below error,
> > > >      > > >
> > > >      > > >         Replica creation using 'ipa-replica-prepare' to
> > > generate replica
> > > >      > > file
> > > >      > > >         is supported only in 0-level IPA domain.
> > > >      > > >
> > > >      > > >         The current IPA domain level is 1 and thus the
> > > replica must
> > > >      > > >         be created by promoting an existing IPA client.
> > > >      > > >
> > > >      > > >         To set up a replica use the following procedure:
> > > >      > > >              1.) set up a client on the host using
> > > 'ipa-client-install'
> > > >      > > >              2.) promote the client to replica running
> > > >      > > 'ipa-replica-install'
> > > >      > > >                  *without* replica file specified
> > > >      > > >
> > > >      > > >         'ipa-replica-prepare' is allowed only in domain
> level
> > > 0
> > > >      > > >         The ipa-replica-prepare command failed.
> > > >      > > >
> > > >      > > >
> > > >      > > >         i have IPA master server without AD integration
> and
> > > DNS is
> > > >      > > managed by
> > > >      > > >         3rd party appliances.
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > > >         Regards,
> > > >      > > >         Ben
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > > >     Hi Ben,
> > > >      > > >
> > > >      > > >     If you installed IPA 4.4 server then domain level 1 is
> > > the default.
> > > >      > > This
> > > >      > > >     domain level uses different mechanism to stand up
> > > replicas. See the
> > > >      > > latest
> > > >      > > >     IdM documentation[1] for more details.
> > > >      > > >
> > > >      > > >     [1]
> > > >      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
> > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > Authentication_and_Policy_
> > > >      > > Guide/creating-the-replica.html
> > > >      > > >     <https://access.redhat.com/
> documentation/en-US/Red_Hat_
> > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > Authentication_and_Policy_
> > > >      > > Guide/creating-the-replica.html>
> > > >      > > >
> > > >      > > >     --
> > > >      > > >     Martin^3 Babinsky
> > > >      > > >
> > > >      > > >     --
> > > >      > > >     Manage your subscription for the Freeipa-users mailing
> > > list:
> > > >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > >      > > >     <https://www.redhat.com/
> mailman/listinfo/freeipa-users
> > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> > > >      > > >     Go to http://freeipa.org for more info on the project
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > > >
> > > >      > >
> > > >      > >
> > > >      > > --
> > > >      > > Petr Vobornik
> > > >      > >
> > > >
> > > >      > --
> > > >      > Manage your subscription for the Freeipa-users mailing list:
> > > >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > >      > Go to http://freeipa.org for more info on the project
> > > >
> > > >
> > >
> > >
> > > --
> > > Petr Vobornik
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/093b4ca2/attachment.htm>

From ftweedal at redhat.com  Thu Jan  5 10:21:18 2017
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Thu, 5 Jan 2017 20:21:18 +1000
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOX6VWxFLXPWg56W2RzB_4q1FYbu3EMib9ukAB6f+OKP4g@mail.gmail.com>
References: <CA+C_GOVzPHE5c5AHSbLp3aSD7YtUQ-PiE5dhBXVOMViyKOoTyA@mail.gmail.com>
	<fbe66128-d526-ed58-403a-1e08924017f8@redhat.com>
	<CA+C_GOU1cdnf=JOGKXquw5AhTSbFeSDMdO6K30ep1+yG4TxWPA@mail.gmail.com>
	<20170105060326.GG4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOV2z_enddD1QM_XW1FNaPBpLjPPu5yp35fpiRc+BdKMCw@mail.gmail.com>
	<5b904c20-72e9-fb2b-c05f-36970e279f7b@redhat.com>
	<CA+C_GOWO=WvkpUJm-iNCY7AnPfALx1MAb4ohsy2F4nF_VY8EMQ@mail.gmail.com>
	<20170105100549.GM4539@dhcp-40-8.bne.redhat.com>
	<CA+C_GOX6VWxFLXPWg56W2RzB_4q1FYbu3EMib9ukAB6f+OKP4g@mail.gmail.com>
Message-ID: <20170105102118.GN4539@dhcp-40-8.bne.redhat.com>

On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote:
> HI
> 
> there is no filrewall running on both servers,
> 
> [root at zkwipamstr01 ~]# systemctl status firewalld
> ? firewalld.service - firewalld - dynamic firewall daemon
>    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
> vendor preset: enabled)
>    Active: inactive (dead)
>      Docs: man:firewalld(1)
> 
> [root at zkwipamstr01 ~]# sestatus
> SELinux status:                 disabled
> 
OK, very well.  And actually, forget about my idea about connecting
to port 8009 from client - that is not what happens at all.  It is
the end of day for me and my brain checked out :/

I shall continue analysis of your problem tomorrow.

Thanks,
Fraser

> 
> On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale <ftweedal at redhat.com> wrote:
> 
> > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> > > HI,
> > >
> > > on master server and replica server, i have enabled ipv6
> > >
> > > below on master server
> > >
> > > [root at zkwipamstr01 ~]# ip addr | grep inet6
> > >
> > >     inet6 fe80::250:56ff:fea0:3857/64 scope link
> > >
> > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > > tcp6       0      0 ::1:8009                :::*
> > LISTEN
> > >      12692/java
> > >
> > >
> > > after that 8009 is listening on master server.
> > >
> > > on replica side uninstalled ipa and tried to enrolled again. Do i need to
> > > enable any service replica side?
> > >
> > > [28/44]: restarting directory server
> > > ipa         : CRITICAL Failed to restart the directory server (Command
> > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned non-zero
> > > exit status 1). See the installation log for details.
> > >   [29/44]: setting up initial replication
> > >   [error] error: [Errno 111] Connection refused
> > > Your system may be partly configured.
> > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >
> > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno 111]
> > > Connection refused
> > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > ipa-replica-install command failed. See /var/log/ipareplica-install.log
> > for
> > > more information
> > > [root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > Job for pki-tomcatd at pki-tomcat.service failed because the control
> > process
> > > exited with error code. See "systemctl status
> > pki-tomcatd at pki-tomcat.service"
> > > and "journalctl -xe" for details.
> > >
> > > Still same error.
> > >
> > > is this service restart pki-tomcatd at pki-tomcat only applicable on master
> > > server?
> > >
> > Yes, because no CA has been created on replica (yet).
> >
> > Can you confirm that your firewall (if any/enabled) on master is
> > letting the traffic from client/replica through to :8009?
> > Executing: ``nc -v $MASTER_IP 8009`` from the client machine
> > suffices to check.
> >
> > Thanks,
> > Fraser
> >
> > > Regards,
> > > Ben
> > >
> > >
> > > On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com>
> > wrote:
> > >
> > > > On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > > > > HI
> > > > >
> > > > > yes i did the same and still port is not listening.
> > > > >
> > > > > [root at zkwipamstr01 ~]# cat /etc/hosts
> > > > > 127.0.0.1   localhost localhost.localdomain localhost4
> > > > localhost4.localdomain4
> > > > > ::1         localhost localhost.localdomain localhost6
> > > > localhost6.localdomain6
> > > > > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > > > example.com>
> > > > >     zkwipamstr01
> > > > > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > > example.com>
> > > > >     zkwiparepa01
> > > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > > > >
> > > > >
> > > > > Regards
> > > > > Ben
> > > >
> > > > Also IPv6 stack needs to be enabled.
> > > >
> > > > >
> > > > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <ftweedal at redhat.com
> > > > > <mailto:ftweedal at redhat.com>> wrote:
> > > > >
> > > > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George wrote:
> > > > >     > HI
> > > > >     >
> > > > >     > port 8009 is not listening in master server
> > > > >     >
> > > > >     > and i added ::1         localhost localhost.localdomain
> > localhost6
> > > > >     > localhost6.localdomain6 in hosts file.
> > > > >     >
> > > > >
> > > > >     Did you add this to the host file on the master (then `systemctl
> > > > >     restart pki-tomcatd at pki-tomcat` and confirm it is listening on
> > port
> > > > >     8009)?  Or just the client you are trying to promote?
> > > > >
> > > > >     It is needed on the master.  Won't hurt to make this change to
> > > > >     /etc/hosts on both machines, though.
> > > > >
> > > > >     HTH,
> > > > >     Fraser
> > > > >
> > > > >      > still getting same error
> > > > >      >
> > > > >      >  [28/44]: restarting directory server
> > > > >      > ipa         : CRITICAL Failed to restart the directory server
> > > > (Command
> > > > >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> > returned
> > > > non-zero
> > > > >      > exit status 1). See the installation log for details.
> > > > >      >   [29/44]: setting up initial replication
> > > > >      >   [error] error: [Errno 111] Connection refused
> > > > >      > Your system may be partly configured.
> > > > >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > > >      >
> > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> > [Errno
> > > > 111]
> > > > >      > Connection refused
> > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > > >      > ipa-replica-install command failed. See
> > > > /var/log/ipareplica-install.log for
> > > > >      > more information
> > > > >      >
> > > > >      >
> > > > >      > Also  ipv6 is disabled on both nodes
> > > > >      >
> > > > >      > Regards,
> > > > >      > Ben
> > > > >      >
> > > > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> > > > pvoborni at redhat.com
> > > > >     <mailto:pvoborni at redhat.com>> wrote:
> > > > >      >
> > > > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > > > >      > > > HI
> > > > >      > > >
> > > > >      > > > i tried the method mentioned on that document and it end
> > up
> > > > with below
> > > > >      > > error. My
> > > > >      > > > DNS is managed by external box and i dont want to create
> > any
> > > > DNS record
> > > > >      > > on these
> > > > >      > > > servers.
> > > > >      > > >
> > > > >      > > > and the command which i tried is(non client server)
> > > > >      > > >
> > > > >      > > > ipa-replica-install --principal admin --admin-password
> > > > P at ssw0rd --domain
> > > > >      > > > kw.example.com <http://kw.example.com> <
> > http://kw.example.com>
> > > > --server
> > > > >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > example.com
> > > > >
> > > > >      > > > <http://zkwipamstr01.kw.example.com <
> > http://zkwipamstr01.kw.
> > > > example.com>>
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > > > ipa         : CRITICAL Failed to restart the directory
> > server
> > > > (Command
> > > > >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> > > > returned
> > > > >      > > non-zero exit
> > > > >      > > > status 1). See the installation log for details.
> > > > >      > > >    [29/44]: setting up initial replication
> > > > >      > > >    [error] error: [Errno 111] Connection refused
> > > > >      > > > Your system may be partly configured.
> > > > >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > > >      > > >
> > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> > > > [Errno 111]
> > > > >      > > Connection
> > > > >      > > > refused
> > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> >   The
> > > > >      > > > ipa-replica-install command failed. See
> > > > /var/log/ipareplica-install.log
> > > > >      > > for more
> > > > >      > > > information
> > > > >      > >
> > > > >      > > This looks like bug https://fedorahosted.org/
> > > > freeipa/ticket/6575
> > > > >     <https://fedorahosted.org/freeipa/ticket/6575>
> > > > >      > >
> > > > >      > > To verify that, could you check if master server internally
> > > > listens on
> > > > >      > > port 8009 or if ipareplica-install.log contains
> > CA_UNREACHABLE
> > > > string
> > > > >      > > near  step 27.
> > > > >      > >
> > > > >      > > Usual fix is to add following line to /etc/hosts
> > > > >      > >   ::1         localhost localhost.localdomain localhost6
> > > > >      > > localhost6.localdomain6
> > > > >      > >
> > > > >      > >
> > > > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > > > >      > > dirsrv at KW-EXAMPLE-COM.service
> > > > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because the
> > > > control
> > > > >      > > process exited
> > > > >      > > > with error code. See "systemctl status
> > > > dirsrv at KW-EXAMPLE-COM.service"
> > > > >      > > and
> > > > >      > > > "journalctl -xe" for details.
> > > > >      > > >
> > > > >      > > > [root at zkwiparepa01 ~]# systemctl status
> > > > dirsrv at KW-EXAMPLE-COM.service
> > > > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory Server
> > > > KW-EXAMPLE-COM.
> > > > >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv@
> > .service;
> > > > enabled;
> > > > >      > > vendor
> > > > >      > > > preset: disabled)
> > > > >      > > >     Active: failed (Result: exit-code) since Wed
> > 2017-01-04
> > > > 12:54:46
> > > > >      > > AST; 13s ago
> > > > >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> > > > /etc/dirsrv/slapd-%i -i
> > > > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited,
> > status=1/FAILURE)
> > > > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> > > > systemd_ask_password_acl
> > > > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited,
> > status=0/SUCCESS)
> > > > >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > > > >      > > >
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891 +0300]
> > > > Error:
> > > > >      > > > betxnpostoperation plu...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752 +0300]
> > > > Error: object
> > > > >      > > plugin
> > > > >      > > > Roles Pl...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340 +0300]
> > > > Error:
> > > > >      > > preoperation
> > > > >      > > > plugin su...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432 +0300]
> > > > Error: object
> > > > >      > > plugin USN
> > > > >      > > > is n...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209 +0300]
> > > > Error: object
> > > > >      > > plugin
> > > > >      > > > Views is...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981 +0300]
> > > > Error:
> > > > >      > > extendedop plugin
> > > > >      > > > whoa...arted
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main process
> > > > exited,
> > > > >      > > code=exited,
> > > > >      > > > status=1/FAILURE
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > systemd[1]: Failed to start 389 Directory Server
> > > > KW-EXAMPLE-COM..
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service entered
> > > > failed state.
> > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
> > > > >      > > example.com <http://example.com>>
> > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > > > >      > > > Hint: Some lines were ellipsized, use -l to show in full.
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > > > Regards,
> > > > >      > > > Ben
> > > > >      > > >
> > > > >      > > >
> > > > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> > > > mbabinsk at redhat.com
> > > > >     <mailto:mbabinsk at redhat.com>
> > > > >      > > > <mailto:mbabinsk at redhat.com <mailto:mbabinsk at redhat.com
> > >>>
> > > > wrote:
> > > > >      > > >
> > > > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > > > >      > > >
> > > > >      > > >         HI
> > > > >      > > >
> > > > >      > > >         while trying to create ipa replica, i am getting
> > > > below error,
> > > > >      > > >
> > > > >      > > >         Replica creation using 'ipa-replica-prepare' to
> > > > generate replica
> > > > >      > > file
> > > > >      > > >         is supported only in 0-level IPA domain.
> > > > >      > > >
> > > > >      > > >         The current IPA domain level is 1 and thus the
> > > > replica must
> > > > >      > > >         be created by promoting an existing IPA client.
> > > > >      > > >
> > > > >      > > >         To set up a replica use the following procedure:
> > > > >      > > >              1.) set up a client on the host using
> > > > 'ipa-client-install'
> > > > >      > > >              2.) promote the client to replica running
> > > > >      > > 'ipa-replica-install'
> > > > >      > > >                  *without* replica file specified
> > > > >      > > >
> > > > >      > > >         'ipa-replica-prepare' is allowed only in domain
> > level
> > > > 0
> > > > >      > > >         The ipa-replica-prepare command failed.
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >         i have IPA master server without AD integration
> > and
> > > > DNS is
> > > > >      > > managed by
> > > > >      > > >         3rd party appliances.
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >         Regards,
> > > > >      > > >         Ben
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >     Hi Ben,
> > > > >      > > >
> > > > >      > > >     If you installed IPA 4.4 server then domain level 1 is
> > > > the default.
> > > > >      > > This
> > > > >      > > >     domain level uses different mechanism to stand up
> > > > replicas. See the
> > > > >      > > latest
> > > > >      > > >     IdM documentation[1] for more details.
> > > > >      > > >
> > > > >      > > >     [1]
> > > > >      > > > https://access.redhat.com/documentation/en-US/Red_Hat_
> > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > > Authentication_and_Policy_
> > > > >      > > Guide/creating-the-replica.html
> > > > >      > > >     <https://access.redhat.com/
> > documentation/en-US/Red_Hat_
> > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > > Authentication_and_Policy_
> > > > >      > > Guide/creating-the-replica.html>
> > > > >      > > >
> > > > >      > > >     --
> > > > >      > > >     Martin^3 Babinsky
> > > > >      > > >
> > > > >      > > >     --
> > > > >      > > >     Manage your subscription for the Freeipa-users mailing
> > > > list:
> > > > >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > > >      > > >     <https://www.redhat.com/
> > mailman/listinfo/freeipa-users
> > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> > > > >      > > >     Go to http://freeipa.org for more info on the project
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > > >
> > > > >      > >
> > > > >      > >
> > > > >      > > --
> > > > >      > > Petr Vobornik
> > > > >      > >
> > > > >
> > > > >      > --
> > > > >      > Manage your subscription for the Freeipa-users mailing list:
> > > > >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > > >      > Go to http://freeipa.org for more info on the project
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Petr Vobornik
> > > >
> >



From md at collective-sense.com  Thu Jan  5 10:57:31 2017
From: md at collective-sense.com (Maciej Drobniuch)
Date: Thu, 5 Jan 2017 11:57:31 +0100
Subject: [Freeipa-users] 2FA and AllowNTHash
In-Reply-To: <d58bd7f6-990f-2769-1115-34ef57ec3ff2@pobox.com>
References: <CAL0MufK_gPgzkvKiOr6X+S-ufVh3ij39eLYLDGxpFy0-7VQZLw@mail.gmail.com>
	<d58bd7f6-990f-2769-1115-34ef57ec3ff2@pobox.com>
Message-ID: <CAL0Muf+LJPmoBEdzbdWwFh4iD2B-FxrM=ZLEeihDTDV8NQO-tA@mail.gmail.com>

Hi Brian

Thank You for your answer.
It started working, not sure yet why it did not work. I need to do some
extensive testing.

So, I've actually followed the blogposts you've mentioned to setup
ipanthash + freeradius.

Maybe I'll paraphrase the question.

It would suffice if I could tell IPA to use pass+otp only instead of both
(Password+ pass+otp) for particular hosts.
So for example users from hosts X can login with OTP only.

Thanks for help!

On Tue, Jan 3, 2017 at 7:02 PM, Brian Candler <b.candler at pobox.com> wrote:

> On 03/01/2017 15:28, Maciej Drobniuch wrote:
>
>> We have a topo with 3x IPA servers + freeradius.
>>
>> Freeradius is being used to do mschap with wifi APs. Freeradius connects
>> over ldap to IPA.
>>
>> In order to do the challange-response thing, freeipa has AllowNTHash
>> enabled.
>>
>> So I wanted to enable 2FA/OTP but leave the NTHash as is for wifi auth.
>>
>> In the moment I disallow Password auth for a user and enable OTP the wifi
>> auth stopps working, but the hash clearly stays in ldap.
>>
> How are you actually authenticating the user? Are you just reading the
> ipaNTHash out of the LDAP database and letting FreeRADIUS check it? Then
> AFAICS it shouldn't make any different whether OTP is enabled or not.  Can
> you show more of your RADIUS config, and the debug output from the part
> which authenticates the user?
>
> I don't use OTP myself, but I wouldn't expect the ipaNTHash to change
> depending on whether OTP is enabled or not (and you're saying the hash
> stays put).
>
> I have what sounds like a similar setup to yours, using FreeRADIUS 3.0.12
> talking to FreeIPA 4.4.0, using a service user which has permissions to
> read out the ipaNTHash directly, based on this blog post:
> http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_
> permissions_to_service_accounts..html
>
> ldap config:
>
>         base_dn = 'cn=users,cn=accounts,dc=ipa,dc=example,dc=com'
>
>         sasl {
>                 mech = 'GSSAPI'
>                 realm = 'IPA.EXAMPLE.COM'
>         }
>
>         update {
>                 control:NT-Password             := 'ipaNTHash'
>                 control:Tmp-String-9            := 'krbPasswordExpiration'
>         }
>
>         user {
>                 base_dn = "${..base_dn}"
>                 filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>                 scope = "one"
>         }
>
>         group {
>                 membership_attribute = 'memberOf'
>                 name_attributes = 'cn'
>
>                 cacheable_dn = 'yes'
>                 cacheable_name = 'no'
>         }
>
> default and inner-tunnel authentication is then just:
>
> authenticate {
>         Auth-Type PAP {
>                 pap
>         }
>
>         Auth-Type MS-CHAP {
>                 mschap
>         }
>
>         eap
> }
>
> Also you need to put the service user's keytab somewhere, and set a couple
> of environment variables when it starts, if you want to use Kerberos to
> protect the LDAP connection. Using systemd override:
>
> [Unit]
> Requires=dirsrv.target
> After=dirsrv.target
>
> [Service]
> Environment=KRB5_CLIENT_KTNAME=/etc/radiusd.keytab
> Environment=KRB5CCNAME=MEMORY:
> Restart=always
> RestartSec=5
>
> (Otherwise you can bind with a specific dn and password, but then you also
> need to sort out TLS to secure the LDAP traffic)
>
> There is more magic you can do with the krbPasswordExpiration attribute to
> force the user to do a password change over MSCHAP - but that's now
> straying a long way from what's relevant on a FreeIPA mailing list.
>
> HTH,
>
> Brian.
>



-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/6bc00271/attachment.htm>

From piolet.y at gmail.com  Thu Jan  5 11:04:04 2017
From: piolet.y at gmail.com (Youenn PIOLET)
Date: Thu, 5 Jan 2017 12:04:04 +0100
Subject: [Freeipa-users] IPA 4.4.0: clcache_load_buffer_bulk error
In-Reply-To: <9D9635E5-85D4-4612-8F16-172DDE464133@high5games.com>
References: <9D9635E5-85D4-4612-8F16-172DDE464133@high5games.com>
Message-ID: <CAF7cxucxRL2kC8cyhT7xx9xp+CHV9Tt6d+CzUCSub-AOzdYo1g@mail.gmail.com>

Hi,
Got the same messages :)
(and I almost got all other problems you posted on this list since your 4.4
upgrade)

If anyone can tell us if we have to do anything to clean problematic CSN...

Happy new year to all freeipa-users!
--
Youenn Piolet
piolet.y at gmail.com


2016-12-24 9:33 GMT+01:00 <Dan.Finkelstein at high5games.com>:

> Since upgrading to IPA 4.4.0 and CentOS-7.3, our master has been
> outputting the follow line repeatedly in its slapd error logs:
>
>
>
> [24/Dec/2016:08:11:36.684385818 +0000] clcache_load_buffer_bulk -
> changelog record with csn (585e4369001500040000) not found for DB_NEXT
>
>
>
> What does it mean and, if repair is needed, what should I do?
>
>
>
> Thanks and regards,
>
> Dan
>
>
>
> [image: id:image001.jpg at 01D1C26F.0E28FA60] <http://www.high5games.com/>
>
> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>
> *Dan.Finkelstein at h5g.com <Dan.Finkelstein at h5g.com>* | 212.604.3447
>
> One World Trade Center, New York, NY 10007
>
>
>
> www.high5games.com
>
> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and Shake
> the Sky <https://apps.facebook.com/shakethesky/>
>
> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
> <https://twitter.com/High5Games>, YouTube
> <http://www.youtube.com/High5Games>, Linkedin
> <http://www.linkedin.com/company/1072533?trk=tyah>
>
>
>
> *This message and any attachments may contain confidential or privileged
> information and are only for the use of the intended recipient of this
> message. If you are not the intended recipient, please notify the sender by
> return email, and delete or destroy this and all copies of this message and
> all attachments. Any unauthorized disclosure, use, distribution, or
> reproduction of this message or any attachments is prohibited and may be
> unlawful.*
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/1b82596f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/1b82596f/attachment.jpg>

From b.candler at pobox.com  Thu Jan  5 11:11:31 2017
From: b.candler at pobox.com (Brian Candler)
Date: Thu, 5 Jan 2017 11:11:31 +0000
Subject: [Freeipa-users] 2FA and AllowNTHash
In-Reply-To: <CAL0Muf+LJPmoBEdzbdWwFh4iD2B-FxrM=ZLEeihDTDV8NQO-tA@mail.gmail.com>
References: <CAL0MufK_gPgzkvKiOr6X+S-ufVh3ij39eLYLDGxpFy0-7VQZLw@mail.gmail.com>
	<d58bd7f6-990f-2769-1115-34ef57ec3ff2@pobox.com>
	<CAL0Muf+LJPmoBEdzbdWwFh4iD2B-FxrM=ZLEeihDTDV8NQO-tA@mail.gmail.com>
Message-ID: <34c11af9-cb96-6a57-b38a-3d23bfa2559d@pobox.com>

On 05/01/2017 10:57, Maciej Drobniuch wrote:
> Maybe I'll paraphrase the question.
>
> It would suffice if I could tell IPA to use pass+otp only instead of 
> both (Password+ pass+otp) for particular hosts.
> So for example users from hosts X can login with OTP only.
>
Sorry, I don't understand that.  What are the two passwords you refer 
to, when you say "Password + pass+otp"?

Can you give an example of the type of exchange that goes on now, and 
what you would like it to do instead?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/dbc60cce/attachment.htm>

From william.muriithi at gmail.com  Thu Jan  5 13:15:06 2017
From: william.muriithi at gmail.com (William Muriithi)
Date: Thu, 5 Jan 2017 08:15:06 -0500
Subject: [Freeipa-users] Effect of reversing trust relationship
Message-ID: <CAE9rU+5c=9v_5ytQ-Jn0i3V35MqQ8QdFgsZjpTFsub1VbV=T3g@mail.gmail.com>

Hello,

Curious, two weeks ago, we established a two way trust between AD and
FreeIPA. This has been working fine till yesterday when AD started
having DNS issues.  I am 99% certain trust had nothing to do with DNS
issue, but want to reverse the trust and see if we could fair better

My question is, if I run "ipa trustdomain-del", what does it do behind the back?

- Will there be a change in the AD systems or just remove association
on IPA side without reversing changes on the AD side?

- Whats the implication on the IPA client?  Any possibility of an outage?

- Whats the difference of "ipa trustdomain-del" and restoring from
"ipa-backup" and what would be more recommended if one has both
options?

Regards,

William



From jamesaharrisonuk at yahoo.co.uk  Thu Jan  5 13:36:56 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Thu, 5 Jan 2017 13:36:56 +0000 (UTC)
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
Message-ID: <1588224621.467679.1483623416628@mail.yahoo.com>

Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
I get 1 rule returned, which I expect.
Many thanks,James Harrison


(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [x_james.harrison] from [domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c11e30

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c1da40

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c1da40 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*))(&(dataExpireTimestamp<=1483618197)))]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c11e30

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c18790

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c1b720

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c18790 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c1b720 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c18790 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c12600

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c12600 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c0f550 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c12600 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*)))]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c0dfd0

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c0dfd0 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [x_james.harrison at domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging pac
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_sudo.log <==

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790

==> sssd/sssd_pam.log <==

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging pac

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0

==> sssd/sssd_ssh.log <==

==> sssd/sssd_pam.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1082600012] pid[5470].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected!
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_unix(sudo:auth): authentication failure; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost=? user=x_james.harrison

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [x_james.harrison] not found in PAM cache.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x410090:3:x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [domain.com][0x3][BE_REQ_INITGROUPS][1][name=x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2469f20
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x410090:3:x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2469f20
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x24710e0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x24711a0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x24710e0 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x24711a0 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x24710e0 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [x_james.harrison] added to PAM initgroup cache
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2470c00
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x410090:3:x_james.harrison at domain.com]

==> syslog <==
Jan? 5 12:10:17 pul-lp-sql-00 kernel: [ 1272.582518] audit: type=1400 audit(1483618217.180:43): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/1082600012" pid=5570 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2470c00
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): start ldb transaction (nesting: 0)
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x247c620

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x247c6e0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x247c620 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x247c6e0 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x247c620 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): commit ldb transaction (nesting: 0)
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 84
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_sss(sudo:auth): authentication success; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost= user=x_james.harrison

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User [x_james.harrison] found in PAM cache.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2478550

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x247bc80

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x2478550 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x247bc80 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2478550 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x246dd70
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x246dd70
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 35
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: x_james.harrison : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/x_james.harrison ; USER=root ; COMMAND=/bin/bash

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected!

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x2466e50][19]

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1c0e770][18]

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging pac

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==

==> sssd/sssd_sudo.log <==

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:22 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [x_james.harrison] removed from PAM initgroup cache
root at pul-lp-sql-00:/var/log# fg
tail -f auth.log syslog sssd/*.log
^C
root at pul-lp-sql-00:/var/log# 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/427641d5/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan  5 13:48:08 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 08:48:08 -0500
Subject: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
	<495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>
Message-ID: <CA+No-6HtpvxpGY8Ug8_5KBo=K=LHMAOORrg1DY=0UvoS5gekfg@mail.gmail.com>

Running the command displays no output.

Here is the config file output:

# This file is sourced by dirsrv upon startup to set
# the default environment for all directory server instances.
# To set instance specific defaults, use the file in the same
# directory called dirsrv-instance where "instance"
# is the name of your directory server instance e.g.
# dirsrv-localhost for the slapd-localhost instance.

# This file is in systemd EnvironmentFile format - see man systemd.exec

# In order to make more file descriptors available
# to the directory server, first make sure the system
# hard limits are raised, then use ulimit - uncomment
# out the following line and change the value to the
# desired value
# ulimit -n 8192
# note - if using systemd, ulimit won't work -  you must edit
# the systemd unit file for directory server to add the
# LimitNOFILE option - see man systemd.exec for more info

# A per instance keytab does not make much sense for servers.
# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN,
there
# is nothing that can make a client understand how to get a per-instance
ticket.
# Therefore by default a keytab should be considered a per server option.

# Also this file is sourced for all instances, so again all
# instances would ultimately get the same keytab.

# Finally a keytab is normally named either krb5.keytab or <service>.keytab

# In order to use SASL/GSSAPI (Kerberos) the directory
# server needs to know where to find its keytab
# file - uncomment the following line and set
# the path and filename appropriately
# if using systemd, omit the "; export VARNAME" at the end

# how many seconds to wait for the startpid file to show
# up before we assume there is a problem and fail to start
# if using systemd, omit the "; export VARNAME" at the end
#STARTPID_TIME=10 ; export STARTPID_TIME
# how many seconds to wait for the pid file to show
# up before we assume there is a problem and fail to start
# if using systemd, omit the "; export VARNAME" at the end
#PID_TIME=600 ; export PID_TIME
KRB5CCNAME=/tmp/krb5cc_389
KRB5_KTNAME=/etc/dirsrv/ds.keytab

I tried reinstalling with ipa-dns-install and it failed with errors. From
the logs it looks like it sets resolve.conf to 127.0.0.1 and then tries to
do lookups and fails. Here are selections from the logs:

2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [4/8]: setting up kerberos principal
2017-01-05T13:13:47Z DEBUG Starting external process
2017-01-05T13:13:47Z DEBUG args=kadmin.local -q addprinc -randkey DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:47Z DEBUG Process finished, return code=0
2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.

2017-01-05T13:13:47Z DEBUG stderr=WARNING: no policy specified for DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM; defaulting to no
policy
add_principal: Principal or policy already exists while creating "DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM".

2017-01-05T13:13:47Z DEBUG Backing up system configuration file
'/etc/named.keytab'
2017-01-05T13:13:47Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-05T13:13:47Z DEBUG Starting external process
2017-01-05T13:13:47Z DEBUG args=kadmin.local -q ktadd -k /etc/named.keytab
DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:47Z DEBUG Process finished, return code=0
2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type aes256-cts-hmac-sha1-96 added to keytab
WRFILE:/etc/named.keytab.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type aes128-cts-hmac-sha1-96 added to keytab
WRFILE:/etc/named.keytab.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type arcfour-hmac added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type camellia128-cts-cmac added to keytab
WRFILE:/etc/named.keytab.
Entry for principal DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type camellia256-cts-cmac added to keytab
WRFILE:/etc/named.keytab.

2017-01-05T13:13:47Z DEBUG stderr=
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [5/8]: setting up named.conf
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [6/8]: setting up server configuration
2017-01-05T13:13:47Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-05T13:13:47Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c48440>
2017-01-05T13:13:48Z DEBUG raw: dnsserver_add(u'
id-management-2.internal.emerlyn.com', idnssoamname=<DNS name
id-management-2.internal.emerlyn.com.>, version=u'2.213')
2017-01-05T13:13:48Z DEBUG dnsserver_add(u'
id-management-2.internal.emerlyn.com', idnssoamname=<DNS name
id-management-2.internal.emerlyn.com.>, all=False, raw=False,
version=u'2.213')
2017-01-05T13:13:48Z DEBUG raw: dnsserver_mod(u'
id-management-2.internal.emerlyn.com', idnsforwarders=[u'10.72.100.16'],
idnsforwardpolicy=u'only', version=u'2.213')
2017-01-05T13:13:48Z DEBUG dnsserver_mod(u'
id-management-2.internal.emerlyn.com', idnsforwarders=(u'10.72.100.16',),
idnsforwardpolicy=u'only', rights=False, all=False, raw=False,
version=u'2.213')
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:48Z DEBUG Saving StateFile to
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [7/8]: configuring named to start on boot
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl disable named-pkcs11.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG service DNS startup entry already enabled
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop named.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl mask named.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=Created symlink from
/etc/systemd/system/named.service to /dev/null.

2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [8/8]: changing resolv.conf to point to
ourselves
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG Done configuring DNS (named).
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop ipa-dnskeysyncd.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG Configuring DNS key synchronization service
(ipa-dnskeysyncd)
2017-01-05T13:13:48Z DEBUG   [1/7]: checking status
2017-01-05T13:13:48Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-05T13:13:48Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2c20>
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [2/7]: setting up bind-dyndb-ldap working
directory
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [3/7]: setting up kerberos principal
2017-01-05T13:13:48Z DEBUG Removing service keytab:
/etc/ipa/dnssec/ipa-dnskeysyncd.keytab
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=kadmin.local -q addprinc -randkey
ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
-x ipa-setup-override-restrictions
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.

2017-01-05T13:13:48Z DEBUG stderr=WARNING: no policy specified for
ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM;
defaulting to no policy
add_principal: Principal or policy already exists while creating
"ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM".

2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=kadmin.local -q ktadd -k
/etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:49Z DEBUG Process finished, return code=0
2017-01-05T13:13:49Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type aes256-cts-hmac-sha1-96 added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type aes128-cts-hmac-sha1-96 added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type des3-cbc-sha1 added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type arcfour-hmac added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type camellia128-cts-cmac added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7,
encryption type camellia256-cts-cmac added to keytab
WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.

2017-01-05T13:13:49Z DEBUG stderr=
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [4/7]: setting up SoftHSM
2017-01-05T13:13:49Z DEBUG Creating new softhsm config file
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [5/7]: adding DNSSEC containers
2017-01-05T13:13:49Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4ec9998>
2017-01-05T13:13:49Z INFO DNSSEC container exists (step skipped)
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [6/7]: creating replica keys
2017-01-05T13:13:49Z DEBUG Creating replica's key pair
2017-01-05T13:13:49Z DEBUG Storing replica public key to LDAP,
ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=internal,dc=emerlyn,dc=com
2017-01-05T13:13:49Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2830>
2017-01-05T13:13:50Z DEBUG Replica public key stored
2017-01-05T13:13:50Z DEBUG Setting CKA_WRAP=False for old replica keys
2017-01-05T13:13:50Z DEBUG Changing ownership of token files
2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
2017-01-05T13:13:50Z DEBUG   [7/7]: configuring ipa-dnskeysyncd to start on
boot
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl disable
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG service DNSKeySync startup entry already enabled
2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
2017-01-05T13:13:50Z DEBUG Done configuring DNS key synchronization service
(ipa-dnskeysyncd).
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl is-active
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=active

2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG Restarting named
2017-01-05T13:13:50Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart named-pkcs11.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=1
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=Job for named-pkcs11.service failed
because the control process exited with error code. See "systemctl status
named-pkcs11.service" and "journalctl -xe" for details.

It looks to me like the change in resolve.conf is causing all subsequent
lookups to fail.

Jeff







On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti <mbasti at redhat.com> wrote:

>
>
> On 04.01.2017 22:21, Jeff Goddard wrote:
>
> I don't want to hijack someone else's thread but I'm having what appears
> to be the same problem and have not seen a solution presented yet.
>
> Here is the output of journalctl -xe after having tried to start named:
>
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration from '/etc/named.conf'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> reading built-in trusted keys from file '/etc/named.iscdlv.key'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv4 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv6 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv6 interfaces, port 53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface lo, 127.0.0.1#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface ens32, 10.73.100.31#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> generating session key for dynamic DNS
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> sizing zone task pool based on 6 zones
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> set up managed keys zone for view _default, file
> '/var/named/dynamic/managed-keys.bind'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
> 4.8.5 20150623 (Red Hat 4.8.5-11)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> option 'serial_autoincrement' is not supported, ignoring
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 3
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> LDAP error: Invalid credentials: bind to LDAP server failed
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> couldn't establish connection in LDAP connection pool: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> dynamic database 'ipa' configuration failed: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> exiting (due to fatal error)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service: control process exited, code=exited status=1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed
> to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
> -- Subject: Unit named-pkcs11.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit named-pkcs11.service has failed.
> --
> -- The result is failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
> named-pkcs11.service entered failed state.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
> Unregistered Authentication Agent for unix-process:3936:380486 (system bus
> name :1.59, object path /org/freedesktop/Policy
>
> Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep
> ipa-dnskeysyncdcat:
>
> [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
> base="dc=internal,dc=emerlyn,dc=com" scope=2 filter="(&(|(objectClass=
> krbprincipalaux)(objectClass=krbprincipal)(objectClass=
> ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM)(krbPrincipalName:
> caseIgnoreIA5Match:=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM)))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH
> base="krbprincipalname=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=
> accounts,dc=internal,dc=emerlyn,dc=com" scope=0 filter="(objectClass=*)"
> attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName
> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
> krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
> ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
> [04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD
> dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=
> accounts,dc=internal,dc=emerlyn,dc=com"
> [04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH
> base="dc=internal,dc=emerlyn,dc=com" scope=2 filter="(&(|(objectClass=
> krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ipa-
> dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM))"
> attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey
> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
> krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
> krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
> krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
> krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
> nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
> ipatokenRadiusConfigLink objectClass"
> [04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0 tag=97
> nentries=0 etime=0 dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at internal.emerlyn.com,cn=services,cn=
> accounts,dc=internal,dc=emerlyn,dc=com"
>
> My environment:
> Freeipa 4.2.0
> OS is Centos 7.2
>
> This is a secondary replica (master) and the other replica can be pinged
> but nslookup and dig fail to provide results even though the values are in
> the /etc/hosts file:
>
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 10.72.100.16 id-management-1.internal.emerlyn.com
> 10.73.100.31 id-management-2.internal.emerlyn.com
>
>
> Any assistance is in solving this would be greatly appreciated and thanks
> for both the great product and the support already provided.
>
> Jeff
>
>
>
>
>
> Hello,
>
> what contains the  /etc/sysconfig/dirsrv file
>
> can you kinit as DNS?
>
> kinit -kt /etc/named.keytab DNS/$HOSTNAME
>
> Martin^2
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/6f3e7c24/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan  5 13:58:31 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 08:58:31 -0500
Subject: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <CA+No-6FXCLufNC7_pym4=ovC1D49w03Y-w2UmbWQcPfkspMpZw@mail.gmail.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
	<495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>
	<CA+No-6FXCLufNC7_pym4=ovC1D49w03Y-w2UmbWQcPfkspMpZw@mail.gmail.com>
Message-ID: <CA+No-6GbmSFcduvg=y8m-xciYymE70_SZWcfWsAy66Mk+RQO9Q@mail.gmail.com>

---------- Forwarded message ----------
From: Jeff Goddard <jgoddard at emerlyn.com>
Date: Thu, Jan 5, 2017 at 8:57 AM
Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
server failed: {'desc': 'Invalid credentials'}
To: Martin Basti <mbasti at redhat.com>




On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti <mbasti at redhat.com> wrote:

>
>
> On 04.01.2017 22:21, Jeff Goddard wrote:
>
> I don't want to hijack someone else's thread but I'm having what appears
> to be the same problem and have not seen a solution presented yet.
>
> Here is the output of journalctl -xe after having tried to start named:
>
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration from '/etc/named.conf'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> reading built-in trusted keys from file '/etc/named.iscdlv.key'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv4 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> using default UDP/IPv6 port range: [1024, 65535]
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv6 interfaces, port 53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface lo, 127.0.0.1#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> listening on IPv4 interface ens32, 10.73.100.31#53
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> generating session key for dynamic DNS
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> sizing zone task pool based on 6 zones
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> set up managed keys zone for view _default, file
> '/var/named/dynamic/managed-keys.bind'
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
> 4.8.5 20150623 (Red Hat 4.8.5-11)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> option 'serial_autoincrement' is not supported, ignoring
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> GSSAPI client step 2
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
> GSSAPI server step 3
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> LDAP error: Invalid credentials: bind to LDAP server failed
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> couldn't establish connection in LDAP connection pool: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> dynamic database 'ipa' configuration failed: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> loading configuration: permission denied
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
> exiting (due to fatal error)
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service: control process exited, code=exited status=1
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed
> to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
> -- Subject: Unit named-pkcs11.service has failed
> -- Defined-By: systemd
> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit named-pkcs11.service has failed.
> --
> -- The result is failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
> named-pkcs11.service entered failed state.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
> named-pkcs11.service failed.
> Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
> Unregistered Authentication Agent for unix-process:3936:380486 (system bus
> name :1.59, object path /org/freedesktop/Policy
>
> Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep
> ipa-dnskeysyncdcat:
>
> [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
> base="dc=internal,dc=emerlyn,dc=com" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbpri
> ncipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias
> =ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> )(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM)))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH
> base="krbprincipalname=ipa-dnskeysyncd/id-management-2.inter
> nal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts
> ,dc=internal,dc=emerlyn,dc=com" scope=0 filter="(objectClass=*)"
> attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName
> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
> krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
> ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
> [04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD
> dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.interna
> l.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,d
> c=internal,dc=emerlyn,dc=com"
> [04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH
> base="dc=internal,dc=emerlyn,dc=com" scope=2
> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbpri
> ncipal))(krbPrincipalName=ipa-dnskeysyncd/id-management-2.in
> ternal.emerlyn.com at INTERNAL.EMERLYN.COM))" attrs="krbPrincipalName
> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
> objectClass"
> [04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0 tag=97
> nentries=0 etime=0 dn="krbprincipalname=ipa-dnskeysyncd/
> id-management-2.internal.emerlyn.com at internal.emerlyn.com
> ,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>
> My environment:
> Freeipa 4.2.0
> OS is Centos 7.2
>
> This is a secondary replica (master) and the other replica can be pinged
> but nslookup and dig fail to provide results even though the values are in
> the /etc/hosts file:
>
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 10.72.100.16 id-management-1.internal.emerlyn.com
> 10.73.100.31 id-management-2.internal.emerlyn.com
>
>
> Any assistance is in solving this would be greatly appreciated and thanks
> for both the great product and the support already provided.
>
> Jeff
>
>
>
>
>
> Hello,
>
> what contains the  /etc/sysconfig/dirsrv file
>
> can you kinit as DNS?
>
> kinit -kt /etc/named.keytab DNS/$HOSTNAME
>
> Martin^2
>
> The kinit -kt /etc/named.keytab DNS/$HOSTNAME command returns nothing
Here is the requested file output:

# This file is sourced by dirsrv upon startup to set
# the default environment for all directory server instances.
# To set instance specific defaults, use the file in the same
# directory called dirsrv-instance where "instance"
# is the name of your directory server instance e.g.
# dirsrv-localhost for the slapd-localhost instance.

# This file is in systemd EnvironmentFile format - see man systemd.exec

# In order to make more file descriptors available
# to the directory server, first make sure the system
# hard limits are raised, then use ulimit - uncomment
# out the following line and change the value to the
# desired value
# ulimit -n 8192
# note - if using systemd, ulimit won't work -  you must edit
# the systemd unit file for directory server to add the
# LimitNOFILE option - see man systemd.exec for more info

# A per instance keytab does not make much sense for servers.
# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN,
there
# is nothing that can make a client understand how to get a per-instance
ticket.
# Therefore by default a keytab should be considered a per server option.

# Also this file is sourced for all instances, so again all
# instances would ultimately get the same keytab.

# Finally a keytab is normally named either krb5.keytab or <service>.keytab

# In order to use SASL/GSSAPI (Kerberos) the directory
# server needs to know where to find its keytab
# file - uncomment the following line and set
# the path and filename appropriately
# if using systemd, omit the "; export VARNAME" at the end

# how many seconds to wait for the startpid file to show
# up before we assume there is a problem and fail to start
# if using systemd, omit the "; export VARNAME" at the end
#STARTPID_TIME=10 ; export STARTPID_TIME
# how many seconds to wait for the pid file to show
# up before we assume there is a problem and fail to start
# if using systemd, omit the "; export VARNAME" at the end
#PID_TIME=600 ; export PID_TIME
KRB5CCNAME=/tmp/krb5cc_389
KRB5_KTNAME=/etc/dirsrv/ds.keytab

I tried to re-install (ipa-install-dns) and here is the install log. I
highlighted in red below where I think the problem may be coming from.

2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [4/8]: setting up kerberos principal
2017-01-05T13:13:47Z DEBUG Starting external process
2017-01-05T13:13:47Z DEBUG args=kadmin.local -q addprinc -randkey DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:47Z DEBUG Process finished, return code=0
2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.

2017-01-05T13:13:47Z DEBUG stderr=WARNING: no policy specified for DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM; defaulting to no
policy
add_principal: Principal or policy already exists while creating "DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM".

2017-01-05T13:13:47Z DEBUG Backing up system configuration file
'/etc/named.keytab'
2017-01-05T13:13:47Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-05T13:13:47Z DEBUG Starting external process
2017-01-05T13:13:47Z DEBUG args=kadmin.local -q ktadd -k /etc/named.keytab
DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:47Z DEBUG Process finished, return code=0
2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type des3-cbc-sha1
added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type arcfour-hmac
added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
camellia128-cts-cmac added to keytab WRFILE:/etc/named.keytab.
Entry for principal DNS/id-management-2.internal.e
merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
camellia256-cts-cmac added to keytab WRFILE:/etc/named.keytab.

2017-01-05T13:13:47Z DEBUG stderr=
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [5/8]: setting up named.conf
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG Saving StateFile to
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
2017-01-05T13:13:47Z DEBUG   [6/8]: setting up server configuration
2017-01-05T13:13:47Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
from SchemaCache
2017-01-05T13:13:47Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c48440>
2017-01-05T13:13:48Z DEBUG raw: dnsserver_add(u'id-management-
2.internal.emerlyn.com', idnssoamname=<DNS name
id-management-2.internal.emerlyn.com.>, version=u'2.213')
2017-01-05T13:13:48Z DEBUG dnsserver_add(u'id-management-
2.internal.emerlyn.com', idnssoamname=<DNS name
id-management-2.internal.emerlyn.com.>, all=False, raw=False,
version=u'2.213')
2017-01-05T13:13:48Z DEBUG raw: dnsserver_mod(u'id-management-
2.internal.emerlyn.com', idnsforwarders=[u'10.72.100.16'],
idnsforwardpolicy=u'only', version=u'2.213')
2017-01-05T13:13:48Z DEBUG dnsserver_mod(u'id-management-
2.internal.emerlyn.com', idnsforwarders=(u'10.72.100.16',),
idnsforwardpolicy=u'only', rights=False, all=False, raw=False,
version=u'2.213')
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:48Z DEBUG Saving StateFile to
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [7/8]: configuring named to start on boot
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl disable named-pkcs11.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG service DNS startup entry already enabled
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop named.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl mask named.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=Created symlink from
/etc/systemd/system/named.service to /dev/null.

2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [8/8]: changing resolv.conf to point to
ourselves
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG Done configuring DNS (named).
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop ipa-dnskeysyncd.service
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=
2017-01-05T13:13:48Z DEBUG stderr=
2017-01-05T13:13:48Z DEBUG Configuring DNS key synchronization service
(ipa-dnskeysyncd)
2017-01-05T13:13:48Z DEBUG   [1/7]: checking status
2017-01-05T13:13:48Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
from SchemaCache
2017-01-05T13:13:48Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2c20>
2017-01-05T13:13:48Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [2/7]: setting up bind-dyndb-ldap working
directory
2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
2017-01-05T13:13:48Z DEBUG   [3/7]: setting up kerberos principal
2017-01-05T13:13:48Z DEBUG Removing service keytab:
/etc/ipa/dnssec/ipa-dnskeysyncd.keytab
2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=kadmin.local -q addprinc -randkey
ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
-x ipa-setup-override-restrictions
2017-01-05T13:13:48Z DEBUG Process finished, return code=0
2017-01-05T13:13:48Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.

2017-01-05T13:13:48Z DEBUG stderr=WARNING: no policy specified for
ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM;
defaulting to no policy
add_principal: Principal or policy already exists while creating
"ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM".

2017-01-05T13:13:48Z DEBUG Starting external process
2017-01-05T13:13:48Z DEBUG args=kadmin.local -q ktadd -k
/etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
ipa-setup-override-restrictions
2017-01-05T13:13:49Z DEBUG Process finished, return code=0
2017-01-05T13:13:49Z DEBUG stdout=Authenticating as principal admin/
admin at INTERNAL.EMERLYN.COM with password.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
keysyncd.keytab.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
keysyncd.keytab.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
des3-cbc-sha1 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
arcfour-hmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
camellia128-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
keysyncd.keytab.
Entry for principal ipa-dnskeysyncd/id-management-
2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
camellia256-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
keysyncd.keytab.

2017-01-05T13:13:49Z DEBUG stderr=
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [4/7]: setting up SoftHSM
2017-01-05T13:13:49Z DEBUG Creating new softhsm config file
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [5/7]: adding DNSSEC containers
2017-01-05T13:13:49Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
from SchemaCache
2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4ec9998>
2017-01-05T13:13:49Z INFO DNSSEC container exists (step skipped)
2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
2017-01-05T13:13:49Z DEBUG   [6/7]: creating replica keys
2017-01-05T13:13:49Z DEBUG Creating replica's key pair
2017-01-05T13:13:49Z DEBUG Storing replica public key to LDAP,
ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=internal
,dc=emerlyn,dc=com
2017-01-05T13:13:49Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
from SchemaCache
2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2830>
2017-01-05T13:13:50Z DEBUG Replica public key stored
2017-01-05T13:13:50Z DEBUG Setting CKA_WRAP=False for old replica keys
2017-01-05T13:13:50Z DEBUG Changing ownership of token files
2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
2017-01-05T13:13:50Z DEBUG   [7/7]: configuring ipa-dnskeysyncd to start on
boot
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl disable
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG service DNSKeySync startup entry already enabled
2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
2017-01-05T13:13:50Z DEBUG Done configuring DNS key synchronization service
(ipa-dnskeysyncd).
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl is-active
ipa-dnskeysyncd.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=0
2017-01-05T13:13:50Z DEBUG stdout=active

2017-01-05T13:13:50Z DEBUG stderr=
2017-01-05T13:13:50Z DEBUG Restarting named
2017-01-05T13:13:50Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-05T13:13:50Z DEBUG Starting external process
2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart named-pkcs11.service
2017-01-05T13:13:50Z DEBUG Process finished, return code=1
2017-01-05T13:13:50Z DEBUG stdout=
2017-01-05T13:13:50Z DEBUG stderr=Job for named-pkcs11.service failed
because the control process exited with error code. See "systemctl status
named-pkcs11.service" and "journalctl -xe" for details.

Thank you for assisting.

-- 
Jeff

Looping in the rest of the previous recipients

-- 
Jeff Goddard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/0936d29f/attachment.htm>

From brian at interlinx.bc.ca  Thu Jan  5 12:22:00 2017
From: brian at interlinx.bc.ca (Brian J. Murrell)
Date: Thu, 05 Jan 2017 07:22:00 -0500
Subject: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
Message-ID: <1483618920.4089.14.camel@interlinx.bc.ca>

On Wed, 2017-01-04 at 16:21 -0500, Jeff Goddard wrote:
> I don't want to hijack someone else's thread but I'm having what
> appears to
> be the same problem and have not seen a solution presented yet.

The problem and solution were presented.  These two messages basically
embody the problem I had:

https://www.redhat.com/archives/freeipa-users/2016-December/msg00310.html
https://www.redhat.com/archives/freeipa-users/2016-December/msg00397.html

Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/a4d8d8dc/attachment.sig>

From mbasti at redhat.com  Thu Jan  5 14:08:26 2017
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 5 Jan 2017 15:08:26 +0100
Subject: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <CA+No-6GbmSFcduvg=y8m-xciYymE70_SZWcfWsAy66Mk+RQO9Q@mail.gmail.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
	<495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>
	<CA+No-6FXCLufNC7_pym4=ovC1D49w03Y-w2UmbWQcPfkspMpZw@mail.gmail.com>
	<CA+No-6GbmSFcduvg=y8m-xciYymE70_SZWcfWsAy66Mk+RQO9Q@mail.gmail.com>
Message-ID: <c5c2b946-8238-a035-65ff-ef5a7541e31e@redhat.com>

Hello,

could you check this link 
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:bindtoLDAPserverfailed

kinit prints nothing when it works, so it works in your case, can you 
after kinit as DNS service try to use ldapsearch -Y GSSAPI ?


Martin



On 05.01.2017 14:58, Jeff Goddard wrote:
>
> ---------- Forwarded message ----------
> From: *Jeff Goddard* <jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>>
> Date: Thu, Jan 5, 2017 at 8:57 AM
> Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP 
> server failed: {'desc': 'Invalid credentials'}
> To: Martin Basti <mbasti at redhat.com <mailto:mbasti at redhat.com>>
>
>
>
>
> On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti <mbasti at redhat.com 
> <mailto:mbasti at redhat.com>> wrote:
>
>
>
>     On 04.01.2017 22:21, Jeff Goddard wrote:
>>     I don't want to hijack someone else's thread but I'm having what
>>     appears to be the same problem and have not seen a solution
>>     presented yet.
>>
>>     Here is the output of journalctl -xe after having tried to start
>>     named:
>>
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     loading configuration from '/etc/named.conf'
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     reading built-in trusted keys from file '/etc/named.iscdlv.key'
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     using default UDP/IPv4 port range: [1024, 65535]
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     using default UDP/IPv6 port range: [1024, 65535]
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     listening on IPv6 interfaces, port 53
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     listening on IPv4 interface lo, 127.0.0.1#53
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     listening on IPv4 interface ens32, 10.73.100.31#53
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     generating session key for dynamic DNS
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     sizing zone task pool based on 6 zones
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     set up managed keys zone for view _default, file
>>     '/var/named/dynamic/managed-keys.bind'
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016,
>>     compiler 4.8.5 20150623 (Red Hat 4.8.5-11)
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     option 'serial_autoincrement' is not supported, ignoring
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     GSSAPI client step 1
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     GSSAPI client step 1
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]:
>>     GSSAPI server step 1
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     GSSAPI client step 1
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]:
>>     GSSAPI server step 2
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     GSSAPI client step 2
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> ns-slapd[2596]:
>>     GSSAPI server step 3
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     LDAP error: Invalid credentials: bind to LDAP server failed
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     couldn't establish connection in LDAP connection pool: permission
>>     denied
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     dynamic database 'ipa' configuration failed: permission denied
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     loading configuration: permission denied
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> named-pkcs11[3948]:
>>     exiting (due to fatal error)
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> systemd[1]:
>>     named-pkcs11.service: control process exited, code=exited status=1
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> systemd[1]: Failed
>>     to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
>>     -- Subject: Unit named-pkcs11.service has failed
>>     -- Defined-By: systemd
>>     -- Support:
>>     http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>>     <http://lists.freedesktop.org/mailman/listinfo/systemd-devel>
>>     --
>>     -- Unit named-pkcs11.service has failed.
>>     --
>>     -- The result is failed.
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> systemd[1]: Unit
>>     named-pkcs11.service entered failed state.
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> systemd[1]:
>>     named-pkcs11.service failed.
>>     Jan 04 15:48:42 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com> polkitd[949]:
>>     Unregistered Authentication Agent for unix-process:3936:380486
>>     (system bus name :1.59, object path /org/freedesktop/Policy
>>
>>     Here are the last four entries of /var/log/dirsrv/slapd-*/access
>>     |grep ipa-dnskeysyncdcat:
>>
>>     [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
>>     base="dc=internal,dc=emerlyn,dc=com" scope=2
>>     filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>)))"
>>     attrs="krbPrincipalName krbCanonicalName krbUPEnabled
>>     krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
>>     krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
>>     krbPwdHistory krbLastPwdChange krbPrincipalAliases
>>     krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
>>     krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
>>     krbObjectReferences krbTicketFlags krbMaxTicketLife
>>     krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
>>     ipaUserAuthType ipatokenRadiusConfigLink objectClass"
>>     [04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH
>>     base="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>>     scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn
>>     gidNumber krbPrincipalName krbCanonicalName
>>     krbTicketPolicyReference krbPrincipalExpiration
>>     krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
>>     krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth
>>     krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock
>>     krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
>>     ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
>>     [04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD
>>     dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>>     [04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH
>>     base="dc=internal,dc=emerlyn,dc=com" scope=2
>>     filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>     <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>))"
>>     attrs="krbPrincipalName krbCanonicalName krbUPEnabled
>>     krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration
>>     krbPasswordExpiration krbPwdPolicyReference krbPrincipalType
>>     krbPwdHistory krbLastPwdChange krbPrincipalAliases
>>     krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
>>     krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
>>     krbObjectReferences krbTicketFlags krbMaxTicketLife
>>     krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData
>>     ipaUserAuthType ipatokenRadiusConfigLink objectClass"
>>     [04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0
>>     tag=97 nentries=0 etime=0
>>     dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at internal.emerlyn.com
>>     <mailto:id-management-2.internal.emerlyn.com at internal.emerlyn.com>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>>
>>     My environment:
>>     Freeipa 4.2.0
>>     OS is Centos 7.2
>>
>>     This is a secondary replica (master) and the other replica can be
>>     pinged but nslookup and dig fail to provide results even though
>>     the values are in the /etc/hosts file:
>>
>>     127.0.0.1   localhost localhost.localdomain localhost4
>>     localhost4.localdomain4
>>     ::1         localhost localhost.localdomain localhost6
>>     localhost6.localdomain6
>>     10.72.100.16 id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     10.73.100.31 id-management-2.internal.emerlyn.com
>>     <http://id-management-2.internal.emerlyn.com>
>>
>>
>>     Any assistance is in solving this would be greatly appreciated
>>     and thanks for both the great product and the support already
>>     provided.
>>
>>     Jeff
>>
>>
>>
>
>
>     Hello,
>
>     what contains the  /etc/sysconfig/dirsrv file
>
>     can you kinit as DNS?
>
>     kinit -kt /etc/named.keytab DNS/$HOSTNAME
>
>     Martin^2
>
> The kinit -kt /etc/named.keytab DNS/$HOSTNAME command returns nothing
> Here is the requested file output:
>
> # This file is sourced by dirsrv upon startup to set
> # the default environment for all directory server instances.
> # To set instance specific defaults, use the file in the same
> # directory called dirsrv-instance where "instance"
> # is the name of your directory server instance e.g.
> # dirsrv-localhost for the slapd-localhost instance.
>
> # This file is in systemd EnvironmentFile format - see man systemd.exec
>
> # In order to make more file descriptors available
> # to the directory server, first make sure the system
> # hard limits are raised, then use ulimit - uncomment
> # out the following line and change the value to the
> # desired value
> # ulimit -n 8192
> # note - if using systemd, ulimit won't work -  you must edit
> # the systemd unit file for directory server to add the
> # LimitNOFILE option - see man systemd.exec for more info
>
> # A per instance keytab does not make much sense for servers.
> # Kerberos clients use the machine FQDN to obtain a ticket like 
> ldap/FQDN, there
> # is nothing that can make a client understand how to get a 
> per-instance ticket.
> # Therefore by default a keytab should be considered a per server option.
>
> # Also this file is sourced for all instances, so again all
> # instances would ultimately get the same keytab.
>
> # Finally a keytab is normally named either krb5.keytab or 
> <service>.keytab
>
> # In order to use SASL/GSSAPI (Kerberos) the directory
> # server needs to know where to find its keytab
> # file - uncomment the following line and set
> # the path and filename appropriately
> # if using systemd, omit the "; export VARNAME" at the end
>
> # how many seconds to wait for the startpid file to show
> # up before we assume there is a problem and fail to start
> # if using systemd, omit the "; export VARNAME" at the end
> #STARTPID_TIME=10 ; export STARTPID_TIME
> # how many seconds to wait for the pid file to show
> # up before we assume there is a problem and fail to start
> # if using systemd, omit the "; export VARNAME" at the end
> #PID_TIME=600 ; export PID_TIME
> KRB5CCNAME=/tmp/krb5cc_389
> KRB5_KTNAME=/etc/dirsrv/ds.keytab
>
> I tried to re-install (ipa-install-dns) and here is the install log. I 
> highlighted in red below where I think the problem may be coming from.
>
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [4/8]: setting up kerberos principal
> 2017-01-05T13:13:47Z DEBUG Starting external process
> 2017-01-05T13:13:47Z DEBUG args=kadmin.local -q addprinc -randkey 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> -x 
> ipa-setup-override-restrictions
> 2017-01-05T13:13:47Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal 
> admin/admin at INTERNAL.EMERLYN.COM <mailto:admin at INTERNAL.EMERLYN.COM> 
> with password.
>
> 2017-01-05T13:13:47Z DEBUG stderr=WARNING: no policy specified for 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>; 
> defaulting to no policy
> add_principal: Principal or policy already exists while creating 
> "DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>".
>
> 2017-01-05T13:13:47Z DEBUG Backing up system configuration file 
> '/etc/named.keytab'
> 2017-01-05T13:13:47Z DEBUG Saving Index File to 
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2017-01-05T13:13:47Z DEBUG Starting external process
> 2017-01-05T13:13:47Z DEBUG args=kadmin.local -q ktadd -k 
> /etc/named.keytab 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> -x 
> ipa-setup-override-restrictions
> 2017-01-05T13:13:47Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal 
> admin/admin at INTERNAL.EMERLYN.COM <mailto:admin at INTERNAL.EMERLYN.COM> 
> with password.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type aes256-cts-hmac-sha1-96 added to keytab 
> WRFILE:/etc/named.keytab.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type aes128-cts-hmac-sha1-96 added to keytab 
> WRFILE:/etc/named.keytab.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type des3-cbc-sha1 added to keytab 
> WRFILE:/etc/named.keytab.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type arcfour-hmac added to keytab 
> WRFILE:/etc/named.keytab.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type camellia128-cts-cmac added to keytab 
> WRFILE:/etc/named.keytab.
> Entry for principal 
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type camellia256-cts-cmac added to keytab 
> WRFILE:/etc/named.keytab.
>
> 2017-01-05T13:13:47Z DEBUG stderr=
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [5/8]: setting up named.conf
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [6/8]: setting up server configuration
> 2017-01-05T13:13:47Z DEBUG flushing 
> ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
> 2017-01-05T13:13:47Z DEBUG retrieving schema for SchemaCache 
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c48440>
> 2017-01-05T13:13:48Z DEBUG raw: 
> dnsserver_add(u'id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>', idnssoamname=<DNS name 
> id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>.>, version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG 
> dnsserver_add(u'id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>', idnssoamname=<DNS name 
> id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>.>, all=False, raw=False, 
> version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG raw: 
> dnsserver_mod(u'id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>', 
> idnsforwarders=[u'10.72.100.16'], idnsforwardpolicy=u'only', 
> version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG 
> dnsserver_mod(u'id-management-2.internal.emerlyn.com 
> <http://id-management-2.internal.emerlyn.com>', 
> idnsforwarders=(u'10.72.100.16',), idnsforwardpolicy=u'only', 
> rights=False, all=False, raw=False, version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:48Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [7/8]: configuring named to start on boot
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl disable 
> named-pkcs11.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG service DNS startup entry already enabled
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop named.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl mask named.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=Created symlink from 
> /etc/systemd/system/named.service to /dev/null.
>
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [8/8]: changing resolv.conf to point to 
> ourselves
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG Done configuring DNS (named).
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop 
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG Configuring DNS key synchronization service 
> (ipa-dnskeysyncd)
> 2017-01-05T13:13:48Z DEBUG   [1/7]: checking status
> 2017-01-05T13:13:48Z DEBUG flushing 
> ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
> 2017-01-05T13:13:48Z DEBUG retrieving schema for SchemaCache 
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2c20>
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Saving StateFile to 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [2/7]: setting up bind-dyndb-ldap working 
> directory
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [3/7]: setting up kerberos principal
> 2017-01-05T13:13:48Z DEBUG Removing service keytab: 
> /etc/ipa/dnssec/ipa-dnskeysyncd.keytab
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=kadmin.local -q addprinc -randkey 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> -x 
> ipa-setup-override-restrictions
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=Authenticating as principal 
> admin/admin at INTERNAL.EMERLYN.COM <mailto:admin at INTERNAL.EMERLYN.COM> 
> with password.
>
> 2017-01-05T13:13:48Z DEBUG stderr=WARNING: no policy specified for 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>; 
> defaulting to no policy
> add_principal: Principal or policy already exists while creating 
> "ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>".
>
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=kadmin.local -q ktadd -k 
> /etc/ipa/dnssec/ipa-dnskeysyncd.keytab 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> -x 
> ipa-setup-override-restrictions
> 2017-01-05T13:13:49Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:49Z DEBUG stdout=Authenticating as principal 
> admin/admin at INTERNAL.EMERLYN.COM <mailto:admin at INTERNAL.EMERLYN.COM> 
> with password.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type aes256-cts-hmac-sha1-96 added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type aes128-cts-hmac-sha1-96 added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type des3-cbc-sha1 added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type arcfour-hmac added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type camellia128-cts-cmac added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
> Entry for principal 
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM 
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM> 
> with kvno 7, encryption type camellia256-cts-cmac added to keytab 
> WRFILE:/etc/ipa/dnssec/ipa-dnskeysyncd.keytab.
>
> 2017-01-05T13:13:49Z DEBUG stderr=
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [4/7]: setting up SoftHSM
> 2017-01-05T13:13:49Z DEBUG Creating new softhsm config file
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [5/7]: adding DNSSEC containers
> 2017-01-05T13:13:49Z DEBUG flushing 
> ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
> 2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache 
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4ec9998>
> 2017-01-05T13:13:49Z INFO DNSSEC container exists (step skipped)
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [6/7]: creating replica keys
> 2017-01-05T13:13:49Z DEBUG Creating replica's key pair
> 2017-01-05T13:13:49Z DEBUG Storing replica public key to LDAP, 
> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=internal,dc=emerlyn,dc=com
> 2017-01-05T13:13:49Z DEBUG flushing 
> ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
> 2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache 
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket 
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2830>
> 2017-01-05T13:13:50Z DEBUG Replica public key stored
> 2017-01-05T13:13:50Z DEBUG Setting CKA_WRAP=False for old replica keys
> 2017-01-05T13:13:50Z DEBUG Changing ownership of token files
> 2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:50Z DEBUG   [7/7]: configuring ipa-dnskeysyncd to 
> start on boot
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl disable 
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG service DNSKeySync startup entry already 
> enabled
> 2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:50Z DEBUG Done configuring DNS key synchronization 
> service (ipa-dnskeysyncd).
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart 
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl is-active 
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=active
>
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG Restarting named
> 2017-01-05T13:13:50Z DEBUG Loading StateFile from 
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart 
> named-pkcs11.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=1
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=Job for named-pkcs11.service failed 
> because the control process exited with error code. See "systemctl 
> status named-pkcs11.service" and "journalctl -xe" for details.
>
> Thank you for assisting.
>
> -- 
> Jeff
>
> Looping in the rest of the previous recipients
>
> -- 
> Jeff Goddard
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/11080cf1/attachment.htm>

From flo at redhat.com  Thu Jan  5 14:10:53 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Thu, 5 Jan 2017 15:10:53 +0100
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
Message-ID: <9988ea17-db76-aa1f-3009-387819189354@redhat.com>

On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
> From the logs:
> /var/log/dirsrv/slapd-DOMAIN-COM/errors
> ... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
> [04/Jan/2017:12:14:21.392642021 -0600] slapd started.  Listening on All
> Interfaces port 389 for LDAP requests
>
> /var/log/dirsrv/slapd-DOMAIN-COM/access
> ... lots of entries, not sure what to look for some lines contain RESULT
> with err!=0
> [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT err=32
> tag=101 nentries=0 etime=0
> [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT err=14 tag=97
> nentries=0 etime=0, SASL bind in progress
>
Hi Daniel,

are there any RESULT err=48 that could correspond to the error seen on 
pki logs?

Flo

> /var/log/dirsrv/slapd-DOMAIN-COM/errors
> [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down - signaling
> operation threads - op stack size 5 max work q size 2 max work q stack
> size 2
> [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down - closing
> down internal subsystems and plugins
>
>
> 2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
> <mailto:daniel at schimpfoessl.com>>:
>
>     Do you have a list of all log files involved in IPA?
>     Would be good to consolidate them into ELK for analysis.
>
>     2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>     <mailto:flo at redhat.com>>:
>
>         On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>
>             Thanks for your reply.
>
>             This was the initial error I asked for help a while ago and
>             did not get
>             resolved. Further digging showed the recent errors.
>             The service was running (using ipactl start --force) and
>             only after a
>             restart I am getting a stack trace for two primary messages:
>
>             Could not connect to LDAP server host wwgwho01.webwim.com
>             <http://wwgwho01.webwim.com>
>             <http://wwgwho01.webwim.com> port 636 Error
>             netscape.ldap.LDAPException:
>             Authentication failed (48)
>             ...
>
>             Internal Database Error encountered: Could not connect to
>             LDAP server
>             host wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>             <http://wwgwho01.webwim.com> port 636 Error
>             netscape.ldap.LDAPException: Authentication failed (48)
>             ...
>
>             and finally:
>             [02/Jan/2017:12:20:34][localhost-startStop-1]:
>             CMSEngine.shutdown()
>
>
>             2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>             <flo at redhat.com <mailto:flo at redhat.com>
>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>
>                 systemctl start pki-tomcatd at pki-tomcat.service
>
>
>
>         Hi Daniel,
>
>         the next step would be to understand the root cause of this
>         "Authentication failed (48)" error. Note the exact time of this
>         log and look for a corresponding log in the LDAP server logs
>         (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing
>         BIND with err=48. This may help diagnose the issue (if we can
>         see which certificate is used for the bind or if there is a
>         specific error message).
>
>         For the record, a successful bind over SSL would produce this
>         type of log where we can see the certificate subject and the
>         user mapped to this certificate:
>         [...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
>         10.34.58.150
>         [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>         Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>; issuer
>         CN=Certificate Authority,O=DOMAIN.COM <http://DOMAIN.COM>
>         [...] conn=47 TLS1.2 client bound as uid=pkidbuser,ou=people,o=ipaca
>         [...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
>         [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
>         dn="uid=pkidbuser,ou=people,o=ipaca"
>
>         Flo
>
>
>



From jhrozek at redhat.com  Thu Jan  5 14:38:02 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Thu, 5 Jan 2017 15:38:02 +0100
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <1588224621.467679.1483623416628@mail.yahoo.com>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
Message-ID: <20170105143802.lbpiwk5g5qmygyku@hendrix>

On Thu, Jan 05, 2017 at 01:36:56PM +0000, James Harrison wrote:
> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
> I get 1 rule returned, which I expect.
> Many thanks,James Harrison

I would check if (with the help of ldbsearch against the sssd cache or
with the help of the sudo logs) if the rule is really the one you are
expecting or if it's just the cn=defaults rule.

If it's just cn=defaults, then I would check if the rules are downloaded
(sssd always downloads all rules applicable for the host IIRC) or if
they just don't match the filter that you can see in the debug message
from sudosrv_get_sudorules_query_cache. Keep in mind that this is a
filter that applies for the sssd cache, not LDAP.

And lastly, if the rules are downloaded as expected, the sudo rules
would tell you why the rule didn't match.

All in all, this document:
    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
describes how to troubleshoot the sudo integration.



From jgoddard at emerlyn.com  Thu Jan  5 14:48:49 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 09:48:49 -0500
Subject: [Freeipa-users] Fwd: ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <c5c2b946-8238-a035-65ff-ef5a7541e31e@redhat.com>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
	<495fb283-07e7-30b6-333e-3ca75a1bf3cb@redhat.com>
	<CA+No-6FXCLufNC7_pym4=ovC1D49w03Y-w2UmbWQcPfkspMpZw@mail.gmail.com>
	<CA+No-6GbmSFcduvg=y8m-xciYymE70_SZWcfWsAy66Mk+RQO9Q@mail.gmail.com>
	<c5c2b946-8238-a035-65ff-ef5a7541e31e@redhat.com>
Message-ID: <CA+No-6GaxJhBf6rMb9kwr3ZJRJA3JUu=VV4VyGbetLUbRr8a6Q@mail.gmail.com>

I cannot. I get:

dap_sasl_interactive_bind_s: Can't contact LDAP server (-1)


On Thu, Jan 5, 2017 at 9:08 AM, Martin Basti <mbasti at redhat.com> wrote:

> Hello,
>
> could you check this link https://fedorahosted.org/bind-
> dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:
> bindtoLDAPserverfailed
>
> kinit prints nothing when it works, so it works in your case, can you
> after kinit as DNS service try to use ldapsearch -Y GSSAPI ?
>
>
> Martin
>
>
>
> On 05.01.2017 14:58, Jeff Goddard wrote:
>
>
> ---------- Forwarded message ----------
> From: Jeff Goddard <jgoddard at emerlyn.com>
> Date: Thu, Jan 5, 2017 at 8:57 AM
> Subject: Re: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
> server failed: {'desc': 'Invalid credentials'}
> To: Martin Basti <mbasti at redhat.com>
>
>
>
>
> On Thu, Jan 5, 2017 at 3:43 AM, Martin Basti <mbasti at redhat.com> wrote:
>
>>
>>
>> On 04.01.2017 22:21, Jeff Goddard wrote:
>>
>> I don't want to hijack someone else's thread but I'm having what appears
>> to be the same problem and have not seen a solution presented yet.
>>
>> Here is the output of journalctl -xe after having tried to start named:
>>
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> loading configuration from '/etc/named.conf'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> reading built-in trusted keys from file '/etc/named.iscdlv.key'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> using default UDP/IPv4 port range: [1024, 65535]
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> using default UDP/IPv6 port range: [1024, 65535]
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv6 interfaces, port 53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv4 interface lo, 127.0.0.1#53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> listening on IPv4 interface ens32, 10.73.100.31#53
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> generating session key for dynamic DNS
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> sizing zone task pool based on 6 zones
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> set up managed keys zone for view _default, file
>> '/var/named/dynamic/managed-keys.bind'
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> bind-dyndb-ldap version 10.0 compiled at 18:06:06 Nov 11 2016, compiler
>> 4.8.5 20150623 (Red Hat 4.8.5-11)
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> option 'serial_autoincrement' is not supported, ignoring
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 2
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> GSSAPI client step 2
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com ns-slapd[2596]:
>> GSSAPI server step 3
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> LDAP error: Invalid credentials: bind to LDAP server failed
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> couldn't establish connection in LDAP connection pool: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> dynamic database 'ipa' configuration failed: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> loading configuration: permission denied
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com named-pkcs11[3948]:
>> exiting (due to fatal error)
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
>> named-pkcs11.service: control process exited, code=exited status=1
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Failed
>> to start Berkeley Internet Name Domain (DNS) with native PKCS#11.
>> -- Subject: Unit named-pkcs11.service has failed
>> -- Defined-By: systemd
>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit named-pkcs11.service has failed.
>> --
>> -- The result is failed.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]: Unit
>> named-pkcs11.service entered failed state.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com systemd[1]:
>> named-pkcs11.service failed.
>> Jan 04 15:48:42 id-management-2.internal.emerlyn.com polkitd[949]:
>> Unregistered Authentication Agent for unix-process:3936:380486 (system bus
>> name :1.59, object path /org/freedesktop/Policy
>>
>> Here are the last four entries of /var/log/dirsrv/slapd-*/access |grep
>> ipa-dnskeysyncdcat:
>>
>> [04/Jan/2017:15:28:37.463224739 -0500] conn=5 op=1129 SRCH
>> base="dc=internal,dc=emerlyn,dc=com" scope=2
>> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbpri
>> ncipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias
>> =ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERN
>> AL.EMERLYN.COM)(krbPrincipalName:caseIgnoreIA5Match:=ipa-dnskeysyncd/
>> id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM)))"
>> attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey
>> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
>> krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange
>> krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth
>> krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
>> krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge
>> nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType
>> ipatokenRadiusConfigLink objectClass"
>> [04/Jan/2017:15:28:37.464739661 -0500] conn=5 op=1133 SRCH
>> base="krbprincipalname=ipa-dnskeysyncd/id-management-2.inter
>> nal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts
>> ,dc=internal,dc=emerlyn,dc=com" scope=0 filter="(objectClass=*)"
>> attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName
>> krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration
>> krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases
>> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
>> krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript
>> ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
>> [04/Jan/2017:15:28:37.465851372 -0500] conn=5 op=1134 MOD
>> dn="krbprincipalname=ipa-dnskeysyncd/id-management-2.interna
>> l.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,d
>> c=internal,dc=emerlyn,dc=com"
>> [04/Jan/2017:15:28:37.474974775 -0500] conn=6 op=1372 SRCH
>> base="dc=internal,dc=emerlyn,dc=com" scope=2
>> filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbpri
>> ncipal))(krbPrincipalName=ipa-dnskeysyncd/id-management-2.in
>> ternal.emerlyn.com at INTERNAL.EMERLYN.COM))" attrs="krbPrincipalName
>> krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference
>> krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference
>> krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases
>> krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount
>> krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
>> krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock
>> passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink
>> objectClass"
>> [04/Jan/2017:15:28:37.482436172 -0500] conn=281 op=2 RESULT err=0 tag=97
>> nentries=0 etime=0 dn="krbprincipalname=ipa-dnskeysyncd/
>> id-management-2.internal.emerlyn.com at internal.emerlyn.com
>> ,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com"
>>
>> My environment:
>> Freeipa 4.2.0
>> OS is Centos 7.2
>>
>> This is a secondary replica (master) and the other replica can be pinged
>> but nslookup and dig fail to provide results even though the values are in
>> the /etc/hosts file:
>>
>> 127.0.0.1   localhost localhost.localdomain localhost4
>> localhost4.localdomain4
>> ::1         localhost localhost.localdomain localhost6
>> localhost6.localdomain6
>> 10.72.100.16 id-management-1.internal.emerlyn.com
>> 10.73.100.31 id-management-2.internal.emerlyn.com
>>
>>
>> Any assistance is in solving this would be greatly appreciated and thanks
>> for both the great product and the support already provided.
>>
>> Jeff
>>
>>
>>
>>
>>
>> Hello,
>>
>> what contains the  /etc/sysconfig/dirsrv file
>>
>> can you kinit as DNS?
>>
>> kinit -kt /etc/named.keytab DNS/$HOSTNAME
>>
>> Martin^2
>>
>> The kinit -kt /etc/named.keytab DNS/$HOSTNAME command returns nothing
> Here is the requested file output:
>
> # This file is sourced by dirsrv upon startup to set
> # the default environment for all directory server instances.
> # To set instance specific defaults, use the file in the same
> # directory called dirsrv-instance where "instance"
> # is the name of your directory server instance e.g.
> # dirsrv-localhost for the slapd-localhost instance.
>
> # This file is in systemd EnvironmentFile format - see man systemd.exec
>
> # In order to make more file descriptors available
> # to the directory server, first make sure the system
> # hard limits are raised, then use ulimit - uncomment
> # out the following line and change the value to the
> # desired value
> # ulimit -n 8192
> # note - if using systemd, ulimit won't work -  you must edit
> # the systemd unit file for directory server to add the
> # LimitNOFILE option - see man systemd.exec for more info
>
> # A per instance keytab does not make much sense for servers.
> # Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN,
> there
> # is nothing that can make a client understand how to get a per-instance
> ticket.
> # Therefore by default a keytab should be considered a per server option.
>
> # Also this file is sourced for all instances, so again all
> # instances would ultimately get the same keytab.
>
> # Finally a keytab is normally named either krb5.keytab or <service>.keytab
>
> # In order to use SASL/GSSAPI (Kerberos) the directory
> # server needs to know where to find its keytab
> # file - uncomment the following line and set
> # the path and filename appropriately
> # if using systemd, omit the "; export VARNAME" at the end
>
> # how many seconds to wait for the startpid file to show
> # up before we assume there is a problem and fail to start
> # if using systemd, omit the "; export VARNAME" at the end
> #STARTPID_TIME=10 ; export STARTPID_TIME
> # how many seconds to wait for the pid file to show
> # up before we assume there is a problem and fail to start
> # if using systemd, omit the "; export VARNAME" at the end
> #PID_TIME=600 ; export PID_TIME
> KRB5CCNAME=/tmp/krb5cc_389
> KRB5_KTNAME=/etc/dirsrv/ds.keytab
>
> I tried to re-install (ipa-install-dns) and here is the install log. I
> highlighted in red below where I think the problem may be coming from.
>
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [4/8]: setting up kerberos principal
> 2017-01-05T13:13:47Z DEBUG Starting external process
> 2017-01-05T13:13:47Z DEBUG args=kadmin.local -q addprinc -randkey DNS/
> id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
> ipa-setup-override-restrictions
> 2017-01-05T13:13:47Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
> admin at INTERNAL.EMERLYN.COM with password.
>
> 2017-01-05T13:13:47Z DEBUG stderr=WARNING: no policy specified for DNS/
> id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM; defaulting to
> no policy
> add_principal: Principal or policy already exists while creating "DNS/
> id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM".
>
> 2017-01-05T13:13:47Z DEBUG Backing up system configuration file
> '/etc/named.keytab'
> 2017-01-05T13:13:47Z DEBUG Saving Index File to
> '/var/lib/ipa/sysrestore/sysrestore.index'
> 2017-01-05T13:13:47Z DEBUG Starting external process
> 2017-01-05T13:13:47Z DEBUG args=kadmin.local -q ktadd -k /etc/named.keytab
> DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
> ipa-setup-override-restrictions
> 2017-01-05T13:13:47Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:47Z DEBUG stdout=Authenticating as principal admin/
> admin at INTERNAL.EMERLYN.COM with password.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/named.keytab.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> des3-cbc-sha1 added to keytab WRFILE:/etc/named.keytab.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type arcfour-hmac
> added to keytab WRFILE:/etc/named.keytab.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> camellia128-cts-cmac added to keytab WRFILE:/etc/named.keytab.
> Entry for principal DNS/id-management-2.internal.e
> merlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> camellia256-cts-cmac added to keytab WRFILE:/etc/named.keytab.
>
> 2017-01-05T13:13:47Z DEBUG stderr=
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [5/8]: setting up named.conf
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:47Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:47Z DEBUG   [6/8]: setting up server configuration
> 2017-01-05T13:13:47Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> from SchemaCache
> 2017-01-05T13:13:47Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c48440>
> 2017-01-05T13:13:48Z DEBUG raw: dnsserver_add(u'id-management-
> 2.internal.emerlyn.com', idnssoamname=<DNS name
> id-management-2.internal.emerlyn.com.>, version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG dnsserver_add(u'id-management-
> 2.internal.emerlyn.com', idnssoamname=<DNS name
> id-management-2.internal.emerlyn.com.>, all=False, raw=False,
> version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG raw: dnsserver_mod(u'id-management-
> 2.internal.emerlyn.com', idnsforwarders=[u'10.72.100.16'],
> idnsforwardpolicy=u'only', version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG dnsserver_mod(u'id-management-
> 2.internal.emerlyn.com', idnsforwarders=(u'10.72.100.16',),
> idnsforwardpolicy=u'only', rights=False, all=False, raw=False,
> version=u'2.213')
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:48Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysupgrade/sysupgrade.state'
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [7/8]: configuring named to start on boot
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl disable named-pkcs11.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG service DNS startup entry already enabled
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop named.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl mask named.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=Created symlink from
> /etc/systemd/system/named.service to /dev/null.
>
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [8/8]: changing resolv.conf to point to
> ourselves
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG Done configuring DNS (named).
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=/bin/systemctl stop ipa-dnskeysyncd.service
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=
> 2017-01-05T13:13:48Z DEBUG stderr=
> 2017-01-05T13:13:48Z DEBUG Configuring DNS key synchronization service
> (ipa-dnskeysyncd)
> 2017-01-05T13:13:48Z DEBUG   [1/7]: checking status
> 2017-01-05T13:13:48Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> from SchemaCache
> 2017-01-05T13:13:48Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2c20>
> 2017-01-05T13:13:48Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG Saving StateFile to
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [2/7]: setting up bind-dyndb-ldap working
> directory
> 2017-01-05T13:13:48Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:48Z DEBUG   [3/7]: setting up kerberos principal
> 2017-01-05T13:13:48Z DEBUG Removing service keytab:
> /etc/ipa/dnssec/ipa-dnskeysyncd.keytab
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=kadmin.local -q addprinc -randkey
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> -x ipa-setup-override-restrictions
> 2017-01-05T13:13:48Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:48Z DEBUG stdout=Authenticating as principal admin/
> admin at INTERNAL.EMERLYN.COM with password.
>
> 2017-01-05T13:13:48Z DEBUG stderr=WARNING: no policy specified for
> ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM;
> defaulting to no policy
> add_principal: Principal or policy already exists while creating
> "ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> ".
>
> 2017-01-05T13:13:48Z DEBUG Starting external process
> 2017-01-05T13:13:48Z DEBUG args=kadmin.local -q ktadd -k
> /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM -x
> ipa-setup-override-restrictions
> 2017-01-05T13:13:49Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:49Z DEBUG stdout=Authenticating as principal admin/
> admin at INTERNAL.EMERLYN.COM with password.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> des3-cbc-sha1 added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> arcfour-hmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> camellia128-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
> Entry for principal ipa-dnskeysyncd/id-management-
> 2.internal.emerlyn.com at INTERNAL.EMERLYN.COM with kvno 7, encryption type
> camellia256-cts-cmac added to keytab WRFILE:/etc/ipa/dnssec/ipa-dns
> keysyncd.keytab.
>
> 2017-01-05T13:13:49Z DEBUG stderr=
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [4/7]: setting up SoftHSM
> 2017-01-05T13:13:49Z DEBUG Creating new softhsm config file
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [5/7]: adding DNSSEC containers
> 2017-01-05T13:13:49Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> from SchemaCache
> 2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4ec9998>
> 2017-01-05T13:13:49Z INFO DNSSEC container exists (step skipped)
> 2017-01-05T13:13:49Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:49Z DEBUG   [6/7]: creating replica keys
> 2017-01-05T13:13:49Z DEBUG Creating replica's key pair
> 2017-01-05T13:13:49Z DEBUG Storing replica public key to LDAP,
> ipk11UniqueId=autogenerate,cn=keys,cn=sec,cn=dns,dc=internal
> ,dc=emerlyn,dc=com
> 2017-01-05T13:13:49Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> from SchemaCache
> 2017-01-05T13:13:49Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4eb2830>
> 2017-01-05T13:13:50Z DEBUG Replica public key stored
> 2017-01-05T13:13:50Z DEBUG Setting CKA_WRAP=False for old replica keys
> 2017-01-05T13:13:50Z DEBUG Changing ownership of token files
> 2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:50Z DEBUG   [7/7]: configuring ipa-dnskeysyncd to start
> on boot
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl disable
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG service DNSKeySync startup entry already enabled
> 2017-01-05T13:13:50Z DEBUG   duration: 0 seconds
> 2017-01-05T13:13:50Z DEBUG Done configuring DNS key synchronization
> service (ipa-dnskeysyncd).
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl is-active
> ipa-dnskeysyncd.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=0
> 2017-01-05T13:13:50Z DEBUG stdout=active
>
> 2017-01-05T13:13:50Z DEBUG stderr=
> 2017-01-05T13:13:50Z DEBUG Restarting named
> 2017-01-05T13:13:50Z DEBUG Loading StateFile from
> '/var/lib/ipa/sysrestore/sysrestore.state'
> 2017-01-05T13:13:50Z DEBUG Starting external process
> 2017-01-05T13:13:50Z DEBUG args=/bin/systemctl restart named-pkcs11.service
> 2017-01-05T13:13:50Z DEBUG Process finished, return code=1
> 2017-01-05T13:13:50Z DEBUG stdout=
> 2017-01-05T13:13:50Z DEBUG stderr=Job for named-pkcs11.service failed
> because the control process exited with error code. See "systemctl status
> named-pkcs11.service" and "journalctl -xe" for details.
>
> Thank you for assisting.
>
> --
> Jeff
>
> Looping in the rest of the previous recipients
>
> --
> Jeff Goddard
>
>
>
>
>
>


-- 
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/f430731a/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan  5 14:51:59 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 09:51:59 -0500
Subject: [Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP
 server failed: {'desc': 'Invalid credentials'}
In-Reply-To: <1483618920.4089.14.camel@interlinx.bc.ca>
References: <1481946787.11959.7.camel@interlinx.bc.ca>
	<1481999421.11959.23.camel@interlinx.bc.ca>
	<9efb76bf-524e-6f3f-64e3-27e1d12b83d1@redhat.com>
	<1482149965.28211.15.camel@interlinx.bc.ca>
	<c872041f-b7fe-a3c9-c949-17b28d9c8d07@redhat.com>
	<1482179085.28211.36.camel@interlinx.bc.ca>
	<ef9e2b81-885c-6447-3d04-865ee2011d26@redhat.com>
	<1482234065.28211.55.camel@interlinx.bc.ca>
	<89d5a584-ad8f-a022-65a9-0fff1e0d6ea5@redhat.com>
	<1482321907.28211.102.camel@interlinx.bc.ca>
	<d582c02a-3b61-6b78-f6d4-21ce84545c02@redhat.com>
	<CA+No-6G9eriuj+sU8S24zqddNaFZLsuWrG5whCO169GkLb6kww@mail.gmail.com>
	<1483618920.4089.14.camel@interlinx.bc.ca>
Message-ID: <CA+No-6HgSu4i=pooJgB=G_Bh7U1jE2myfbXXP2by1_DnKEQYhg@mail.gmail.com>

I guess my issue it totally different then as the files I have contain the
correct values. I'll resubmit a new email with the correct subject line so
as to start fresh.

Thanks,

Jeff

On Thu, Jan 5, 2017 at 7:22 AM, Brian J. Murrell <brian at interlinx.bc.ca>
wrote:

> On Wed, 2017-01-04 at 16:21 -0500, Jeff Goddard wrote:
> > I don't want to hijack someone else's thread but I'm having what
> > appears to
> > be the same problem and have not seen a solution presented yet.
>
> The problem and solution were presented.  These two messages basically
> embody the problem I had:
>
> https://www.redhat.com/archives/freeipa-users/2016-December/msg00310.html
> https://www.redhat.com/archives/freeipa-users/2016-December/msg00397.html
>
> Cheers,
> b.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/64b32684/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan  5 15:11:28 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 10:11:28 -0500
Subject: [Freeipa-users] DNS service fails to start on replica master
Message-ID: <CA+No-6H8NS5A7UuF2sSjiR9_Z6BC_O+VF16RN6yhv83Wvma+4w@mail.gmail.com>

I'm starting a new thread rather than continuing to submit under:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.

My problem is that I cannot get the DNS service to start on one of my
replica masters. From the previous message thread:

Hello,

could you check this link https://fedorahosted.org/bind-
dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:
bindtoLDAPserverfailed

kinit prints nothing when it works, so it works in your case, can you after
kinit as DNS service try to use ldapsearch -Y GSSAPI ?


Martin

Reading the article and following the steps I get this as a result of:

ipa privilege-show 'DNS Servers' --all --raw

  dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com
  cn: DNS Servers
  description: DNS Servers
  member: krbprincipalname=DNS/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=ipa-dnskeysyncd/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=DNS/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=ipa-dnskeysyncd/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=ipa-dnskeysyncd/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
+nsuniqueid=be8eda7e-fcd311e5-859e9ada-0ab343c0,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  member: krbprincipalname=DNS/
id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Read DNS
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Write DNS
Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Add DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Manage DNSSEC
keys,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Manage DNSSEC
metadata,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Read DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Remove DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  memberof: cn=System: Update DNS
Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
  objectClass: top
  objectClass: groupofnames
  objectClass: nestedgroup


Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/ab2f5eac/attachment.htm>

From rcritten at redhat.com  Thu Jan  5 15:17:14 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Thu, 5 Jan 2017 10:17:14 -0500
Subject: [Freeipa-users] IPA to IPA migration
In-Reply-To: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>
References: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>
Message-ID: <586E637A.5060107@redhat.com>

Timothy Geier wrote:
> This is something I?ve looked at lately and a manual proof of concept I
> just did (using ideas from
> https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA)
> makes it seem theoretically possible (though it looks like, barring the
> migration of the kerberos master key, all enrolled hosts would need to
> use ipa-getkeytab to get a replacement keytab from the new server and
> copy it to /etc/krb5.keytab so that sssd will work properly..the
> alternative is re-enrollment.  All other keytabs in use by other
> applications would have to be similarly replaced).  

Why migrate at all?

> Is https://fedorahosted.org/freeipa/ticket/3656 something that?s coming
> sooner or later to a future version of FreeIPA?  Has anyone done a
> manual migration on a moderate-to-large setup?

Based on where it sits now later seems more probable. I've always seen
this as a way to avert catastrophe, like your only CA just died, not as
a way to move between versions. So it depends on what your use case is,
and if it's a good one, that could affect the timing of the work.

rob



From yohan.jarosz at uni.lu  Thu Jan  5 15:34:59 2017
From: yohan.jarosz at uni.lu (Yohan JAROSZ)
Date: Thu, 5 Jan 2017 15:34:59 +0000
Subject: [Freeipa-users] Replica issue / Certificate Authority
In-Reply-To: <20170105063326.GI4539@dhcp-40-8.bne.redhat.com>
References: <CAC1p530pjJTox0Y9AHf1b=5b2zJ4Nq+cDB+QLySZNFPBVNjudg@mail.gmail.com>
	<CAC1p532+V=fnBvBN-80LHxAOidytEE3ydvcSd0+ia+T6xnOiUA@mail.gmail.com>
	<58546ABE.30203@redhat.com>
	<20161218231057.GD4232@dhcp-40-8.bne.redhat.com>
	<2EBB29CB9A8F494FB5253F6AF2E6A1985531CF99@hoshi.uni.lux>
	<1027c132-0de3-4e4f-e919-2c97bbef7aba@redhat.com>
	<35F45570-5827-4C22-B022-D92AF10DA126@uni.lu>
	<20170105063326.GI4539@dhcp-40-8.bne.redhat.com>
Message-ID: <882CB70E-0877-4D28-92FF-7418DF9620F0@uni.lu>

Hi

@Fraser,
tried the commands and certificates matched in both cases.


@everyone
I tried to look a little bit in the code, and the only references I saw are in
https://github.com/freeipa/freeipa/blob/master/install/certmonger/dogtag-ipa-ca-renew-agent-submit (4 references)
And the only one that could fit is this one:
https://github.com/freeipa/freeipa/blob/master/install/certmonger/dogtag-ipa-ca-renew-agent-submit#L142
as our cookie seems to be empty (ca-error: Invalid cookie: '')
and this is the only condition of the 4 that does only test for ?  None ?, the other 3 are testing for None, empty strings, ? and it should be false.

meaning that somehow the cookie is set somewhere but with no value?

Anyway, do you think it can impact our setup?
Instead of trying to resolve the issue, we could also delete this replica and replicate a new one instead?

What do you think?



Yohan
Doing the following up for Christophe.



On 05 Jan 2017, at 07:33, Fraser Tweedale <ftweedal at redhat.com<mailto:ftweedal at redhat.com>> wrote:

On Wed, Jan 04, 2017 at 01:19:19PM +0000, Christophe TREFOIS wrote:
Hi Florence,

I did what you said, and then the status went to CA_WORKING. Then I restart ipa and certmonger and the status went to CA_UNREACHABLE.
Then i did ?resubmit? again and now the status is back to MONITORING, but the cookie error is back.

Any advice?

I have encountered the cookie error before. IIRC it was caused by
authn certs in Dogtag user entries not matching the client certs
used.

Check the following entries:

1. ``ldapsearch -LLL -D cn=directory\ manager -w4me2Test \
  -b uid=pkidbuser,ou=people,o=ipaca userCertificate``

  should match

  ``certutil -d /etc/pki/pki-tomcat/alias -L -n "subsystemCert cert-pki-ca"``

2. ``ldapsearch -LLL -D cn=directory\ manager -w4me2Test \
  -b uid=ipara,ou=people,o=ipaca userCertificate``

  should match

  ``certutil -d /etc/httpd/alias -L -n "ipaCert"``

If either of these do not match, update LDAP with what is in the
certificate databases (a.k.a. NSSDBs).  Ensure all certs are
non-expired, etc.

HTH,
Fraser


[root at lums3 ~]# getcert list -n ipaCert
Number of certificates and requests being tracked: 8.
Request ID '20161216025136':
status: MONITORING
ca-error: Invalid cookie: ''
stuck: no
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=UNI.LU
subject: CN=IPA RA,O=UNI.LU
expires: 2018-12-16 03:13:48 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes

--

Dr Christophe Trefois, Dipl.-Ing.
Technical Specialist / Post-Doc

UNIVERSIT? DU LUXEMBOURG

LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
Campus Belval | House of Biomedicine
6, avenue du Swing
L-4367 Belvaux
T: +352 46 66 44 6124
F: +352 46 66 44 6949
http://www.uni.lu/lcsb <http://www.uni.lu/lcsb>
<https://www.facebook.com/trefex>   <https://twitter.com/Trefex>   <https://plus.google.com/+ChristopheTrefois/>   <https://www.linkedin.com/in/trefoischristophe>   <http://skype:Trefex?call<http://skype:trefex?call>>
----
This message is confidential and may contain privileged information.
It is intended for the named recipient only.
If you receive it in error please notify me and permanently delete the original message and any copies.
----



On 4 Jan 2017, at 13:49, Florence Blanc-Renaud <flo at redhat.com<mailto:flo at redhat.com>> wrote:

getcert resubmit -i <id for ipaCert>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/2ac78605/attachment.htm>

From tkrizek at redhat.com  Thu Jan  5 16:50:09 2017
From: tkrizek at redhat.com (Tomas Krizek)
Date: Thu, 5 Jan 2017 17:50:09 +0100
Subject: [Freeipa-users] DNS service fails to start on replica master
In-Reply-To: <CA+No-6H8NS5A7UuF2sSjiR9_Z6BC_O+VF16RN6yhv83Wvma+4w@mail.gmail.com>
References: <CA+No-6H8NS5A7UuF2sSjiR9_Z6BC_O+VF16RN6yhv83Wvma+4w@mail.gmail.com>
Message-ID: <35261264-14d6-0640-c800-65bde296a359@redhat.com>

On 01/05/2017 04:11 PM, Jeff Goddard wrote:
> I'm starting a new thread rather than continuing to submit under:
> https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.
>
> My problem is that I cannot get the DNS service to start on one of my
> replica masters. From the previous message thread:
>
> Hello,
>
> could you check this link
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:bindtoLDAPserverfailed
> <https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials:bindtoLDAPserverfailed>
>
> kinit prints nothing when it works, so it works in your case, can you
> after kinit as DNS service try to use ldapsearch -Y GSSAPI ?
>
> Martin
>
> Reading the article and following the steps I get this as a result of:
>
> ipa privilege-show 'DNS Servers' --all --raw
>
>   dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   cn: DNS Servers
>   description: DNS Servers
>   member:
> krbprincipalname=DNS/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=ipa-dnskeysyncd/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=DNS/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=ipa-dnskeysyncd/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=ipa-dnskeysyncd/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>+nsuniqueid=be8eda7e-fcd311e5-859e9ada-0ab343c0,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member:
> krbprincipalname=DNS/id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-2.internal.emerlyn.com at INTERNAL.EMERLYN.COM>,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Read DNS
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Write DNS
> Configuration,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Add DNS
> Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Manage DNSSEC
> keys,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Manage DNSSEC
> metadata,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Read DNS
> Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Remove DNS
> Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Update DNS
> Entries,cn=permissions,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   objectClass: top
>   objectClass: groupofnames
>   objectClass: nestedgroup
>
From the previous thread's logs, it seems there is an issue when
bind-dyndb-ldap attempts to connect to the LDAP server. The link Martin
posted has some good advice on how to troubleshoot this.

I don't understand whether you went through the steps and identified any
issue.

Does your setup use simple authentication or Kerberos?
When you try to manually set named.conf to use the other option, does it
work?
Are you able to authenticate to LDAP using these methods in commands
like ldapsearch?
>
> Jeff
>
>
>

-- 
Tomas Krizek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/9592d41d/attachment.htm>

From loris at lgs.com.ve  Thu Jan  5 16:54:46 2017
From: loris at lgs.com.ve (Loris Santamaria)
Date: Thu, 05 Jan 2017 12:54:46 -0400
Subject: [Freeipa-users] Assistance with Samba share intergration with
 IPA
In-Reply-To: <CAE9rU+62iqwY_RYdbVmQPaTFj3T8t0sqin882GLa91PQQi_JDQ@mail.gmail.com>
References: <CAE9rU+62iqwY_RYdbVmQPaTFj3T8t0sqin882GLa91PQQi_JDQ@mail.gmail.com>
Message-ID: <1483635286.3075.6.camel@lgs.com.ve>

Hello, replied inline below

El mi?, 28-12-2016 a las 18:15 -0500, William Muriithi escribi?:
> Hello
> 
> I am trying to setup a samba share - actually replace winbind on a
> current samba server and I am basing my change on these instructions.
> 
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit
> h_IPA
> 
> The IPA servers is version ipa-server-4.4.0-14.el7 and I have trust
> established between AD and IPA.??Samba server is on RHEL 6.8
> 
> Ideally, I would prefer to leave samba on RHEL 6 and it looks like
> RHEL 6 is currently using sssd-1.13.3-22.el6_8.4.x86_64.??According
> to
> above link, you need sssd v1.12.2 and above. Would the version on
> RHEL
> 6 above be bundling sssd-libwbclient by any chance???If not, is it
> possible to install sssd-libwbclient on RHEL 6?

You could try installing sssd-1.14 from a COPR repo, like https://copr.
fedorainfracloud.org/coprs/g/sssd/sssd-1-14/

> Also, on smb.conf, its a bit ambiguous what REALM need to be used.
> Does one need to use IPA REALM or active directory REALM on these two
> lines below?
> 
> ????????workgroup = MY
> ????????realm = MY.REALM

The samba fileserver will be a member of the ipa domain, so you should
use freeipa's kerberos realm in the 'realm' parameter in smb.conf. As
for the 'workgroup' parameter, you can find the appropriate value in
the 'NetBios Name' parameter from the 'ipa trustconfig-show' command
output.

> Lastly, when I followed the above article to setup samba, I got the
> following errors when I attempted to connect to samba from Windows.
> What would be potential places to go check for misconfiguration?
> 
> Dec 28 17:49:41 manganese smbd[30221]: [2016/12/28 17:49:41.503322,
> 0] libads/kerberos_verify.c:75(ads_dedicated_keytab_verify_ticket)
> Dec 28 17:49:41 manganese smbd[30221]:???krb5_rd_req failed (Wrong
> principal in request)
> Dec 28 17:49:41 manganese smbd[30221]: [2016/12/28 17:49:41.507090,
> 0] libads/kerberos_verify.c:75(ads_dedicated_keytab_verify_ticket)
> Dec 28 17:49:41 manganese smbd[30221]:???krb5_rd_req failed (Wrong
> principal in request)

Check that you're using the proper realm and workgroup in smb.conf,
that the principal used by samba is cifs/<server fqdn>@<IPA REALM>

Best regards

-- 
Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford



From jgoddard at emerlyn.com  Thu Jan  5 18:33:01 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 5 Jan 2017 13:33:01 -0500
Subject: [Freeipa-users] DNS service fails to start on replica master
In-Reply-To: <35261264-14d6-0640-c800-65bde296a359@redhat.com>
References: <CA+No-6H8NS5A7UuF2sSjiR9_Z6BC_O+VF16RN6yhv83Wvma+4w@mail.gmail.com>
	<35261264-14d6-0640-c800-65bde296a359@redhat.com>
Message-ID: <CA+No-6EoUz3kVZ3YNqdpX1A9N407iF=g4hkObvJDiS0gUEEP_Q@mail.gmail.com>

I re-read and walked through the troubleshooting steps. I have a mismatch
in Key Version Numbers in the keytab file:


Trying to renew the keytab file results in this error:

Failed to parse result: PrincipalName not found.

Retrying with pre-4.0 keytab retrieval method...
Failed to parse result: PrincipalName not found.

Failed to get keytab!
Failed to get keytab

Using simple authentication does work but I would prefer to find a solution
to the Kerberos problem. Do you have any further suggestions?

Thanks,

Jeff






On Thu, Jan 5, 2017 at 11:50 AM, Tomas Krizek <tkrizek at redhat.com> wrote:

> On 01/05/2017 04:11 PM, Jeff Goddard wrote:
>
> I'm starting a new thread rather than continuing to submit under:
> https://www.redhat.com/archives/freeipa-users/2017-January/msg00108.html.
>
> My problem is that I cannot get the DNS service to start on one of my
> replica masters. From the previous message thread:
>
> Hello,
>
> could you check this link https://fedorahosted.org/bind-
> dyndb-ldap/wiki/BIND9/NamedCannotStart#a4.Invalidcredentials
> :bindtoLDAPserverfailed
>
> kinit prints nothing when it works, so it works in your case, can you
> after kinit as DNS service try to use ldapsearch -Y GSSAPI ?
>
> Martin
>
> Reading the article and following the steps I get this as a result of:
>
> ipa privilege-show 'DNS Servers' --all --raw
>
>   dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=internal,dc=emerlyn,dc=com
>   cn: DNS Servers
>   description: DNS Servers
>   member: krbprincipalname=DNS/id-management-1.internal.emerlyn.
> com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,dc=
> internal,dc=emerlyn,dc=com
>   member: krbprincipalname=ipa-dnskeysyncd/id-management-1.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=
> accounts,dc=internal,dc=emerlyn,dc=com
>   member: krbprincipalname=DNS/idmfs-01.internal.emerlyn.com at INTERNAL.
> EMERLYN.COM,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member: krbprincipalname=ipa-dnskeysyncd/idmfs-01.internal.
> emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,
> dc=internal,dc=emerlyn,dc=com
>   member: krbprincipalname=ipa-dnskeysyncd/id-management-2.
> internal.emerlyn.com at INTERNAL.EMERLYN.COM,cn=services,cn=
> accounts,dc=internal,dc=emerlyn,dc=com
>   member: krbprincipalname=DNS/id-management-2.internal.emerlyn.
> com at INTERNAL.EMERLYN.COM+nsuniqueid=be8eda7e-fcd311e5-
> 859e9ada-0ab343c0,cn=services,cn=accounts,dc=internal,dc=emerlyn,dc=com
>   member: krbprincipalname=DNS/id-management-2.internal.emerlyn.
> com at INTERNAL.EMERLYN.COM,cn=services,cn=accounts,dc=
> internal,dc=emerlyn,dc=com
>   memberof: cn=System: Read DNS Configuration,cn=permissions,
> cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Write DNS Configuration,cn=permissions,
> cn=pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Add DNS Entries,cn=permissions,cn=
> pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,
> dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Manage DNSSEC metadata,cn=permissions,cn=
> pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Read DNS Entries,cn=permissions,cn=
> pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Remove DNS Entries,cn=permissions,cn=
> pbac,dc=internal,dc=emerlyn,dc=com
>   memberof: cn=System: Update DNS Entries,cn=permissions,cn=
> pbac,dc=internal,dc=emerlyn,dc=com
>   objectClass: top
>   objectClass: groupofnames
>   objectClass: nestedgroup
>
> From the previous thread's logs, it seems there is an issue when
> bind-dyndb-ldap attempts to connect to the LDAP server. The link Martin
> posted has some good advice on how to troubleshoot this.
>
> I don't understand whether you went through the steps and identified any
> issue.
>
> Does your setup use simple authentication or Kerberos?
> When you try to manually set named.conf to use the other option, does it
> work?
> Are you able to authenticate to LDAP using these methods in commands like
> ldapsearch?
>
> Jeff
>
>
>
> --
> Tomas Krizek
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/48e1478c/attachment.htm>

From tk at mdevsys.com  Thu Jan  5 19:03:25 2017
From: tk at mdevsys.com (TomK)
Date: Thu, 5 Jan 2017 14:03:25 -0500
Subject: [Freeipa-users] FreeIPA + /etc/named.conf
Message-ID: <057676d6-5280-2348-827b-13ef4b4126a3@mdevsys.com>

Hey All,

QQ.

Should the DNS forwarders be updated in /etc/named.conf?  Until I 
manually change /etc/named.conf, can't ping the windows AD cluster: 
mds.xyz.  Nor can I get dig to resolve the SRV records (dig SRV 
_ldap._tcp.mds.xyz).

sssd-ipa-1.14.0-43.el7_3.4.x86_64
ipa-client-4.4.0-14.el7.centos.x86_64

IPA command below indicates that it's set to 'first' but that's not 
what's in /etc/named.conf file when I check.  Again, it works if I 
change /etc/named.conf manually.

-- 
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.



[root at idmipa02 network-scripts]# ipa dnsforwardzone-find mds.xyz
   Zone name: mds.xyz.
   Active zone: TRUE
   Zone forwarders: 192.168.0.224
   Forward policy: first
----------------------------
Number of entries returned 1
----------------------------
[root at idmipa02 network-scripts]# grep -i forward /etc/named.conf
         forward only;
         forwarders {
[root at idmipa02 network-scripts]# vi /etc/named.conf
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting smb Service
Restarting winbind Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]#
[root at idmipa02 network-scripts]# ping mds.xyz
PING mds.xyz (192.168.0.224) 56(84) bytes of data.
64 bytes from 192.168.0.224: icmp_seq=1 ttl=128 time=0.515 ms
64 bytes from 192.168.0.224: icmp_seq=2 ttl=128 time=0.447 ms
^C
--- mds.xyz ping statistics ---
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 
1000ms
rtt min/avg/max/mdev = 0.447/83.695/333.339/144.132 ms
[root at idmipa02 network-scripts]# grep -i forward /etc/named.conf
         forward first;
         forwarders {
[root at idmipa02 network-scripts]# dig SRV _ldap._tcp.mds.xyz

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> SRV _ldap._tcp.mds.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5407
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_ldap._tcp.mds.xyz.            IN      SRV

;; ANSWER SECTION:
_ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 winad01.mds.xyz.
_ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 winad02.mds.xyz.

;; AUTHORITY SECTION:
xyz.                    10876   IN      NS      generationxyz.nic.xyz.
xyz.                    10876   IN      NS      z.nic.xyz.
xyz.                    10876   IN      NS      y.nic.xyz.
xyz.                    10876   IN      NS      x.nic.xyz.

;; ADDITIONAL SECTION:
winad02.mds.xyz.        497     IN      A       192.168.0.221
winad02.mds.xyz.        497     IN      A       192.168.0.223
winad01.mds.xyz.        2902    IN      A       192.168.0.224
winad01.mds.xyz.        2902    IN      A       192.168.0.220
winad01.mds.xyz.        2902    IN      A       192.168.0.222

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 05 13:55:51 EST 2017
;; MSG SIZE  rcvd: 277

[root at idmipa02 network-scripts]#



From mbasti at redhat.com  Thu Jan  5 19:17:40 2017
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 5 Jan 2017 20:17:40 +0100
Subject: [Freeipa-users] FreeIPA + /etc/named.conf
In-Reply-To: <057676d6-5280-2348-827b-13ef4b4126a3@mdevsys.com>
References: <057676d6-5280-2348-827b-13ef4b4126a3@mdevsys.com>
Message-ID: <f68f64fa-d1af-2a7d-ef77-8ffe098b4914@redhat.com>



On 05.01.2017 20:03, TomK wrote:
> Hey All,
>
> QQ.
>
> Should the DNS forwarders be updated in /etc/named.conf?  Until I 
> manually change /etc/named.conf, can't ping the windows AD cluster: 
> mds.xyz.  Nor can I get dig to resolve the SRV records (dig SRV 
> _ldap._tcp.mds.xyz).
>
> sssd-ipa-1.14.0-43.el7_3.4.x86_64
> ipa-client-4.4.0-14.el7.centos.x86_64
>
> IPA command below indicates that it's set to 'first' but that's not 
> what's in /etc/named.conf file when I check.  Again, it works if I 
> change /etc/named.conf manually.
>

Forwarder settings has priority:

named.conf < global forwarders (ipa dnsconfig-mod) < local dns server 
config (ipa dnsserver-*) < forwardzones (applied per query, not as 
global forwarder)

so what is in named.conf is usually always overwritten


How did you edited the named.conf?

Does dig @192.168.0.224 SRV _ldap._tcp.mds.xyz. works?
Do you have any errors in journalctl -u named-pkcs11 ??

Martin



From lslebodn at redhat.com  Thu Jan  5 22:24:21 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Thu, 5 Jan 2017 23:24:21 +0100
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <20170105143802.lbpiwk5g5qmygyku@hendrix>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<20170105143802.lbpiwk5g5qmygyku@hendrix>
Message-ID: <20170105222419.GB3373@10.4.128.1>

On (05/01/17 15:38), Jakub Hrozek wrote:
>On Thu, Jan 05, 2017 at 01:36:56PM +0000, James Harrison wrote:
>> Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>> I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>> I get 1 rule returned, which I expect.
>> Many thanks,James Harrison
>
>I would check if (with the help of ldbsearch against the sssd cache or
>with the help of the sudo logs) if the rule is really the one you are
>expecting or if it's just the cn=defaults rule.
>
>If it's just cn=defaults, then I would check if the rules are downloaded
>(sssd always downloads all rules applicable for the host IIRC) or if
>they just don't match the filter that you can see in the debug message
>from sudosrv_get_sudorules_query_cache. Keep in mind that this is a
>filter that applies for the sssd cache, not LDAP.
>
>And lastly, if the rules are downloaded as expected, the sudo rules
>would tell you why the rule didn't match.
>
>All in all, this document:
>    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
>describes how to troubleshoot the sudo integration.
>
Or you might check older thread
https://www.redhat.com/archives/freeipa-users/2016-August/msg00489.html

LS



From rajat.linux at gmail.com  Fri Jan  6 10:31:31 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Fri, 6 Jan 2017 11:31:31 +0100
Subject: [Freeipa-users] Failed to connect,
	going offline (5 [Input/output error])
Message-ID: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>

Hi,

only few user are able to login. ipa ad-trust setup.

==========================
Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
POSSIBLE BREAK-IN ATTEMPT!
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
146.213.128.135
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
user et33015 [preauth]
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
the underlying authentication module for illegal user et33015 from x.x.x.x
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
for invalid user et33015 from x.x.x.x port 51270 ssh2
Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
[preauth]
============================

====================
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Going offline!
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Initialize check_if_online_ptask.
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
(0x0400): Periodic task [Check if online (periodic)] was created
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
task 72 seconds from now [1483696200]
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_run_offline_cb] (0x0080): Going offline. Running callbacks

i am able to getent and  kinit for all of the AD user. but most of the user
are not able to login via ssh /ad-password

getent passwd  et33015
et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:

and

kinit et33015 at CORP.CORPCOMMON.COM



-- 

*Rajat Gupta*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/508f1e56/attachment.htm>

From sbose at redhat.com  Fri Jan  6 11:36:54 2017
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 6 Jan 2017 12:36:54 +0100
Subject: [Freeipa-users] Failed to connect,
 going offline (5 [Input/output error])
In-Reply-To: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>
References: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>
Message-ID: <20170106113654.GA528@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Fri, Jan 06, 2017 at 11:31:31AM +0100, rajat gupta wrote:
> Hi,
> 
> only few user are able to login. ipa ad-trust setup.

more details are needed here. Can you at least share sssd.conf from the
ilt-gif-ipa02?

> 
> ==========================
> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> POSSIBLE BREAK-IN ATTEMPT!
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
> 146.213.128.135
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> user et33015 [preauth]
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> the underlying authentication module for illegal user et33015 from x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> for invalid user et33015 from x.x.x.x port 51270 ssh2
> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> [preauth]
> ============================
> 
> ====================
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server
> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server
> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working'

Is it expected that ilt-gif-ipa01.ipa.preprod.local is not reachable?
Does authentication work on this server? Please send the full log so that it
can be checked what happened before and why SSSD assumes that the server
is 'not working'.

bye,
Sumit

> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> Input/output error
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error])
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Going offline!
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Initialize check_if_online_ptask.
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> (0x0400): Periodic task [Check if online (periodic)] was created
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> task 72 seconds from now [1483696200]
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
> 
> i am able to getent and  kinit for all of the AD user. but most of the user
> are not able to login via ssh /ad-password
> 
> getent passwd  et33015
> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
> 
> and
> 
> kinit et33015 at CORP.CORPCOMMON.COM
> 
> 
> 
> -- 
> 
> *Rajat Gupta*

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From rajat.linux at gmail.com  Fri Jan  6 11:51:46 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Fri, 6 Jan 2017 12:51:46 +0100
Subject: [Freeipa-users] Failed to connect,
	going offline (5 [Input/output error])
In-Reply-To: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>
References: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>
Message-ID: <CAA=996EA9uvg=cJ14AFWTk3SgLiZShbGO3Bh+ZCH-iHSJDJ_Tg@mail.gmail.com>

sssd.conf from the ilt-gif-ipa02

[root at ilt-gif-ipa02 ~]# cat /etc/sssd/sssd.conf
[domain/ipa.preprod.local]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.preprod.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
chpass_provider = ipa
ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 9


[sssd]
default_domain_suffix = corp.corpcommon.com
services = nss, sudo, pam, ssh
debug_level = 9


domains = ipa.preprod.local
[nss]
override_homedir = /home/%u
debug_level = 9



[pam]
debug_level = 9


[sudo]

[autofs]

[ssh]
debug_level = 9


[pac]

[ifp]


On Fri, Jan 6, 2017 at 11:31 AM, rajat gupta <rajat.linux at gmail.com> wrote:

> Hi,
>
> only few user are able to login. ipa ad-trust setup.
>
> ==========================
> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> POSSIBLE BREAK-IN ATTEMPT!
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
> 146.213.128.135
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> user et33015 [preauth]
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> the underlying authentication module for illegal user et33015 from x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> for invalid user et33015 from x.x.x.x port 51270 ssh2
> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> [preauth]
> ============================
>
> ====================
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> Input/output error
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error])
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Going offline!
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Initialize check_if_online_ptask.
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> (0x0400): Periodic task [Check if online (periodic)] was created
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> task 72 seconds from now [1483696200]
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>
> i am able to getent and  kinit for all of the AD user. but most of the
> user are not able to login via ssh /ad-password
>
> getent passwd  et33015
> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
>
> and
>
> kinit et33015 at CORP.CORPCOMMON.COM
>
>
>
> --
>
> *Rajat Gupta*
>



-- 

*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/95208849/attachment.htm>

From jgoddard at emerlyn.com  Fri Jan  6 13:41:57 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 08:41:57 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
Message-ID: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>

My environment is freeipa 4.4; centos 7.3. This system was upgraded as of
yesterday afternoon. I'm unable to start pki-tomcat. The debug log show
this entry:

Internal Database Error encountered: Could not connect to LDAP server host
id-management-1.internal.emerlyn.com port 636 Error
netscape.ldap.LDAPException: Authentication failed (48)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
        at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
        at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
        at javax.servlet.GenericServlet.init(GenericServlet.java:158)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
        at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
        at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
        at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
        at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
        at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
        at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
        at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)


I'm able to get a kerberos ticket using kinit but ldap search gives this
error:

 ldapsearch -h id-manaement-1.internal.emerlyn.com -x -b
"cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

adding the -d1 debugging tag results in:

ldap_create
ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP id-manaement-1.internal.emerlyn.com:389
ldap_connect_to_host: getaddrinfo failed: Name or service not known
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I'm able to resolve the hostname via nslookup and /etc/hosts has the
correct mapping entry.

I'm kind of lost at this point and could use some help.

Thanks in advance.



Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/c5a4163d/attachment.htm>

From abrittingham at monetra.com  Fri Jan  6 14:01:12 2017
From: abrittingham at monetra.com (Andy Brittingham)
Date: Fri, 6 Jan 2017 09:01:12 -0500
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
Message-ID: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>

Hi,

I upgraded my Freeipa servers to 4.4.0-14 on CentOS 7 yesterday. None of 
my Ubuntu clients with versions < 16.04 (sssd version 1.13.4) can 
authenticate against the upgraded servers. It appears the problem is the 
version of sssd that is installed in the earlier Ubuntu versions. Is 
this a know issue and does anyone know of a work around for this? The 
sssd package in the PPA repo for 14.04 ( 1.12.5-1~trusty) didn't fix the 
issue.


Thanks,

Andy




From sipazzo at yahoo.com  Thu Jan  5 23:29:55 2017
From: sipazzo at yahoo.com (sipazzo)
Date: Thu, 5 Jan 2017 23:29:55 +0000 (UTC)
Subject: [Freeipa-users] Replication has stopped and server errors
References: <14572427.872232.1483658995510.ref@mail.yahoo.com>
Message-ID: <14572427.872232.1483658995510@mail.yahoo.com>

I have 6 ipaservers in 3 locations running 4.2.0-15.0.1on RHEL 7. Ipa1-dev is the CARenewal and CRL Master server and where most of our updates (host enrollment,password changes) end up taking place.?Servers hadbeen running fine. Over the holidays we started having some replication issuesand looking at /var/log/dirsrv/slapd-REALM-COM/errors showed the following:
All servers currently have these errors for each replica the respective IPA servers areconnected to:NSMMReplicationPlugin- agmt="cn=meToipa2-dr.example.local" (ipa2-dr:389): Incrementalupdate failed and requires administrator action[04/Jan/2017:15:39:48-0800] agmt="cn=meToipa1-dr.example.local" (ipa1-dr:389) - Can'tlocate CSN 583c8e74000600110000 in the changelog (DB rc=-30988). If replicationstops, the consumer may need to be reinitializedNSMMReplicationPlugin- agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Datarequired to update replica has been purged. The replica must be reinitialized.[04/Jan/2017:13:33:26-0800] NSMMReplicationPlugin - agmt="cn=meToipa2-dev.example.local"(ipa2-dev:389): Incremental update failed and requires administrator action?[04/Jan/2017:13:33:26 -0800]NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local"(ipa1-prod:389): Incremental update failed and requires administrator action[04/Jan/2017:13:33:27-0800] agmt="cn=meToipa2-prod.example.local" (ipa2-prod:389) - Can'tlocate CSN 586d69f0000400120000 in the changelog (DB rc=-30988). If replicationstops, the consumer may need to be reinitialized.?And allservers have these types of errors which are worrisome but they go back quite a way
NSACLPlugin - The ACL target cn=dns,dc=example,dc=localdoes not existNSACLPlugin - The ACL target cn=dns,dc=example,dc=localdoes not existNSACLPlugin - The ACL targetcn=groups,cn=compat,dc=example,dc=local does not existNSACLPlugin - The ACL targetcn=computers,cn=compat,dc=example,dc=local does not existNSACLPlugin - The ACL target cn=casigningcertcert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not existNSACLPlugin - The ACL target cn=casigningcertcert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not existNSACLPlugin - The ACL targetou=sudoers,dc=networkfleet,dc=local does not exist?All servers except one have a lot of theseDSRetroclPlugin - delete_changerecord: could not delete change record?Ipa1-dev only has this
04/Jan/2017:18:36:52-0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa1-prod.example.local-pki-tomcat"(ipa1-prod:389): Replication bind with SIMPLE auth resumed[04/Jan/2017:18:36:52-0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa2-dr.example.local-pki-tomcat"(ipa2-dr:389): Replication bind with SIMPLE auth resumed[04/Jan/2017:18:36:52-0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa1-dr.example.local-pki-tomcat"(ipa1-dr:389): Replication bind with SIMPLE auth resumed[04/Jan/2017:18:36:53-0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa2-prod.example.local-pki-tomcat"(ipa2-prod:389): Replication bind with SIMPLE auth resumed?3 servers(ipa1-dr ipa2-dr ipa2-prod) have these errors: [01/Jan/2017:14:43:06 -0800] - libdb: BDB2055 Lock table is out ofavailable lock entries[01/Jan/2017:14:43:06 -0800] - compactdb: failed to compact changelog;db error - 12 Cannot allocate memory?4 servers (ipa1-dev, ipa2-dev, ipa1-dr and ipa2-dr) have these errors
[04/Jan/2017:15:37:21 -0800] slapd_ldap_sasl_interactive_bind - Error:could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1(Can't contact LDAP server) ((null)) errno 107 (Transport endpoint isnot connected)[04/Jan/2017:15:37:24 -0800] slapd_ldap_sasl_interactive_bind - Error:could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1(Can't contact LDAP server) ((null)) errno 107 (Transport endpoint isnot connected)?
I have tried various combinations or restarting, re-initializing, disconnecting and reconnecting replicas but am down toonly two servers replicating with each other currently (ipa1-dev and ipa2-dev). We did have a power outageat the dev location but it does not seem to correspond to when the errors started? Not sure howto recover from this. Any help is appreciated??
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170105/86d51cac/attachment.htm>

From jhrozek at redhat.com  Fri Jan  6 14:33:54 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Fri, 6 Jan 2017 15:33:54 +0100
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
Message-ID: <20170106143353.jzwnccdag5ej6zzu@hendrix>

On Fri, Jan 06, 2017 at 09:01:12AM -0500, Andy Brittingham wrote:
> Hi,
> 
> I upgraded my Freeipa servers to 4.4.0-14 on CentOS 7 yesterday. None of my
> Ubuntu clients with versions < 16.04 (sssd version 1.13.4) can authenticate
> against the upgraded servers. It appears the problem is the version of sssd
> that is installed in the earlier Ubuntu versions. Is this a know issue and
> does anyone know of a work around for this? The sssd package in the PPA repo
> for 14.04 ( 1.12.5-1~trusty) didn't fix the issue.

What do the sssd logs say?



From gjn at gjn.priv.at  Fri Jan  6 14:38:00 2017
From: gjn at gjn.priv.at (=?ISO-8859-1?Q?G=FCnther_J=2E?= Niederwimmer)
Date: Fri, 06 Jan 2017 15:38:00 +0100
Subject: [Freeipa-users] FreeIPA DNS (named)
Message-ID: <2147095.G9P568IHvp@techz>

Hello List,

I have configured my domain (DNSSEC) with Freeipa

Now I have to configure a internal ZONE with the same Domain NAME but with 
internal IP's.

Is it possible to add a "view "internal""  "view "external"" to the named.conf 
or is this overwritten from the FreeIPA DNS Module ??

Is a other way possible to do this with FreeIPA?

Thanks for a answer,

-- 
mit freundlichen Gr?ssen / best regards

  G?nther J. Niederwimmer



From rcritten at redhat.com  Fri Jan  6 15:19:05 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 10:19:05 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
Message-ID: <586FB569.1090101@redhat.com>

Jeff Goddard wrote:
> My environment is freeipa 4.4; centos 7.3. This system was upgraded as
> of yesterday afternoon. I'm unable to start pki-tomcat. The debug log
> show this entry:
> 
> Internal Database Error encountered: Could not connect to LDAP server
> host id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com> port 636 Error
> netscape.ldap.LDAPException: Authentication failed (48)
>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>         at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>         at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>         at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>         at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>         at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>         at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>         at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>         at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>         at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> 
> 
> I'm able to get a kerberos ticket using kinit but ldap search gives this
> error:
> 
>  ldapsearch -h id-manaement-1.internal.emerlyn.com
> <http://id-manaement-1.internal.emerlyn.com> -x -b
> "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>  
> adding the -d1 debugging tag results in:
> 
> ldap_create
> ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
> <http://id-manaement-1.internal.emerlyn.com>)
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP id-manaement-1.internal.emerlyn.com:389
> <http://id-manaement-1.internal.emerlyn.com:389>
> ldap_connect_to_host: getaddrinfo failed: Name or service not known
> ldap_err2string
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> 
> I'm able to resolve the hostname via nslookup and /etc/hosts has the
> correct mapping entry.
> 
> I'm kind of lost at this point and could use some help.
> 
> Thanks in advance.

You have a typo in the hostname you're trying to connect to, missing the
'g' in management.

I have a vague memory from other reports of this issue that the problem
may be that the value of the certificate(s) in CS.cfg is different from
the dogtag NSS database. I'd see if those line up.

rob



From ianh at brownpapertickets.com  Fri Jan  6 15:42:33 2017
From: ianh at brownpapertickets.com (Ian Harding)
Date: Fri, 6 Jan 2017 07:42:33 -0800
Subject: [Freeipa-users] IPA to IPA migration
In-Reply-To: <586E637A.5060107@redhat.com>
References: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>
	<586E637A.5060107@redhat.com>
Message-ID: <cf73089f-262a-d1c6-df41-5642df940ee9@brownpapertickets.com>



On 01/05/2017 07:17 AM, Rob Crittenden wrote:
> Timothy Geier wrote:
>> This is something I?ve looked at lately and a manual proof of concept I
>> just did (using ideas from
>> https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA)
>> makes it seem theoretically possible (though it looks like, barring the
>> migration of the kerberos master key, all enrolled hosts would need to
>> use ipa-getkeytab to get a replacement keytab from the new server and
>> copy it to /etc/krb5.keytab so that sssd will work properly..the
>> alternative is re-enrollment.  All other keytabs in use by other
>> applications would have to be similarly replaced).  
> 
> Why migrate at all?

It is possible to get a FreeIPA installation so boogered up that it's
just not salvageable.  I'm pretty close to that right now.  The
replication model is really great but it replicates all my mistakes.

Maybe I'm just not smart enough, but I suspect others have wished they
could just throw in the towel and start over.  I would if it were
relatively easy, that is, if I could export and reimport users (ideally
with passwords), hosts, groups, hbac rules, etc.  I woudln't even mind
having to re-enroll them.



-- 
Ian Harding
IT Director
Brown Paper Tickets
1-800-838-3006 ext 7186
http://www.brownpapertickets.com



From jgoddard at emerlyn.com  Fri Jan  6 15:47:05 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 10:47:05 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <586FB569.1090101@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
Message-ID: <CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>

Sorry for the typo. here is the correct output:
ldapsearch -h id-management-1.internal.emerlyn.com
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:




When I look at the certificates I get errors regarding a host service in
the keytab. Here is the output:

[root at id-management-1 ca]# getcert list
Number of certificates and requests being tracked: 8.
Request ID '20150116161829':
        status: MONITORING
        ca-error: Error setting up ccache for "host" service on client
using default keytab: Keytab contains no suitable keys for host/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM.
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/pwdfile.txt'
        certificate:
type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=id-management-1.internal.emerlyn.com,O=
INTERNAL.EMERLYN.COM
        expires: 2017-01-16 16:18:29 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
INTERNAL-EMERLYN-COM
        track: yes
        auto-renew: yes
Request ID '20150116162120':
        status: MONITORING
        ca-error: Error setting up ccache for "host" service on client
using default keytab: Keytab contains no suitable keys for host/
id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM.
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=id-management-1.internal.emerlyn.com,O=
INTERNAL.EMERLYN.COM
        expires: 2017-01-16 16:21:20 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes
Request ID '20151217174142':
        status: CA_UNREACHABLE
        ca-error: Internal error
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=CA Audit,O=INTERNAL.EMERLYN.COM
        expires: 2017-01-05 16:18:01 UTC
        key usage: digitalSignature,nonRepudiation
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20151217174143':
        status: CA_UNREACHABLE
        ca-error: Internal error
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=OCSP Subsystem,O=INTERNAL.EMERLYN.COM
        expires: 2017-01-05 16:17:58 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        eku: id-kp-OCSPSigning
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"ocspSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20151217174144':
        status: CA_UNREACHABLE
        ca-error: Internal error
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=CA Subsystem,O=INTERNAL.EMERLYN.COM
        expires: 2017-01-05 16:17:59 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"subsystemCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20151217174145':
        status: CA_UNREACHABLE
        ca-error: Internal error
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        expires: 2035-01-16 16:17:57 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"caSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20151217174146':
        status: CA_UNREACHABLE
        ca-error: Internal error
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=IPA RA,O=INTERNAL.EMERLYN.COM
        expires: 2017-01-05 16:18:23 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre
        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes
Request ID '20151217174147':
        status: CA_UNREACHABLE
        ca-error: Error 60 connecting to
https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileReview:
Peer certificate cannot be authenticated with given CA certificates.
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=id-management-1.internal.emerlyn.com,O=
INTERNAL.EMERLYN.COM
        expires: 2017-01-05 16:17:59 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"Server-Cert cert-pki-ca"
        track: yes
        auto-renew: yes

Looking at the content of /etc/krb5.keytab results in no host entry found:

ktutil
ktutil:  read_kt /etc/krb5.keytab
ktutil:  list
slot KVNO Principal
---- ----
---------------------------------------------------------------------
   1    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   2    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   3    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   4    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   5    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   6    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   7    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   8    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
   9    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
  10    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
  11    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
  12    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM


Trying to add a host entry:
kadmin -q "ktadd -k /etc/krb5.keytab host/
id-management-1.internal.emerlyn.com"
Authenticating as principal admin/admin at INTERNAL.EMERLYN.COM with password.
kadmin: Client 'admin/admin at INTERNAL.EMERLYN.COM' not found in Kerberos
database while initializing kadmin interface

Yet if I issue kinit admin I get a password prompt and appear to get a
ticket. What am I missing?





On Fri, Jan 6, 2017 at 10:19 AM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > My environment is freeipa 4.4; centos 7.3. This system was upgraded as
> > of yesterday afternoon. I'm unable to start pki-tomcat. The debug log
> > show this entry:
> >
> > Internal Database Error encountered: Could not connect to LDAP server
> > host id-management-1.internal.emerlyn.com
> > <http://id-management-1.internal.emerlyn.com> port 636 Error
> > netscape.ldap.LDAPException: Authentication failed (48)
> >         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.
> java:676)
> >         at
> > com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
> >         at
> > com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
> >         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
> >         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
> >         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
> >         at
> > com.netscape.cms.servlet.base.CMSStartServlet.init(
> CMSStartServlet.java:114)
> >         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >         at
> > sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> >         at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> >         at java.lang.reflect.Method.invoke(Method.java:498)
> >         at
> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
> >         at
> > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
> >         at java.security.AccessController.doPrivileged(Native Method)
> >         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
> >         at
> > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
> >         at
> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(
> SecurityUtil.java:175)
> >         at
> > org.apache.catalina.security.SecurityUtil.doAsPrivilege(
> SecurityUtil.java:124)
> >         at
> > org.apache.catalina.core.StandardWrapper.initServlet(
> StandardWrapper.java:1270)
> >         at
> > org.apache.catalina.core.StandardWrapper.loadServlet(
> StandardWrapper.java:1195)
> >         at
> > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
> >         at
> > org.apache.catalina.core.StandardContext.loadOnStartup(
> StandardContext.java:5318)
> >         at
> > org.apache.catalina.core.StandardContext.startInternal(
> StandardContext.java:5610)
> >         at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
> >         at
> > org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:899)
> >         at
> > org.apache.catalina.core.ContainerBase.access$000(
> ContainerBase.java:133)
> >         at
> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
> ContainerBase.java:156)
> >         at
> > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
> ContainerBase.java:145)
> >         at java.security.AccessController.doPrivileged(Native Method)
> >         at
> > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
> >         at
> > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
> >         at
> > org.apache.catalina.startup.HostConfig.deployDescriptor(
> HostConfig.java:679)
> >         at
> > org.apache.catalina.startup.HostConfig$DeployDescriptor.
> run(HostConfig.java:1966)
> >         at
> > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> >         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> >         at
> > java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> >         at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> >         at java.lang.Thread.run(Thread.java:745)
> >
> >
> > I'm able to get a kerberos ticket using kinit but ldap search gives this
> > error:
> >
> >  ldapsearch -h id-manaement-1.internal.emerlyn.com
> > <http://id-manaement-1.internal.emerlyn.com> -x -b
> > "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
> > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> >
> > adding the -d1 debugging tag results in:
> >
> > ldap_create
> > ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
> > <http://id-manaement-1.internal.emerlyn.com>)
> > ldap_sasl_bind
> > ldap_send_initial_request
> > ldap_new_connection 1 1 0
> > ldap_int_open_connection
> > ldap_connect_to_host: TCP id-manaement-1.internal.emerlyn.com:389
> > <http://id-manaement-1.internal.emerlyn.com:389>
> > ldap_connect_to_host: getaddrinfo failed: Name or service not known
> > ldap_err2string
> > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> >
> > I'm able to resolve the hostname via nslookup and /etc/hosts has the
> > correct mapping entry.
> >
> > I'm kind of lost at this point and could use some help.
> >
> > Thanks in advance.
>
> You have a typo in the hostname you're trying to connect to, missing the
> 'g' in management.
>
> I have a vague memory from other reports of this issue that the problem
> may be that the value of the certificate(s) in CS.cfg is different from
> the dogtag NSS database. I'd see if those line up.
>
> rob
>



-- 
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/e0fa9849/attachment.htm>

From flo at redhat.com  Fri Jan  6 16:23:53 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Fri, 6 Jan 2017 17:23:53 +0100
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
Message-ID: <7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>

On 01/06/2017 04:47 PM, Jeff Goddard wrote:
> Sorry for the typo. here is the correct output:
> ldapsearch -h id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available:
>
>
>
>
> When I look at the certificates I get errors regarding a host service in
> the keytab. Here is the output:
>
> [root at id-management-1 ca]# getcert list
> Number of certificates and requests being tracked: 8.
> Request ID '20150116161829':
>         status: MONITORING
>         ca-error: Error setting up ccache for "host" service on client
> using default keytab: Keytab contains no suitable keys for
> host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>.
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/pwdfile.txt'
>         certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
> Certificate DB'
>         CA: IPA
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-16 16:18:29 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth,id-kp-clientAuth
>         pre-save command:
>         post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
> INTERNAL-EMERLYN-COM
>         track: yes
>         auto-renew: yes
> Request ID '20150116162120':
>         status: MONITORING
>         ca-error: Error setting up ccache for "host" service on client
> using default keytab: Keytab contains no suitable keys for
> host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>.
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>         certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB'
>         CA: IPA
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-16 16:21:20 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth,id-kp-clientAuth
>         pre-save command:
>         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>         track: yes
>         auto-renew: yes
> Request ID '20151217174142':
>         status: CA_UNREACHABLE
>         ca-error: Internal error
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=CA Audit,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-05 16:18:01 UTC
>         key usage: digitalSignature,nonRepudiation
>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "auditSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20151217174143':
>         status: CA_UNREACHABLE
>         ca-error: Internal error
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS
> Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS
> Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=OCSP Subsystem,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-05 16:17:58 UTC
>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>         eku: id-kp-OCSPSigning
>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "ocspSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20151217174144':
>         status: CA_UNREACHABLE
>         ca-error: Internal error
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=CA Subsystem,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-05 16:17:59 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth,id-kp-clientAuth
>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "subsystemCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20151217174145':
>         status: CA_UNREACHABLE
>         ca-error: Internal error
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2035-01-16 16:17:57 UTC
>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "caSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20151217174146':
>         status: CA_UNREACHABLE
>         ca-error: Internal error
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>         certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=IPA RA,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-05 16:18:23 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth,id-kp-clientAuth
>         pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre
>         post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
>         track: yes
>         auto-renew: yes
> Request ID '20151217174147':
>         status: CA_UNREACHABLE
>         ca-error: Error 60 connecting to
> https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileReview:
> Peer certificate cannot be authenticated with given CA certificates.
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-05 16:17:59 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth
>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "Server-Cert cert-pki-ca"
>         track: yes
>         auto-renew: yes
>
> Looking at the content of /etc/krb5.keytab results in no host entry found:
>
> ktutil
> ktutil:  read_kt /etc/krb5.keytab
> ktutil:  list
> slot KVNO Principal
> ---- ----
> ---------------------------------------------------------------------
>    1    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    2    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    3    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    4    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    5    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    6    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    7    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    8    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>    9    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>   10    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>   11    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>   12    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>
>
> Trying to add a host entry:
> kadmin -q "ktadd -k /etc/krb5.keytab
> host/id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>"
> Authenticating as principal admin/admin at INTERNAL.EMERLYN.COM
> <mailto:admin at INTERNAL.EMERLYN.COM> with password.
> kadmin: Client 'admin/admin at INTERNAL.EMERLYN.COM
> <mailto:admin at INTERNAL.EMERLYN.COM>' not found in Kerberos database
> while initializing kadmin interface
>
> Yet if I issue kinit admin I get a password prompt and appear to get a
> ticket. What am I missing?
>
>
>
>
>
> On Fri, Jan 6, 2017 at 10:19 AM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Jeff Goddard wrote:
>     > My environment is freeipa 4.4; centos 7.3. This system was upgraded as
>     > of yesterday afternoon. I'm unable to start pki-tomcat. The debug log
>     > show this entry:
>     >
>     > Internal Database Error encountered: Could not connect to LDAP server
>     > host id-management-1.internal.emerlyn.com
>     <http://id-management-1.internal.emerlyn.com>
>     > <http://id-management-1.internal.emerlyn.com
>     <http://id-management-1.internal.emerlyn.com>> port 636 Error
>     > netscape.ldap.LDAPException: Authentication failed (48)
>     >         at
>     com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>     >         at
>     > com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>     >         at
>     >
>     com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>     >         at
>     com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>     >         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>     >         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>     >         at
>     >
>     com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>     >         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>     >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     >         at
>     >
>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     >         at
>     >
>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     >         at java.lang.reflect.Method.invoke(Method.java:498)
>     >         at
>     > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>     >         at
>     > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>     >         at java.security.AccessController.doPrivileged(Native Method)
>     >         at
>     javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>     >         at
>     >
>     org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>     >         at
>     >
>     org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>     >         at
>     >
>     org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>     >         at
>     >
>     org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>     >         at
>     >
>     org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>     >         at
>     >
>     org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>     >         at
>     >
>     org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>     >         at
>     >
>     org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>     >         at
>     > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>     >         at
>     >
>     org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>     >         at
>     >
>     org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>     >         at
>     >
>     org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>     >         at
>     >
>     org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>     >         at java.security.AccessController.doPrivileged(Native Method)
>     >         at
>     >
>     org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>     >         at
>     > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>     >         at
>     >
>     org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>     >         at
>     >
>     org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>     >         at
>     >
>     java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>     >         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>     >         at
>     >
>     java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>     >         at
>     >
>     java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>     >         at java.lang.Thread.run(Thread.java:745)
>     >
>     >
>     > I'm able to get a kerberos ticket using kinit but ldap search
>     gives this
>     > error:
>     >
>     >  ldapsearch -h id-manaement-1.internal.emerlyn.com
>     <http://id-manaement-1.internal.emerlyn.com>
>     > <http://id-manaement-1.internal.emerlyn.com
>     <http://id-manaement-1.internal.emerlyn.com>> -x -b
>     > "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
>     > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>     >
>     > adding the -d1 debugging tag results in:
>     >
>     > ldap_create
>     > ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
>     <http://id-manaement-1.internal.emerlyn.com>
>     > <http://id-manaement-1.internal.emerlyn.com
>     <http://id-manaement-1.internal.emerlyn.com>>)
>     > ldap_sasl_bind
>     > ldap_send_initial_request
>     > ldap_new_connection 1 1 0
>     > ldap_int_open_connection
>     > ldap_connect_to_host: TCP id-manaement-1.internal.emerlyn.com:389
>     <http://id-manaement-1.internal.emerlyn.com:389>
>     > <http://id-manaement-1.internal.emerlyn.com:389
>     <http://id-manaement-1.internal.emerlyn.com:389>>
>     > ldap_connect_to_host: getaddrinfo failed: Name or service not known
>     > ldap_err2string
>     > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>     >
>     > I'm able to resolve the hostname via nslookup and /etc/hosts has the
>     > correct mapping entry.
>     >
>     > I'm kind of lost at this point and could use some help.
>     >
>     > Thanks in advance.
>
>     You have a typo in the hostname you're trying to connect to, missing the
>     'g' in management.
>
>     I have a vague memory from other reports of this issue that the problem
>     may be that the value of the certificate(s) in CS.cfg is different from
>     the dogtag NSS database. I'd see if those line up.
>
>     rob
>
>
>
>
> --
> Jeff
>
>
>
Hi Jeff,

according to the output of getcert list, many certificates expired just 
yesterday (auditSigningCert cert-pki-ca, ocspSigningCert cert-pki-ca, 
subsystemCert cert-pki-ca, Server-Cert cert-pki-ca in the PKI NSS DB and 
ipaCert in /etc/httpd/alias).

You can refer to this page:
https://access.redhat.com/solutions/643753
to fix the issue.

It is likely that dogtag cannot authenticate to LDAP because its 
certificate is expired, and hence refuses to start. IMHO the upgrade is 
just an unlucky coincidence (happening the same day as cert expiration) 
but not the root cause.

HTH,
Flo.



From jgoddard at emerlyn.com  Fri Jan  6 16:36:27 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 11:36:27 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
Message-ID: <CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>

Thanks Flo,

I was able to add the host to the keytab once I found the correct command
and then was able to issue

[root at id-management-1 pki-tomcat]# ipa-cacert-manage renew
Renewing CA certificate, please wait
CA certificate successfully renewed
The ipa-cacert-manage command was successful

But the pki-tomcat still fails to start. From the logs I get:

[root at id-management-1 pki-tomcat]# cat localhost.2017-01-06.log  |less
Jan 06, 2017 7:23:44 AM org.apache.catalina.core.ApplicationContext log
SEVERE: StandardWrapper.Throwable
java.lang.NullPointerException
        at com.netscape.cmscore.selftests.SelfTestSubsystem.
shutdown(SelfTestSubsystem.java:1886)
        at com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(
CMSEngine.java:2115)
        at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:2010)
        at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:233)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1625)
        at com.netscape.cms.servlet.base.CMSStartServlet.init(
CMSStartServlet.java:114)
        at javax.servlet.GenericServlet.init(GenericServlet.java:158)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(
SecurityUtil.java:288)
        at org.apache.catalina.security.SecurityUtil$1.run(
SecurityUtil.java:285)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(
SecurityUtil.java:320)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(
SecurityUtil.java:175)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(
SecurityUtil.java:124)
        at org.apache.catalina.core.StandardWrapper.initServlet(
StandardWrapper.java:1270)
        at org.apache.catalina.core.StandardWrapper.loadServlet(
StandardWrapper.java:1195)
        at org.apache.catalina.core.StandardWrapper.load(
StandardWrapper.java:1085)
        at org.apache.catalina.core.StandardContext.loadOnStartup(
StandardContext.java:5318)
        at org.apache.catalina.core.StandardContext.startInternal(
StandardContext.java:5610)
        at org.apache.catalina.util.LifecycleBase.start(
LifecycleBase.java:147)
        at org.apache.catalina.core.ContainerBase.addChildInternal(
ContainerBase.java:899)
        at org.apache.catalina.core.ContainerBase.access$000(
ContainerBase.java:133)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
ContainerBase.java:156)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
ContainerBase.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ContainerBase.addChild(
ContainerBase.java:873)
        at org.apache.catalina.core.StandardHost.addChild(
StandardHost.java:652)
        at org.apache.catalina.startup.HostConfig.deployDescriptor(
HostConfig.java:679)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.
run(HostConfig.java:1966)
        at java.util.concurrent.Executors$RunnableAdapter.
call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

I fond this thread: https://www.redhat.com/archives/freeipa-users/2016-
February/msg00125.html but I don't have self-test logs from today, only
from yesterday. Here are the relevant debug logs from the most recent
restart:

06/Jan/2017:11:13:55][localhost-startStop-1]:
============================================
[06/Jan/2017:11:13:55][localhost-startStop-1]: =====  DEBUG SUBSYSTEM
INITIALIZED   =======
[06/Jan/2017:11:13:55][localhost-startStop-1]:
============================================
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
autoShutdown? false
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look for
cert for auto-shutdown support:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
cert:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=debug
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized debug
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
id=log
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
id=log
[06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit)
[06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system)
[06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions)
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
autoShutdown? false
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look for
cert for auto-shutdown support:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
cert:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=log
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized log
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
id=jss
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
id=jss
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
autoShutdown? false
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look for
cert for auto-shutdown support:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
cert:auditSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=jss
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized jss
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
id=dbs
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
id=dbs
[06/Jan/2017:11:13:55][localhost-startStop-1]: DBSubsystem: init()
mEnableSerialMgmt=true
[06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
LdapBoundConnFactor(DBSubsystem)
[06/Jan/2017:11:13:55][localhost-startStop-1]: LdapBoundConnFactory: init
[06/Jan/2017:11:13:55][localhost-startStop-1]:
LdapBoundConnFactory:doCloning true
[06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init()
[06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init begins
[06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init ends
[06/Jan/2017:11:13:55][localhost-startStop-1]: init: before makeConnection
errorIfDown is true
[06/Jan/2017:11:13:55][localhost-startStop-1]: makeConnection: errorIfDown
true
[06/Jan/2017:11:13:55][localhost-startStop-1]:
SSLClientCertificateSelectionCB: Setting desired cert nickname to:
subsystemCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]: LdapJssSSLSocket: set client
auth cert nickname subsystemCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]:
SSLClientCertificatSelectionCB: Entering!
[06/Jan/2017:11:13:55][localhost-startStop-1]: Candidate cert:
caSigningCert cert-pki-ca
[06/Jan/2017:11:13:55][localhost-startStop-1]:
SSLClientCertificateSelectionCB: returning: null
[06/Jan/2017:11:13:55][localhost-startStop-1]: SSL handshake happened
[06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine.shutdown()

Is there something esle I should be looking at?

Jeff



On Fri, Jan 6, 2017 at 11:23 AM, Florence Blanc-Renaud <flo at redhat.com>
wrote:

> On 01/06/2017 04:47 PM, Jeff Goddard wrote:
>
>> Sorry for the typo. here is the correct output:
>> ldapsearch -h id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>
>> SASL/EXTERNAL authentication started
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>         additional info: SASL(-4): no mechanism available:
>>
>>
>>
>>
>> When I look at the certificates I get errors regarding a host service in
>> the keytab. Here is the output:
>>
>> [root at id-management-1 ca]# getcert list
>> Number of certificates and requests being tracked: 8.
>> Request ID '20150116161829':
>>         status: MONITORING
>>         ca-error: Error setting up ccache for "host" service on client
>> using default keytab: Keytab contains no suitable keys for
>> host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>.
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM'
>> ,nickname='Server-Cert',token='NSS
>> Certificate DB',pinfile='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/pwdfile.
>> txt'
>>         certificate:
>> type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM'
>> ,nickname='Server-Cert',token='NSS
>> Certificate DB'
>>         CA: IPA
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-16 16:18:29 UTC
>>         key usage:
>> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>         eku: id-kp-serverAuth,id-kp-clientAuth
>>         pre-save command:
>>         post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
>> INTERNAL-EMERLYN-COM
>>         track: yes
>>         auto-renew: yes
>> Request ID '20150116162120':
>>         status: MONITORING
>>         ca-error: Error setting up ccache for "host" service on client
>> using default keytab: Keytab contains no suitable keys for
>> host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>.
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>         certificate:
>> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>> Certificate DB'
>>         CA: IPA
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-16 16:21:20 UTC
>>         key usage:
>> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>         eku: id-kp-serverAuth,id-kp-clientAuth
>>         pre-save command:
>>         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174142':
>>         status: CA_UNREACHABLE
>>         ca-error: Internal error
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='au
>> ditSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='au
>> ditSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=CA Audit,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-05 16:18:01 UTC
>>         key usage: digitalSignature,nonRepudiation
>>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>> "auditSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174143':
>>         status: CA_UNREACHABLE
>>         ca-error: Internal error
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS
>> Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS
>> Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=OCSP Subsystem,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-05 16:17:58 UTC
>>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>         eku: id-kp-OCSPSigning
>>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>> "ocspSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174144':
>>         status: CA_UNREACHABLE
>>         ca-error: Internal error
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=CA Subsystem,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-05 16:17:59 UTC
>>         key usage:
>> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>         eku: id-kp-serverAuth,id-kp-clientAuth
>>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>> "subsystemCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174145':
>>         status: CA_UNREACHABLE
>>         ca-error: Internal error
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2035-01-16 16:17:57 UTC
>>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>> "caSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174146':
>>         status: CA_UNREACHABLE
>>         ca-error: Internal error
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>         certificate:
>> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>> Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=IPA RA,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-05 16:18:23 UTC
>>         key usage:
>> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>         eku: id-kp-serverAuth,id-kp-clientAuth
>>         pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
>>         track: yes
>>         auto-renew: yes
>> Request ID '20151217174147':
>>         status: CA_UNREACHABLE
>>         ca-error: Error 60 connecting to
>> https://id-management-1.internal.emerlyn.com:8443/ca/agent/c
>> a/profileReview:
>> Peer certificate cannot be authenticated with given CA certificates.
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-renew-agent
>>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         subject: CN=id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>> <http://INTERNAL.EMERLYN.COM>
>>         expires: 2017-01-05 16:17:59 UTC
>>         key usage:
>> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>         eku: id-kp-serverAuth
>>         pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>> "Server-Cert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>>
>> Looking at the content of /etc/krb5.keytab results in no host entry found:
>>
>> ktutil
>> ktutil:  read_kt /etc/krb5.keytab
>> ktutil:  list
>> slot KVNO Principal
>> ---- ----
>> ---------------------------------------------------------------------
>>    1    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    2    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    3    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    4    1 cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    5    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    6    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    7    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    8    1 cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>    9    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>   10    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>   11    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>   12    2 host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>
>>
>> Trying to add a host entry:
>> kadmin -q "ktadd -k /etc/krb5.keytab
>> host/id-management-1.internal.emerlyn.com
>> <http://id-management-1.internal.emerlyn.com>"
>> Authenticating as principal admin/admin at INTERNAL.EMERLYN.COM
>> <mailto:admin at INTERNAL.EMERLYN.COM> with password.
>> kadmin: Client 'admin/admin at INTERNAL.EMERLYN.COM
>> <mailto:admin at INTERNAL.EMERLYN.COM>' not found in Kerberos database
>> while initializing kadmin interface
>>
>> Yet if I issue kinit admin I get a password prompt and appear to get a
>> ticket. What am I missing?
>>
>>
>>
>>
>>
>> On Fri, Jan 6, 2017 at 10:19 AM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>     Jeff Goddard wrote:
>>     > My environment is freeipa 4.4; centos 7.3. This system was upgraded
>> as
>>     > of yesterday afternoon. I'm unable to start pki-tomcat. The debug
>> log
>>     > show this entry:
>>     >
>>     > Internal Database Error encountered: Could not connect to LDAP
>> server
>>     > host id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>
>>     > <http://id-management-1.internal.emerlyn.com
>>     <http://id-management-1.internal.emerlyn.com>> port 636 Error
>>     > netscape.ldap.LDAPException: Authentication failed (48)
>>     >         at
>>     com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>>     >         at
>>     > com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.
>> java:1169)
>>     >         at
>>     >
>>     com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine
>> .java:1075)
>>     >         at
>>     com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>>     >         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>>     >         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>>     >         at
>>     >
>>     com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartS
>> ervlet.java:114)
>>     >         at javax.servlet.GenericServlet.i
>> nit(GenericServlet.java:158)
>>     >         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>>     >         at
>>     >
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>>     >         at
>>     >
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>>     >         at java.lang.reflect.Method.invoke(Method.java:498)
>>     >         at
>>     > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil
>> .java:288)
>>     >         at
>>     > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil
>> .java:285)
>>     >         at java.security.AccessController.doPrivileged(Native
>> Method)
>>     >         at
>>     javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>     >         at
>>     >
>>     org.apache.catalina.security.SecurityUtil.execute(SecurityUt
>> il.java:320)
>>     >         at
>>     >
>>     org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:175)
>>     >         at
>>     >
>>     org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:124)
>>     >         at
>>     >
>>     org.apache.catalina.core.StandardWrapper.initServlet(Standar
>> dWrapper.java:1270)
>>     >         at
>>     >
>>     org.apache.catalina.core.StandardWrapper.loadServlet(Standar
>> dWrapper.java:1195)
>>     >         at
>>     >
>>     org.apache.catalina.core.StandardWrapper.load(StandardWrappe
>> r.java:1085)
>>     >         at
>>     >
>>     org.apache.catalina.core.StandardContext.loadOnStartup(Stand
>> ardContext.java:5318)
>>     >         at
>>     >
>>     org.apache.catalina.core.StandardContext.startInternal(Stand
>> ardContext.java:5610)
>>     >         at
>>     > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.j
>> ava:147)
>>     >         at
>>     >
>>     org.apache.catalina.core.ContainerBase.addChildInternal(Cont
>> ainerBase.java:899)
>>     >         at
>>     >
>>     org.apache.catalina.core.ContainerBase.access$000(ContainerB
>> ase.java:133)
>>     >         at
>>     >
>>     org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:156)
>>     >         at
>>     >
>>     org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:145)
>>     >         at java.security.AccessController.doPrivileged(Native
>> Method)
>>     >         at
>>     >
>>     org.apache.catalina.core.ContainerBase.addChild(ContainerBas
>> e.java:873)
>>     >         at
>>     > org.apache.catalina.core.StandardHost.addChild(StandardHost.
>> java:652)
>>     >         at
>>     >
>>     org.apache.catalina.startup.HostConfig.deployDescriptor(Host
>> Config.java:679)
>>     >         at
>>     >
>>     org.apache.catalina.startup.HostConfig$DeployDescriptor.run(
>> HostConfig.java:1966)
>>     >         at
>>     >
>>     java.util.concurrent.Executors$RunnableAdapter.call(Executor
>> s.java:511)
>>     >         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>     >         at
>>     >
>>     java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>>     >         at
>>     >
>>     java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>>     >         at java.lang.Thread.run(Thread.java:745)
>>     >
>>     >
>>     > I'm able to get a kerberos ticket using kinit but ldap search
>>     gives this
>>     > error:
>>     >
>>     >  ldapsearch -h id-manaement-1.internal.emerlyn.com
>>     <http://id-manaement-1.internal.emerlyn.com>
>>     > <http://id-manaement-1.internal.emerlyn.com
>>     <http://id-manaement-1.internal.emerlyn.com>> -x -b
>>     > "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
>>     > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>     >
>>     > adding the -d1 debugging tag results in:
>>     >
>>     > ldap_create
>>     > ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
>>     <http://id-manaement-1.internal.emerlyn.com>
>>     > <http://id-manaement-1.internal.emerlyn.com
>>     <http://id-manaement-1.internal.emerlyn.com>>)
>>     > ldap_sasl_bind
>>     > ldap_send_initial_request
>>     > ldap_new_connection 1 1 0
>>     > ldap_int_open_connection
>>     > ldap_connect_to_host: TCP id-manaement-1.internal.emerlyn.com:389
>>     <http://id-manaement-1.internal.emerlyn.com:389>
>>     > <http://id-manaement-1.internal.emerlyn.com:389
>>     <http://id-manaement-1.internal.emerlyn.com:389>>
>>     > ldap_connect_to_host: getaddrinfo failed: Name or service not known
>>     > ldap_err2string
>>     > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>     >
>>     > I'm able to resolve the hostname via nslookup and /etc/hosts has the
>>     > correct mapping entry.
>>     >
>>     > I'm kind of lost at this point and could use some help.
>>     >
>>     > Thanks in advance.
>>
>>     You have a typo in the hostname you're trying to connect to, missing
>> the
>>     'g' in management.
>>
>>     I have a vague memory from other reports of this issue that the
>> problem
>>     may be that the value of the certificate(s) in CS.cfg is different
>> from
>>     the dogtag NSS database. I'd see if those line up.
>>
>>     rob
>>
>>
>>
>>
>> --
>> Jeff
>>
>>
>>
>> Hi Jeff,
>
> according to the output of getcert list, many certificates expired just
> yesterday (auditSigningCert cert-pki-ca, ocspSigningCert cert-pki-ca,
> subsystemCert cert-pki-ca, Server-Cert cert-pki-ca in the PKI NSS DB and
> ipaCert in /etc/httpd/alias).
>
> You can refer to this page:
> https://access.redhat.com/solutions/643753
> to fix the issue.
>
> It is likely that dogtag cannot authenticate to LDAP because its
> certificate is expired, and hence refuses to start. IMHO the upgrade is
> just an unlucky coincidence (happening the same day as cert expiration) but
> not the root cause.
>
> HTH,
> Flo.
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/dc360807/attachment.htm>

From mbasti at redhat.com  Fri Jan  6 16:47:08 2017
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 6 Jan 2017 17:47:08 +0100
Subject: [Freeipa-users] FreeIPA DNS (named)
In-Reply-To: <2147095.G9P568IHvp@techz>
References: <2147095.G9P568IHvp@techz>
Message-ID: <a694f074-635f-0e4e-a484-935e68745197@redhat.com>



On 06.01.2017 15:38, G?nther J. Niederwimmer wrote:
> Hello List,
>
> I have configured my domain (DNSSEC) with Freeipa
>
> Now I have to configure a internal ZONE with the same Domain NAME but with
> internal IP's.
>
> Is it possible to add a "view "internal""  "view "external"" to the named.conf
> or is this overwritten from the FreeIPA DNS Module ??

No it will not work, IPA managed zones cannot be in views, there is no 
support in bind-dyndb-ldap plugin for that.
This is still valid 
https://www.redhat.com/archives/freeipa-users/2016-July/msg00434.html
>
> Is a other way possible to do this with FreeIPA?

No, you can create views only for zones which aren't managed by IPA

>
> Thanks for a answer,
>

Martin



From abrittingham at monetra.com  Fri Jan  6 16:48:07 2017
From: abrittingham at monetra.com (Andy Brittingham)
Date: Fri, 6 Jan 2017 11:48:07 -0500
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <20170106143353.jzwnccdag5ej6zzu@hendrix>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
	<20170106143353.jzwnccdag5ej6zzu@hendrix>
Message-ID: <7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>

Sorry for the delay, was doing some troubleshooting.

Here is what I know now:

The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu 
14.04).

SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.

Users in the admin group can't log into these hosts.

I created a newadmins group and assigned a new user to it. When I add 
the "User Administrator" role the new user can't log into the hosts with 
older sssd.

As soon as I delete the "User Administrator" role, new user has access 
again.

I've pasted the last bit of logs from a sssd_domain log below. I'd be 
happy to forward the entire log, or additional logs if they will be helpful.


Andy


(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[loginExpirationTime]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[loginAllowedTimeMap]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 29
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: sh[0x1b47990], connected[1], ops[0x1b59ab0], 
ldap[0x1b2b030]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no 
errmsg set
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [groups_by_user_done] 
(0x0040): Failed to canonicalize name, using [rob].
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sysdb_search_user_by_name] (0x0400): No such entry
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups] 
(0x2000): Search groups with filter: (&(objectclass=group)(ghost=rob))
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups] 
(0x2000): No such entry
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_delete_user] 
(0x0400): Error: 2 (No such file or directory)
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 0,0,Success
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: sh[0x1b47990], connected[1], ops[(nil)], ldap[0x1b2b030]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: ldap_result found nothing!
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [be_get_account_info] 
(0x0100): Got request for [4099][1][name=monetra]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [be_req_set_domain] 
(0x0400): Changing request domain from [monetra.com] to [monetra.com]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse 
domain SID from [(null)]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not parse 
domain SID from [(null)]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_initgr_next_base] (0x0400): Searching for users with base 
[cn=accounts,dc=monetra,dc=com]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with 
[(&(uid=monetra)(objectclass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))][cn=accounts,dc=monetra,dc=com].
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uid]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userPassword]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [uidNumber]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gidNumber]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [gecos]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [homeDirectory]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginShell]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbPrincipalName]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [memberOf]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[ipaNTSecurityIdentifier]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [modifyTimestamp]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [entryUSN]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowLastChange]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMin]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowMax]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowWarning]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowInactive]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowExpire]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [shadowFlag]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [krbLastPwdChange]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[krbPasswordExpiration]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [pwdAttribute]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [authorizedService]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [accountExpires]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [userAccountControl]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [nsAccountLock]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [host]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [loginDisabled]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[loginExpirationTime]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: 
[loginAllowedTimeMap]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSshPubKey]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 30
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: sh[0x1b47990], connected[1], ops[0x1b5a870], 
ldap[0x1b2b030]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no 
errmsg set
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [groups_by_user_done] 
(0x0040): Failed to canonicalize name, using [monetra].
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] 
[sysdb_search_user_by_name] (0x0400): No such entry
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups] 
(0x2000): Search groups with filter: (&(objectclass=group)(ghost=monetra))
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_search_groups] 
(0x2000): No such entry
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sysdb_delete_user] 
(0x0400): Error: 2 (No such file or directory)
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [acctinfo_callback] 
(0x0100): Request processed. Returned 0,0,Success
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: sh[0x1b47990], connected[1], ops[(nil)], ldap[0x1b2b030]
(Fri Jan  6 10:00:15 2017) [sssd[be[monetra.com]]] [sdap_process_result] 
(0x2000): Trace: ldap_result found nothing!
(Fri Jan  6 10:00:20 2017) [sssd[be[monetra.com]]] 
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan  6 10:00:30 2017) [sssd[be[monetra.com]]] 
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan  6 10:00:40 2017) [sssd[be[monetra.com]]] 
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

^ these last lines continue until (Fri Jan  6 10:04:40 2017).


On 01/06/2017 09:33 AM, Jakub Hrozek wrote:
> On Fri, Jan 06, 2017 at 09:01:12AM -0500, Andy Brittingham wrote:
>> Hi,
>>
>> I upgraded my Freeipa servers to 4.4.0-14 on CentOS 7 yesterday. None of my
>> Ubuntu clients with versions < 16.04 (sssd version 1.13.4) can authenticate
>> against the upgraded servers. It appears the problem is the version of sssd
>> that is installed in the earlier Ubuntu versions. Is this a know issue and
>> does anyone know of a work around for this? The sssd package in the PPA repo
>> for 14.04 ( 1.12.5-1~trusty) didn't fix the issue.
> What do the sssd logs say?
>

-- 
Andy Brittingham
Main Street Softworks
(800)650-9787



From flo at redhat.com  Fri Jan  6 16:52:57 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Fri, 6 Jan 2017 17:52:57 +0100
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
Message-ID: <027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>

On 01/06/2017 05:36 PM, Jeff Goddard wrote:
> Thanks Flo,
>
> I was able to add the host to the keytab once I found the correct
> command and then was able to issue
>
> [root at id-management-1 pki-tomcat]# ipa-cacert-manage renew
> Renewing CA certificate, please wait
> CA certificate successfully renewed
> The ipa-cacert-manage command was successful
>
Hi Jeff,

the "ipa-cacert-manage renew" command renews the CA certificate (the one 
with the alias caSigningCert cert-pki-ca) but not the expired ones. You 
need to follow the instructions linked in my previous e-mail to fix them 
first, basically go back in time by setting the system clock time and 
let certmonger renew them.

HTH,
Flo.

> But the pki-tomcat still fails to start. From the logs I get:
>
> [root at id-management-1 pki-tomcat]# cat localhost.2017-01-06.log  |less
> Jan 06, 2017 7:23:44 AM org.apache.catalina.core.ApplicationContext log
> SEVERE: StandardWrapper.Throwable
> java.lang.NullPointerException
>         at
> com.netscape.cmscore.selftests.SelfTestSubsystem.shutdown(SelfTestSubsystem.java:1886)
>         at
> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEngine.java:2115)
>         at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:2010)
>         at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:233)
>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1625)
>         at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>         at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>         at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>         at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>         at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>         at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>         at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>         at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>         at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
>
> I fond this thread:
> https://www.redhat.com/archives/freeipa-users/2016-February/msg00125.html <https://www.redhat.com/archives/freeipa-users/2016-February/msg00125.html>
> but I don't have self-test logs from today, only from yesterday. Here
> are the relevant debug logs from the most recent restart:
>
> 06/Jan/2017:11:13:55][localhost-startStop-1]:
> ============================================
> [06/Jan/2017:11:13:55][localhost-startStop-1]: =====  DEBUG SUBSYSTEM
> INITIALIZED   =======
> [06/Jan/2017:11:13:55][localhost-startStop-1]:
> ============================================
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=debug
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized debug
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
> id=log
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
> id=log
> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit)
> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system)
> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions)
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=log
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized log
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
> id=jss
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
> id=jss
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
> autoShutdown? false
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
> cert:auditSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init id=jss
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized jss
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
> id=dbs
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
> id=dbs
> [06/Jan/2017:11:13:55][localhost-startStop-1]: DBSubsystem: init()
> mEnableSerialMgmt=true
> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
> LdapBoundConnFactor(DBSubsystem)
> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapBoundConnFactory: init
> [06/Jan/2017:11:13:55][localhost-startStop-1]:
> LdapBoundConnFactory:doCloning true
> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init()
> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init begins
> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init ends
> [06/Jan/2017:11:13:55][localhost-startStop-1]: init: before
> makeConnection errorIfDown is true
> [06/Jan/2017:11:13:55][localhost-startStop-1]: makeConnection:
> errorIfDown true
> [06/Jan/2017:11:13:55][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
> subsystemCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapJssSSLSocket: set
> client auth cert nickname subsystemCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]:
> SSLClientCertificatSelectionCB: Entering!
> [06/Jan/2017:11:13:55][localhost-startStop-1]: Candidate cert:
> caSigningCert cert-pki-ca
> [06/Jan/2017:11:13:55][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: returning: null
> [06/Jan/2017:11:13:55][localhost-startStop-1]: SSL handshake happened
> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine.shutdown()
>
> Is there something esle I should be looking at?
>
> Jeff
>
>
>
> On Fri, Jan 6, 2017 at 11:23 AM, Florence Blanc-Renaud <flo at redhat.com
> <mailto:flo at redhat.com>> wrote:
>
>     On 01/06/2017 04:47 PM, Jeff Goddard wrote:
>
>         Sorry for the typo. here is the correct output:
>         ldapsearch -h id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>         <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>
>         SASL/EXTERNAL authentication started
>         ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>                 additional info: SASL(-4): no mechanism available:
>
>
>
>
>         When I look at the certificates I get errors regarding a host
>         service in
>         the keytab. Here is the output:
>
>         [root at id-management-1 ca]# getcert list
>         Number of certificates and requests being tracked: 8.
>         Request ID '20150116161829':
>                 status: MONITORING
>                 ca-error: Error setting up ccache for "host" service on
>         client
>         using default keytab: Keytab contains no suitable keys for
>         host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>.
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
>         Certificate
>         DB',pinfile='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/pwdfile.txt'
>                 certificate:
>         type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM',nickname='Server-Cert',token='NSS
>         Certificate DB'
>                 CA: IPA
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>         <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-16 16:18:29 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 eku: id-kp-serverAuth,id-kp-clientAuth
>                 pre-save command:
>                 post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
>         INTERNAL-EMERLYN-COM
>                 track: yes
>                 auto-renew: yes
>         Request ID '20150116162120':
>                 status: MONITORING
>                 ca-error: Error setting up ccache for "host" service on
>         client
>         using default keytab: Keytab contains no suitable keys for
>         host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>.
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>         Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>                 certificate:
>         type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>         Certificate DB'
>                 CA: IPA
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>         <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-16 16:21:20 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 eku: id-kp-serverAuth,id-kp-clientAuth
>                 pre-save command:
>                 post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174142':
>                 status: CA_UNREACHABLE
>                 ca-error: Internal error
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>         cert-pki-ca',token='NSS Certificate DB',pin set
>                 certificate:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>         cert-pki-ca',token='NSS Certificate DB'
>                 CA: dogtag-ipa-ca-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=CA Audit,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-05 16:18:01 UTC
>                 key usage: digitalSignature,nonRepudiation
>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>         "auditSigningCert cert-pki-ca"
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174143':
>                 status: CA_UNREACHABLE
>                 ca-error: Internal error
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>         cert-pki-ca',token='NSS
>         Certificate DB',pin set
>                 certificate:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>         cert-pki-ca',token='NSS
>         Certificate DB'
>                 CA: dogtag-ipa-ca-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=OCSP Subsystem,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-05 16:17:58 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyCertSign,cRLSign
>                 eku: id-kp-OCSPSigning
>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>         "ocspSigningCert cert-pki-ca"
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174144':
>                 status: CA_UNREACHABLE
>                 ca-error: Internal error
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>         cert-pki-ca',token='NSS Certificate DB',pin set
>                 certificate:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
>         cert-pki-ca',token='NSS Certificate DB'
>                 CA: dogtag-ipa-ca-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=CA Subsystem,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-05 16:17:59 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 eku: id-kp-serverAuth,id-kp-clientAuth
>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>         "subsystemCert cert-pki-ca"
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174145':
>                 status: CA_UNREACHABLE
>                 ca-error: Internal error
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>         cert-pki-ca',token='NSS Certificate DB',pin set
>                 certificate:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>         cert-pki-ca',token='NSS Certificate DB'
>                 CA: dogtag-ipa-ca-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2035-01-16 16:17:57 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyCertSign,cRLSign
>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>         "caSigningCert cert-pki-ca"
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174146':
>                 status: CA_UNREACHABLE
>                 ca-error: Internal error
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>         Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>                 certificate:
>         type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>         Certificate DB'
>                 CA: dogtag-ipa-ca-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=IPA RA,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-05 16:18:23 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 eku: id-kp-serverAuth,id-kp-clientAuth
>                 pre-save command:
>         /usr/lib64/ipa/certmonger/renew_ra_cert_pre
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
>                 track: yes
>                 auto-renew: yes
>         Request ID '20151217174147':
>                 status: CA_UNREACHABLE
>                 ca-error: Error 60 connecting to
>         https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileReview
>         <https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileReview>:
>         Peer certificate cannot be authenticated with given CA certificates.
>                 stuck: no
>                 key pair storage:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
>         cert-pki-ca',token='NSS Certificate DB',pin set
>                 certificate:
>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
>         cert-pki-ca',token='NSS Certificate DB'
>                 CA: dogtag-ipa-renew-agent
>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 subject: CN=id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>         <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EMERLYN.COM
>         <http://INTERNAL.EMERLYN.COM>
>         <http://INTERNAL.EMERLYN.COM>
>                 expires: 2017-01-05 16:17:59 UTC
>                 key usage:
>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 eku: id-kp-serverAuth
>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>                 post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>         "Server-Cert cert-pki-ca"
>                 track: yes
>                 auto-renew: yes
>
>         Looking at the content of /etc/krb5.keytab results in no host
>         entry found:
>
>         ktutil
>         ktutil:  read_kt /etc/krb5.keytab
>         ktutil:  list
>         slot KVNO Principal
>         ---- ----
>         ---------------------------------------------------------------------
>            1    1
>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            2    1
>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            3    1
>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            4    1
>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            5    1
>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            6    1
>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            7    1
>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            8    1
>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>            9    2
>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>           10    2
>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>           11    2
>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>           12    2
>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>
>
>         Trying to add a host entry:
>         kadmin -q "ktadd -k /etc/krb5.keytab
>         host/id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>         <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>"
>         Authenticating as principal admin/admin at INTERNAL.EMERLYN.COM
>         <mailto:admin at INTERNAL.EMERLYN.COM>
>         <mailto:admin at INTERNAL.EMERLYN.COM
>         <mailto:admin at INTERNAL.EMERLYN.COM>> with password.
>         kadmin: Client 'admin/admin at INTERNAL.EMERLYN.COM
>         <mailto:admin at INTERNAL.EMERLYN.COM>
>         <mailto:admin at INTERNAL.EMERLYN.COM
>         <mailto:admin at INTERNAL.EMERLYN.COM>>' not found in Kerberos database
>         while initializing kadmin interface
>
>         Yet if I issue kinit admin I get a password prompt and appear to
>         get a
>         ticket. What am I missing?
>
>
>
>
>
>         On Fri, Jan 6, 2017 at 10:19 AM, Rob Crittenden
>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
>             Jeff Goddard wrote:
>             > My environment is freeipa 4.4; centos 7.3. This system was
>         upgraded as
>             > of yesterday afternoon. I'm unable to start pki-tomcat.
>         The debug log
>             > show this entry:
>             >
>             > Internal Database Error encountered: Could not connect to
>         LDAP server
>             > host id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>             <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>
>             > <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>
>             <http://id-management-1.internal.emerlyn.com
>         <http://id-management-1.internal.emerlyn.com>>> port 636 Error
>             > netscape.ldap.LDAPException: Authentication failed (48)
>             >         at
>             com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>             >         at
>             >
>         com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>             >         at
>             >
>
>         com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>             >         at
>             com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>             >         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>             >         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>             >         at
>             >
>
>         com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>             >         at
>         javax.servlet.GenericServlet.init(GenericServlet.java:158)
>             >         at
>         sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>             >         at
>             >
>
>         sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>             >         at
>             >
>
>         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>             >         at java.lang.reflect.Method.invoke(Method.java:498)
>             >         at
>             >
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>             >         at
>             >
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>             >         at
>         java.security.AccessController.doPrivileged(Native Method)
>             >         at
>             javax.security.auth.Subject.do
>         <http://javax.security.auth.Subject.do>AsPrivileged(Subject.java:549)
>             >         at
>             >
>
>         org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>             >         at
>             >
>
>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>             >         at
>             >
>
>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>             >         at
>             >
>
>         org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>             >         at
>             >
>
>         org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>             >         at
>             >
>
>         org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>             >         at
>             >
>
>         org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>             >         at
>             >
>
>         org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>             >         at
>             >
>         org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>             >         at
>             >
>
>         org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>             >         at
>             >
>
>         org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>             >         at
>             >
>
>         org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>             >         at
>             >
>
>         org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>             >         at
>         java.security.AccessController.doPrivileged(Native Method)
>             >         at
>             >
>
>         org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>             >         at
>             >
>         org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>             >         at
>             >
>
>         org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>             >         at
>             >
>
>         org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>             >         at
>             >
>
>         java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>             >         at
>         java.util.concurrent.FutureTask.run(FutureTask.java:266)
>             >         at
>             >
>
>         java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>             >         at
>             >
>
>         java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>             >         at java.lang.Thread.run(Thread.java:745)
>             >
>             >
>             > I'm able to get a kerberos ticket using kinit but ldap search
>             gives this
>             > error:
>             >
>             >  ldapsearch -h id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>
>             <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>>
>             > <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>
>             <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>>> -x -b
>             > "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
>             > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>             >
>             > adding the -d1 debugging tag results in:
>             >
>             > ldap_create
>             >
>         ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>
>             <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>>
>             > <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>
>             <http://id-manaement-1.internal.emerlyn.com
>         <http://id-manaement-1.internal.emerlyn.com>>>)
>             > ldap_sasl_bind
>             > ldap_send_initial_request
>             > ldap_new_connection 1 1 0
>             > ldap_int_open_connection
>             > ldap_connect_to_host: TCP
>         id-manaement-1.internal.emerlyn.com:389
>         <http://id-manaement-1.internal.emerlyn.com:389>
>             <http://id-manaement-1.internal.emerlyn.com:389
>         <http://id-manaement-1.internal.emerlyn.com:389>>
>             > <http://id-manaement-1.internal.emerlyn.com:389
>         <http://id-manaement-1.internal.emerlyn.com:389>
>             <http://id-manaement-1.internal.emerlyn.com:389
>         <http://id-manaement-1.internal.emerlyn.com:389>>>
>             > ldap_connect_to_host: getaddrinfo failed: Name or service
>         not known
>             > ldap_err2string
>             > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>             >
>             > I'm able to resolve the hostname via nslookup and
>         /etc/hosts has the
>             > correct mapping entry.
>             >
>             > I'm kind of lost at this point and could use some help.
>             >
>             > Thanks in advance.
>
>             You have a typo in the hostname you're trying to connect to,
>         missing the
>             'g' in management.
>
>             I have a vague memory from other reports of this issue that
>         the problem
>             may be that the value of the certificate(s) in CS.cfg is
>         different from
>             the dogtag NSS database. I'd see if those line up.
>
>             rob
>
>
>
>
>         --
>         Jeff
>
>
>
>     Hi Jeff,
>
>     according to the output of getcert list, many certificates expired
>     just yesterday (auditSigningCert cert-pki-ca, ocspSigningCert
>     cert-pki-ca, subsystemCert cert-pki-ca, Server-Cert cert-pki-ca in
>     the PKI NSS DB and ipaCert in /etc/httpd/alias).
>
>     You can refer to this page:
>     https://access.redhat.com/solutions/643753
>     <https://access.redhat.com/solutions/643753>
>     to fix the issue.
>
>     It is likely that dogtag cannot authenticate to LDAP because its
>     certificate is expired, and hence refuses to start. IMHO the upgrade
>     is just an unlucky coincidence (happening the same day as cert
>     expiration) but not the root cause.
>
>     HTH,
>     Flo.
>
>
>
>
> --
>



From mbasti at redhat.com  Fri Jan  6 16:58:21 2017
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 6 Jan 2017 17:58:21 +0100
Subject: [Freeipa-users] Replication has stopped and server errors
In-Reply-To: <14572427.872232.1483658995510@mail.yahoo.com>
References: <14572427.872232.1483658995510.ref@mail.yahoo.com>
	<14572427.872232.1483658995510@mail.yahoo.com>
Message-ID: <c2d12eb6-1199-45bb-8f24-dc6b6347d5c9@redhat.com>



On 06.01.2017 00:29, sipazzo wrote:
> I have6 ipa servers in 3 locations running 4.2.0-15.0.1on RHEL 7. 
> Ipa1-dev is the CA Renewal and CRL Master server and where most of our 
> updates (host enrollment, password changes) end up taking place.
> Servers had been running fine. Over the holidays we started having 
> some replication issues and looking at 
> /var/log/dirsrv/slapd-REALM-COM/errors showed the following:
>
> All servers currently have these errors for each replica the 
> respective IPA servers are connected to:
> NSMMReplicationPlugin - agmt="cn=meToipa2-dr.example.local" 
> (ipa2-dr:389): Incremental update failed and requires administrator action
> [04/Jan/2017:15:39:48 -0800] agmt="cn=meToipa1-dr.example.local" 
> (ipa1-dr:389) - Can't locate CSN 583c8e74000600110000 in the changelog 
> (DB rc=-30988). If replication stops, the consumer may need to be 
> reinitialized
> NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" 
> (ipa1-prod:389): Data required to update replica has been purged. The 
> replica must be reinitialized.
> [04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - 
> agmt="cn=meToipa2-dev.example.local" (ipa2-dev:389): Incremental 
> update failed and requires administrator action
> [04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - 
> agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Incremental 
> update failed and requires administrator action
> [04/Jan/2017:13:33:27 -0800] agmt="cn=meToipa2-prod.example.local" 
> (ipa2-prod:389) - Can't locate CSN 586d69f0000400120000 in the 
> changelog (DB rc=-30988). If replication stops, the consumer may need 
> to be reinitialized.
> And all servers have these types of errors which are worrisome but 
> they go back quite a way
> *NSACL*Plugin - The ACL target cn=dns,dc=example,dc=local does not exist
> *NSACL*Plugin - The ACL target cn=dns,dc=example,dc=local does not exist
> *NSACL*Plugin - The ACL target cn=groups,cn=compat,dc=example,dc=local 
> does not exist
> *NSACL*Plugin - The ACL target 
> cn=computers,cn=compat,dc=example,dc=local does not exist
> *NSACL*Plugin - The ACL target cn=casigningcert 
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist
> *NSACL*Plugin - The ACL target cn=casigningcert 
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist
> *NSACL*Plugin - The ACL target ou=sudoers,dc=networkfleet,dc=local 
> does not exist
^^^ just INFO messages, you can ignore them


> All servers except one have a lot of these
> DSRetroclPlugin - delete_changerecord: could not delete change record
> Ipa1-dev only has this
> 04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - 
> agmt="cn=masterAgreement1-ipa1-prod.example.local-pki-tomcat" 
> (ipa1-prod:389): Replication bind with *SIMPLE* auth resumed
> [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - 
> agmt="cn=masterAgreement1-ipa2-dr.example.local-pki-tomcat" 
> (ipa2-dr:389): Replication bind with *SIMPLE* auth resumed
> [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - 
> agmt="cn=masterAgreement1-ipa1-dr.example.local-pki-tomcat" 
> (ipa1-dr:389): Replication bind with *SIMPLE* auth resumed
> [04/Jan/2017:18:36:53 -0800] NSMMReplicationPlugin - 
> agmt="cn=masterAgreement1-ipa2-prod.example.local-pki-tomcat" 
> (ipa2-prod:389): Replication bind with *SIMPLE* auth resumed
> 3 servers (ipa1-dr ipa2-dr ipa2-prod) have these errors:
> [01/Jan/2017:14:43:06 -0800] - libdb: BDB2055 Lock table is out of 
> available lock entries
> [01/Jan/2017:14:43:06 -0800] - compactdb: failed to compact changelog; 
> db error - 12 Cannot allocate memory

you probably need https://access.redhat.com/solutions/1241063 to 
increase number of locks (or in this thread 
https://lists.fedoraproject.org/pipermail/389-users/2011-June/013299.html)

I would first increase the number of locks, and then look if something 
improved.
We also don't know how your topology looks like, which servers are 
connected together.

Martin

> 4 servers (ipa1-dev, ipa2-dev, ipa1-dr and ipa2-dr) have these errors
> [04/Jan/2017:15:37:21 -0800] slapd_ldap_sasl_interactive_bind - Error: 
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 
> -1 (Can't contact LDAP server) ((null)) errno 107 (*Transport* 
> endpoint is not connected)
> [04/Jan/2017:15:37:24 -0800] slapd_ldap_sasl_interactive_bind - Error: 
> could not perform interactive bind for id [] mech [GSSAPI]: LDAP error 
> -1 (Can't contact LDAP server) ((null)) errno 107 (*Transport* 
> endpoint is not connected)
>
> I have tried various combinations or restarting, re-initializing, 
> disconnecting and reconnecting replicas but am down to only two 
> servers replicating with each other currently (ipa1-dev and ipa2-dev). 
> We did have a power outage at the dev location but it does not seem to 
> correspond to when the errors started? Not sure how to recover from 
> this. Any help is appreciated
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/514a034a/attachment.htm>

From jgiger at verizon.com  Fri Jan  6 17:10:25 2017
From: jgiger at verizon.com (Giger, Justean)
Date: Fri, 6 Jan 2017 12:10:25 -0500
Subject: [Freeipa-users] disable inactive accounts and delete old accounts
Message-ID: <D4950F81.6645E%jgiger@one.verizon.com>

I am trying to use the krblastsuccessfulauth attribute to detect accounts that have been inactive for >90 days as per this post: https://www.redhat.com/archives/freeipa-users/2015-March/msg00052.html
I need to be able to disable these accounts at 90 days then delete them after 180 days.
However, I find most of my users do not have the krblastsuccessfulauth attribute populated. This is not because their accounts have never been used as I see they do have valid passwords which expire in the future so they had to login at least once (not necessarily with Kerberos though). Is there another attribute we can/should use for this?

Justean Giger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/80aaa147/attachment.htm>

From tk at mdevsys.com  Fri Jan  6 17:14:45 2017
From: tk at mdevsys.com (TomK)
Date: Fri, 6 Jan 2017 12:14:45 -0500
Subject: [Freeipa-users] FreeIPA + /etc/named.conf
In-Reply-To: <f68f64fa-d1af-2a7d-ef77-8ffe098b4914@redhat.com>
References: <057676d6-5280-2348-827b-13ef4b4126a3@mdevsys.com>
	<f68f64fa-d1af-2a7d-ef77-8ffe098b4914@redhat.com>
Message-ID: <cd67e097-2ad5-7331-35fd-880b48bb5f03@mdevsys.com>

On 1/5/2017 2:17 PM, Martin Basti wrote:
>
>
> On 05.01.2017 20:03, TomK wrote:
>> Hey All,
>>
>> QQ.
>>
>> Should the DNS forwarders be updated in /etc/named.conf?  Until I
>> manually change /etc/named.conf, can't ping the windows AD cluster:
>> mds.xyz.  Nor can I get dig to resolve the SRV records (dig SRV
>> _ldap._tcp.mds.xyz).
>>
>> sssd-ipa-1.14.0-43.el7_3.4.x86_64
>> ipa-client-4.4.0-14.el7.centos.x86_64
>>
>> IPA command below indicates that it's set to 'first' but that's not
>> what's in /etc/named.conf file when I check.  Again, it works if I
>> change /etc/named.conf manually.
>>
>
> Forwarder settings has priority:
>
> named.conf < global forwarders (ipa dnsconfig-mod) < local dns server
> config (ipa dnsserver-*) < forwardzones (applied per query, not as
> global forwarder)
>
> so what is in named.conf is usually always overwritten
>
>
> How did you edited the named.conf?
>
> Does dig @192.168.0.224 SRV _ldap._tcp.mds.xyz. works?
> Do you have any errors in journalctl -u named-pkcs11 ??
>
> Martin

Thanks Martin.

Yes, with the manual update of /etc/named.conf this command works, as I 
posted earlier (It doesn't work without the manual update of 
/etc/named.conf to  forward first; ):

dig @192.168.0.224 SRV _ldap._tcp.mds.xyz.

;; ANSWER SECTION:
_ldap._tcp.mds.xyz.     3600    IN      SRV     0 100 389 winad02.mds.xyz.
_ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 winad01.mds.xyz.

Yes I stumbled on the journalctl command but really haven't seen 
anything applicable to my scenario AFAIKT.  Nontheless, logs available 
below:

http://microdevsys.com/freeipa/named-pkcs11-working.log
http://microdevsys.com/freeipa/named-pkcs11-non-working.log
http://microdevsys.com/freeipa/named-pkcs11-working-again.log

I'm still going over them.  The only message that seamed to make sense was:

ignoring inherited 'forward first;' for zone '.' - did you want 'forward 
only;' to override automatic empty zone

but it appears in both the working and non-working situations so isn't 
looking significant ATM and nothing I found applied to this scenario.  Btw:

[root at idmipa01 log]# cat /etc/resolv.conf
search nix.mds.xyz mds.xyz
nameserver 127.0.0.1
You have new mail in /var/spool/mail/root
[root at idmipa01 log]#

And based on earlier chats, that's how it should stay.  Resolution of AD 
ID's does work from clients though (When I have forward first; in 
/etc/named.conf)



-- 
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.




From jamesaharrisonuk at yahoo.co.uk  Fri Jan  6 17:15:24 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Fri, 6 Jan 2017 17:15:24 +0000 (UTC)
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <1588224621.467679.1483623416628@mail.yahoo.com>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
Message-ID: <1302294420.1935936.1483722924050@mail.yahoo.com>

Any ideas?
      From: James Harrison <jamesaharrisonuk at yahoo.co.uk>
 To: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
 Sent: Thursday, 5 January 2017, 13:36
 Subject: FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
   
Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
I get 1 rule returned, which I expect.
Many thanks,James Harrison


(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [x_james.harrison] from [domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c11e30

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c1da40

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c1da40 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*))(&(dataExpireTimestamp<=1483618197)))]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c11e30

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c11e30 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c11d70 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c18790

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c1b720

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c18790 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c1b720 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c18790 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c12600

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c12600 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c0f550 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c12600 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*)))]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c0f550

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x1c0dfd0

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Running timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Destroying timer event 0x1c0dfd0 "ltdb_timeout"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Ending timer event 0x1c0f550 "ltdb_callback"

(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [x_james.harrison at domain.com]
(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [service_send_ping] (0x2000): Pinging pac
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Jan? 5 12:10:00 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_sudo.log <==

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790

==> sssd/sssd_pam.log <==

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:00 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:00 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:10 2017) [sssd] [service_send_ping] (0x2000): Pinging pac

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service
(Thu Jan? 5 12:10:10 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0

==> sssd/sssd_ssh.log <==

==> sssd/sssd_pam.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:10 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:10 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1082600012] pid[5470].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected!
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_unix(sudo:auth): authentication failure; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost=? user=x_james.harrison

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [x_james.harrison] not found in PAM cache.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x410090:3:x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [domain.com][0x3][BE_REQ_INITGROUPS][1][name=x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2469f20
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x410090:3:x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2469f20
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x24710e0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x24711a0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x24710e0 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x24711a0 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x24710e0 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [x_james.harrison] added to PAM initgroup cache
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2470c00
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x410090:3:x_james.harrison at domain.com]

==> syslog <==
Jan? 5 12:10:17 pul-lp-sql-00 kernel: [ 1272.582518] audit: type=1400 audit(1483618217.180:43): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/1082600012" pid=5570 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2470c00
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): start ldb transaction (nesting: 0)
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x247c620

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x247c6e0

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x247c620 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x247c6e0 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x247c620 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): commit ldb transaction (nesting: 0)
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 84
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_sss(sudo:auth): authentication success; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost= user=x_james.harrison

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User [x_james.harrison] found in PAM cache.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x2478550

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x247bc80

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Running timer event 0x2478550 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer event 0x247bc80 "ltdb_timeout"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event 0x2478550 "ltdb_callback"

(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x246dd70
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x246dd70
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 35
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> auth.log <==
Jan? 5 12:10:17 pul-lp-sql-00 sudo: x_james.harrison : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/x_james.harrison ; USER=root ; COMMAND=/bin/bash

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [client_recv] (0x0200): Client disconnected!

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [client_recv] (0x0200): Client disconnected!

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [client_destructor] (0x2000): Terminated client [0x2466e50][19]

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:17 2017) [sssd[sudo]] [client_destructor] (0x2000): Terminated client [0x1c0e770][18]

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging domain.com
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging nss
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9b30
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging sudo
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging pam
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging ssh

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x1c06b10
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:20 2017) [sssd] [service_send_ping] (0x2000): Pinging pac

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_add_timeout] (0x2000): 0x8d8720

==> sssd/sssd_sudo.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2464b20
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd.log <==

==> sssd/sssd_sudo.log <==

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9b30

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0xe9ab20
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.ping on path /org/freedesktop/sssd/service

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd870
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.

==> sssd/sssd_ssh.log <==
(Thu Jan? 5 12:10:20 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service nss replied to ping

==> sssd/sssd_ssh.log <==

==> sssd/sssd.log <==
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8f0790
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8d7c00
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service domain.com replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8de810
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e21f0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service sudo replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8efea0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e6d90
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service pam replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8d8720
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8e4da0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service pac replied to ping
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x8e9cb0
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x8dd340
(Thu Jan? 5 12:10:20 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Thu Jan? 5 12:10:20 2017) [sssd] [ping_check] (0x2000): Service ssh replied to ping

==> sssd/sssd_pam.log <==
(Thu Jan? 5 12:10:22 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000): [x_james.harrison] removed from PAM initgroup cache
root at pul-lp-sql-00:/var/log# fg
tail -f auth.log syslog sssd/*.log
^C
root at pul-lp-sql-00:/var/log# 



   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/4020cb7f/attachment.htm>

From mmalek at iisg.agh.edu.pl  Fri Jan  6 17:31:25 2017
From: mmalek at iisg.agh.edu.pl (=?UTF-8?Q?Mateusz_Ma=c5=82ek?=)
Date: Fri, 6 Jan 2017 18:31:25 +0100
Subject: [Freeipa-users] IPA to IPA migration
In-Reply-To: <cf73089f-262a-d1c6-df41-5642df940ee9@brownpapertickets.com>
References: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>
	<586E637A.5060107@redhat.com>
	<cf73089f-262a-d1c6-df41-5642df940ee9@brownpapertickets.com>
Message-ID: <e75982ff-80fa-a090-6361-99135f15dea4@iisg.agh.edu.pl>

Hi,

On 06.01.2017 16:42, Ian Harding wrote:
> On 01/05/2017 07:17 AM, Rob Crittenden wrote:
>> Timothy Geier wrote:
>>> This is something I?ve looked at lately and a manual proof of concept I
>>> just did makes it seem theoretically possible (...)
>> Why migrate at all?
> Maybe I'm just not smart enough, but I suspect others have wished they
> could just throw in the towel and start over.  I would if it were
> relatively easy, that is, if I could export and reimport users (ideally
> with passwords), hosts, groups, hbac rules, etc.  I woudln't even mind
> having to re-enroll them.

There are some ways to migrate passwords between FreeIPA instances, but 
I would say that mine it's not for the faint-hearted. You absolutely 
MUST be faimiliar with LDAP and Kerberos. I had to change my realm name, 
as it was decided that "mine" IPA would replace few other user databases 
- here's what have worked for me (details omitted to prevent 
inexperienced from copy-paste disaster):

First, you have to prepare new FreeIPA instance. Start with single 
machine and ipa-server-install - "migration" would render all Kerberos 
keys in target instance unusable, so do not create any replicas, do not 
create any additional users and do not join any hosts.
Then, extract Kerberos master key from old deployment and transfer it to 
new instance. It is stored in krbMKey attribute of K/M principal in 
Kerberos subtree of 389 DS instance used by IPA.
Now the tricky part - you have to recreate principal keys for all LDAP 
entries with krbPrincipalKey. You can, for example, create completely 
random principals with kadmin.local and copy their krbPrincipalKeys to 
broken entries. You also have to re-export service keytabs - also using 
kadmin.local; there are 6 *.keytab files on IPA server with DNS and CA 
roles installed - host, 389 Directory Server, Dogtag, Apache, BIND and 
DNSSEC key sync daemon.
After you've done that, restart all IPA services (`ipactl restart` or 
simply reboot whole machine).

Finally, copy all user entries from old IPA LDAP instance to your new 
deployment (make sure krbPrincipalName and krbCanonicalName match your 
new realm name) and all users would be able to authenticate using their 
existing passwords (using both Kerberos and simple LDAP bind). Now, you 
can create additional replicas and re-enroll existing hosts.

This is very tricky solution and definitely not a proper one. But hey, 
it works! No issues so far, but YMMV.

Other option could be to use (deprecated) -P/--master-password switch 
during FreeIPA installation - if you, by any chance, know previously 
generated master password (or you are able to recover it).

You can probably also try using `kdb5_util dump` with ` -mkey_convert` 
switch and then import data using `kdb5_util load`. I think this would 
be the best solution, as two previous make old and new instance share 
(master) key material - which seems security unwise, if you don't plan 
to trash old instance anyway. Unfortunately, I had troubles getting it 
to work, so I moved to a more "brute force" approach. :(

--
Best regards
Mateusz Ma?ek



From freeipa at jacobdevans.com  Fri Jan  6 19:24:50 2017
From: freeipa at jacobdevans.com (Jake)
Date: Fri, 6 Jan 2017 14:24:50 -0500 (EST)
Subject: [Freeipa-users] Should IPA Replica DNS SOA Serials match?
Message-ID: <2074599111.40102.1483730690410@lux.jacobdevans.com>

Hey All, 
I currently have 4 ipa 4.2 masters and none of the SOA Serials match, is this expected behavior of bind-ldap? 

ipa01 - 1483710336 
ipa02 - 1483709696 
ipa03 - 1483730432 
ipa04 - 1483714048 

Thanks! 

-Jake 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/f7f23a53/attachment.htm>

From jbaird at follett.com  Fri Jan  6 19:38:19 2017
From: jbaird at follett.com (Baird, Josh)
Date: Fri, 6 Jan 2017 19:38:19 +0000
Subject: [Freeipa-users] Should IPA Replica DNS SOA Serials match?
In-Reply-To: <2074599111.40102.1483730690410@lux.jacobdevans.com>
References: <2074599111.40102.1483730690410@lux.jacobdevans.com>
Message-ID: <BY2PR0301MB1623CFA7A175A91C6E5D1113CF630@BY2PR0301MB1623.namprd03.prod.outlook.com>

Yes, this is expected.

>From the IPA documentation [1]:

"The IdM-integrated DNS is multi-master. SOA serial numbers in IdM zones are not synchronized between IdM servers. For this reason, configure DNS slave servers to only use one IdM master server. This prevents zone transfer failures caused by non-synchronized SOA serial numbers."

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-master-dns-zones.html#zone-transfers

Thanks,

Josh

From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Jake
Sent: Friday, January 6, 2017 2:25 PM
To: freeipa-users <freeipa-users at redhat.com>
Subject: [Freeipa-users] Should IPA Replica DNS SOA Serials match?

Hey All,
I currently have 4 ipa 4.2 masters and none of the SOA Serials match, is this expected behavior of bind-ldap?

ipa01 - 1483710336
ipa02 - 1483709696
ipa03 - 1483730432
ipa04 - 1483714048

Thanks!

-Jake



From freeipa at jacobdevans.com  Fri Jan  6 19:45:45 2017
From: freeipa at jacobdevans.com (Jake)
Date: Fri, 6 Jan 2017 14:45:45 -0500 (EST)
Subject: [Freeipa-users] unable to add or remove replica after prepare and
 failed replication
Message-ID: <249608026.40160.1483731945229@jersey.jacobdevans.com>

Hey All, 

I need to reinstall the replica ipa03.ipa.example.com after ipa-server-install --uninstall, however. 


ipa-replica-install replica-info-ipa03.example.com.gpg 
Directory Manager (existing master) password: 

The host ipa03.example.com already exists on the master server. 
You should remove it before proceeding: 
% ipa host-del ipa03.example.com 
ipa.ipapython.install.cli.install_tool(Replica): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information 

So on the master I ran: 

ipa-replica-manage del ipa03.ipa.example.com 
' ipa01 .ipa. example.com ' has no replication agreement for ' ipa0 3 .ipa. example.com ' 

ipa host-del ipa03.ipa.example.com 
ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or disabled 

Help? 

Thanks Again, 
- Jake 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/7b626468/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipa-failed-error.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/7b626468/attachment.txt>

From jgoddard at emerlyn.com  Fri Jan  6 20:07:38 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 15:07:38 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
Message-ID: <CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>

Flo,

I'm not able to access the link you posted. I did find this thread though
https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html and
have set the time back and resubmitted a request. Still no success. Any
further hints?


On Fri, Jan 6, 2017 at 11:52 AM, Florence Blanc-Renaud <flo at redhat.com>
wrote:

> On 01/06/2017 05:36 PM, Jeff Goddard wrote:
>
>> Thanks Flo,
>>
>> I was able to add the host to the keytab once I found the correct
>> command and then was able to issue
>>
>> [root at id-management-1 pki-tomcat]# ipa-cacert-manage renew
>> Renewing CA certificate, please wait
>> CA certificate successfully renewed
>> The ipa-cacert-manage command was successful
>>
>> Hi Jeff,
>
> the "ipa-cacert-manage renew" command renews the CA certificate (the one
> with the alias caSigningCert cert-pki-ca) but not the expired ones. You
> need to follow the instructions linked in my previous e-mail to fix them
> first, basically go back in time by setting the system clock time and let
> certmonger renew them.
>
> HTH,
> Flo.
>
> But the pki-tomcat still fails to start. From the logs I get:
>>
>> [root at id-management-1 pki-tomcat]# cat localhost.2017-01-06.log  |less
>> Jan 06, 2017 7:23:44 AM org.apache.catalina.core.ApplicationContext log
>> SEVERE: StandardWrapper.Throwable
>> java.lang.NullPointerException
>>         at
>> com.netscape.cmscore.selftests.SelfTestSubsystem.shutdown(Se
>> lfTestSubsystem.java:1886)
>>         at
>> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems(CMSEn
>> gine.java:2115)
>>         at com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine.java:
>> 2010)
>>         at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:233)
>>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1625)
>>         at
>> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartS
>> ervlet.java:114)
>>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:175)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:124)
>>         at
>> org.apache.catalina.core.StandardWrapper.initServlet(Standar
>> dWrapper.java:1270)
>>         at
>> org.apache.catalina.core.StandardWrapper.loadServlet(Standar
>> dWrapper.java:1195)
>>         at
>> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>>         at
>> org.apache.catalina.core.StandardContext.loadOnStartup(Stand
>> ardContext.java:5318)
>>         at
>> org.apache.catalina.core.StandardContext.startInternal(Stand
>> ardContext.java:5610)
>>         at
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>>         at
>> org.apache.catalina.core.ContainerBase.addChildInternal(Cont
>> ainerBase.java:899)
>>         at
>> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:156)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:145)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>>         at
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>>         at
>> org.apache.catalina.startup.HostConfig.deployDescriptor(Host
>> Config.java:679)
>>         at
>> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(
>> HostConfig.java:1966)
>>         at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>         at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>>         at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>>         at java.lang.Thread.run(Thread.java:745)
>>
>> I fond this thread:
>> https://www.redhat.com/archives/freeipa-users/2016-February/msg00125.html
>> <https://www.redhat.com/archives/freeipa-users/2016-February
>> /msg00125.html>
>> but I don't have self-test logs from today, only from yesterday. Here
>> are the relevant debug logs from the most recent restart:
>>
>> 06/Jan/2017:11:13:55][localhost-startStop-1]:
>> ============================================
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: =====  DEBUG SUBSYSTEM
>> INITIALIZED   =======
>> [06/Jan/2017:11:13:55][localhost-startStop-1]:
>> ============================================
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
>> autoShutdown? false
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
>> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
>> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
>> cert:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init
>> id=debug
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized
>> debug
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
>> id=log
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
>> id=log
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
>> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit)
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
>> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/system)
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
>> RollingLogFile(/var/lib/pki/pki-tomcat/logs/ca/transactions)
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
>> autoShutdown? false
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
>> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
>> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
>> cert:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init
>> id=log
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized log
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
>> id=jss
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
>> id=jss
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: restart at
>> autoShutdown? false
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: autoShutdown
>> crumb file path? /var/lib/pki/pki-tomcat/logs/autoShutdown.crumb
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: about to look
>> for cert for auto-shutdown support:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: found
>> cert:auditSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: done init
>> id=jss
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initialized jss
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: initSubsystem
>> id=dbs
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine: ready to init
>> id=dbs
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: DBSubsystem: init()
>> mEnableSerialMgmt=true
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: Creating
>> LdapBoundConnFactor(DBSubsystem)
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapBoundConnFactory: init
>> [06/Jan/2017:11:13:55][localhost-startStop-1]:
>> LdapBoundConnFactory:doCloning true
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init()
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init begins
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapAuthInfo: init ends
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: init: before
>> makeConnection errorIfDown is true
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: makeConnection:
>> errorIfDown true
>> [06/Jan/2017:11:13:55][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
>> subsystemCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: LdapJssSSLSocket: set
>> client auth cert nickname subsystemCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]:
>> SSLClientCertificatSelectionCB: Entering!
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: Candidate cert:
>> caSigningCert cert-pki-ca
>> [06/Jan/2017:11:13:55][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: returning: null
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: SSL handshake happened
>> [06/Jan/2017:11:13:55][localhost-startStop-1]: CMSEngine.shutdown()
>>
>> Is there something else I should be looking at?
>>
>> Jeff
>>
>>
>>
>> On Fri, Jan 6, 2017 at 11:23 AM, Florence Blanc-Renaud <flo at redhat.com
>> <mailto:flo at redhat.com>> wrote:
>>
>>     On 01/06/2017 04:47 PM, Jeff Goddard wrote:
>>
>>         Sorry for the typo. here is the correct output:
>>         ldapsearch -h id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>         <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>
>>         SASL/EXTERNAL authentication started
>>         ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>                 additional info: SASL(-4): no mechanism available:
>>
>>
>>
>>
>>         When I look at the certificates I get errors regarding a host
>>         service in
>>         the keytab. Here is the output:
>>
>>         [root at id-management-1 ca]# getcert list
>>         Number of certificates and requests being tracked: 8.
>>         Request ID '20150116161829':
>>                 status: MONITORING
>>                 ca-error: Error setting up ccache for "host" service on
>>         client
>>         using default keytab: Keytab contains no suitable keys for
>>         host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> >
>>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>.
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM'
>> ,nickname='Server-Cert',token='NSS
>>         Certificate
>>         DB',pinfile='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/pwdfile.txt'
>>                 certificate:
>>         type=NSSDB,location='/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM'
>> ,nickname='Server-Cert',token='NSS
>>         Certificate DB'
>>                 CA: IPA
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>         <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EM
>> ERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-16 16:18:29 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>                 eku: id-kp-serverAuth,id-kp-clientAuth
>>                 pre-save command:
>>                 post-save command: /usr/lib64/ipa/certmonger/rest
>> art_dirsrv
>>         INTERNAL-EMERLYN-COM
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20150116162120':
>>                 status: MONITORING
>>                 ca-error: Error setting up ccache for "host" service on
>>         client
>>         using default keytab: Keytab contains no suitable keys for
>>         host/id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> >
>>         <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>> <mailto:id-management-1.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>.
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>> ',token='NSS
>>         Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>                 certificate:
>>         type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>> ',token='NSS
>>         Certificate DB'
>>                 CA: IPA
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>         <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EM
>> ERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-16 16:21:20 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>                 eku: id-kp-serverAuth,id-kp-clientAuth
>>                 pre-save command:
>>                 post-save command: /usr/lib64/ipa/certmonger/rest
>> art_httpd
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174142':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Internal error
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='au
>> ditSigningCert
>>         cert-pki-ca',token='NSS Certificate DB',pin set
>>                 certificate:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='au
>> ditSigningCert
>>         cert-pki-ca',token='NSS Certificate DB'
>>                 CA: dogtag-ipa-ca-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=CA Audit,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-05 16:18:01 UTC
>>                 key usage: digitalSignature,nonRepudiation
>>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ca_cert
>>         "auditSigningCert cert-pki-ca"
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174143':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Internal error
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='oc
>> spSigningCert
>>         cert-pki-ca',token='NSS
>>         Certificate DB',pin set
>>                 certificate:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='oc
>> spSigningCert
>>         cert-pki-ca',token='NSS
>>         Certificate DB'
>>                 CA: dogtag-ipa-ca-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=OCSP Subsystem,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-05 16:17:58 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>                 eku: id-kp-OCSPSigning
>>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ca_cert
>>         "ocspSigningCert cert-pki-ca"
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174144':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Internal error
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='su
>> bsystemCert
>>         cert-pki-ca',token='NSS Certificate DB',pin set
>>                 certificate:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='su
>> bsystemCert
>>         cert-pki-ca',token='NSS Certificate DB'
>>                 CA: dogtag-ipa-ca-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=CA Subsystem,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-05 16:17:59 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>                 eku: id-kp-serverAuth,id-kp-clientAuth
>>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ca_cert
>>         "subsystemCert cert-pki-ca"
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174145':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Internal error
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ca
>> SigningCert
>>         cert-pki-ca',token='NSS Certificate DB',pin set
>>                 certificate:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ca
>> SigningCert
>>         cert-pki-ca',token='NSS Certificate DB'
>>                 CA: dogtag-ipa-ca-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2035-01-16 16:17:57 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ca_cert
>>         "caSigningCert cert-pki-ca"
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174146':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Internal error
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',to
>> ken='NSS
>>         Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>                 certificate:
>>         type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',to
>> ken='NSS
>>         Certificate DB'
>>                 CA: dogtag-ipa-ca-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=IPA RA,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-05 16:18:23 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>                 eku: id-kp-serverAuth,id-kp-clientAuth
>>                 pre-save command:
>>         /usr/lib64/ipa/certmonger/renew_ra_cert_pre
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ra_cert
>>                 track: yes
>>                 auto-renew: yes
>>         Request ID '20151217174147':
>>                 status: CA_UNREACHABLE
>>                 ca-error: Error 60 connecting to
>>         https://id-management-1.internal.emerlyn.com:8443/ca/agent/c
>> a/profileReview
>>         <https://id-management-1.internal.emerlyn.com:8443/ca/agent/
>> ca/profileReview>:
>>         Peer certificate cannot be authenticated with given CA
>> certificates.
>>                 stuck: no
>>                 key pair storage:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Se
>> rver-Cert
>>         cert-pki-ca',token='NSS Certificate DB',pin set
>>                 certificate:
>>         type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Se
>> rver-Cert
>>         cert-pki-ca',token='NSS Certificate DB'
>>                 CA: dogtag-ipa-renew-agent
>>                 issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 subject: CN=id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>         <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EM
>> ERLYN.COM
>>         <http://INTERNAL.EMERLYN.COM>
>>         <http://INTERNAL.EMERLYN.COM>
>>                 expires: 2017-01-05 16:17:59 UTC
>>                 key usage:
>>         digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>                 eku: id-kp-serverAuth
>>                 pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>                 post-save command: /usr/lib64/ipa/certmonger/rene
>> w_ca_cert
>>         "Server-Cert cert-pki-ca"
>>                 track: yes
>>                 auto-renew: yes
>>
>>         Looking at the content of /etc/krb5.keytab results in no host
>>         entry found:
>>
>>         ktutil
>>         ktutil:  read_kt /etc/krb5.keytab
>>         ktutil:  list
>>         slot KVNO Principal
>>         ---- ----
>>         ------------------------------------------------------------
>> ---------
>>            1    1
>>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            2    1
>>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            3    1
>>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            4    1
>>         cifs/shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:shares-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            5    1
>>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            6    1
>>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            7    1
>>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            8    1
>>         cifs/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>            9    2
>>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>           10    2
>>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>           11    2
>>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>           12    2
>>         host/files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
>>         <mailto:files-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM>>
>>
>>
>>         Trying to add a host entry:
>>         kadmin -q "ktadd -k /etc/krb5.keytab
>>         host/id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>         <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>"
>>         Authenticating as principal admin/admin at INTERNAL.EMERLYN.COM
>>         <mailto:admin at INTERNAL.EMERLYN.COM>
>>         <mailto:admin at INTERNAL.EMERLYN.COM
>>         <mailto:admin at INTERNAL.EMERLYN.COM>> with password.
>>         kadmin: Client 'admin/admin at INTERNAL.EMERLYN.COM
>>         <mailto:admin at INTERNAL.EMERLYN.COM>
>>         <mailto:admin at INTERNAL.EMERLYN.COM
>>         <mailto:admin at INTERNAL.EMERLYN.COM>>' not found in Kerberos
>> database
>>         while initializing kadmin interface
>>
>>         Yet if I issue kinit admin I get a password prompt and appear to
>>         get a
>>         ticket. What am I missing?
>>
>>
>>
>>
>>
>>         On Fri, Jan 6, 2017 at 10:19 AM, Rob Crittenden
>>         <rcritten at redhat.com <mailto:rcritten at redhat.com>
>>         <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>>
>>             Jeff Goddard wrote:
>>             > My environment is freeipa 4.4; centos 7.3. This system was
>>         upgraded as
>>             > of yesterday afternoon. I'm unable to start pki-tomcat.
>>         The debug log
>>             > show this entry:
>>             >
>>             > Internal Database Error encountered: Could not connect to
>>         LDAP server
>>             > host id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>             <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>
>>             > <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>
>>             <http://id-management-1.internal.emerlyn.com
>>         <http://id-management-1.internal.emerlyn.com>>> port 636 Error
>>             > netscape.ldap.LDAPException: Authentication failed (48)
>>             >         at
>>             com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:6
>> 76)
>>             >         at
>>             >
>>         com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.
>> java:1169)
>>             >         at
>>             >
>>
>>         com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine
>> .java:1075)
>>             >         at
>>             com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>>             >         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>>             >         at com.netscape.certsrv.apps.CMS.
>> start(CMS.java:1616)
>>             >         at
>>             >
>>
>>         com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartS
>> ervlet.java:114)
>>             >         at
>>         javax.servlet.GenericServlet.init(GenericServlet.java:158)
>>             >         at
>>         sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>             >         at
>>             >
>>
>>         sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>>             >         at
>>             >
>>
>>         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>>             >         at java.lang.reflect.Method.invoke(Method.java:498)
>>             >         at
>>             >
>>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil
>> .java:288)
>>             >         at
>>             >
>>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil
>> .java:285)
>>             >         at
>>         java.security.AccessController.doPrivileged(Native Method)
>>             >         at
>>             javax.security.auth.Subject.do
>>         <http://javax.security.auth.Subject.do>AsPrivileged(Subject.
>> java:549)
>>             >         at
>>             >
>>
>>         org.apache.catalina.security.SecurityUtil.execute(SecurityUt
>> il.java:320)
>>             >         at
>>             >
>>
>>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:175)
>>             >         at
>>             >
>>
>>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secu
>> rityUtil.java:124)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.StandardWrapper.initServlet(Standar
>> dWrapper.java:1270)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.StandardWrapper.loadServlet(Standar
>> dWrapper.java:1195)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.StandardWrapper.load(StandardWrappe
>> r.java:1085)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.StandardContext.loadOnStartup(Stand
>> ardContext.java:5318)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.StandardContext.startInternal(Stand
>> ardContext.java:5610)
>>             >         at
>>             >
>>         org.apache.catalina.util.LifecycleBase.start(LifecycleBase.j
>> ava:147)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.ContainerBase.addChildInternal(Cont
>> ainerBase.java:899)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.ContainerBase.access$000(ContainerB
>> ase.java:133)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:156)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.ContainerBase$PrivilegedAddChild.ru
>> n(ContainerBase.java:145)
>>             >         at
>>         java.security.AccessController.doPrivileged(Native Method)
>>             >         at
>>             >
>>
>>         org.apache.catalina.core.ContainerBase.addChild(ContainerBas
>> e.java:873)
>>             >         at
>>             >
>>         org.apache.catalina.core.StandardHost.addChild(StandardHost.
>> java:652)
>>             >         at
>>             >
>>
>>         org.apache.catalina.startup.HostConfig.deployDescriptor(Host
>> Config.java:679)
>>             >         at
>>             >
>>
>>         org.apache.catalina.startup.HostConfig$DeployDescriptor.run(
>> HostConfig.java:1966)
>>             >         at
>>             >
>>
>>         java.util.concurrent.Executors$RunnableAdapter.call(Executor
>> s.java:511)
>>             >         at
>>         java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>             >         at
>>             >
>>
>>         java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>>             >         at
>>             >
>>
>>         java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>>             >         at java.lang.Thread.run(Thread.java:745)
>>             >
>>             >
>>             > I'm able to get a kerberos ticket using kinit but ldap
>> search
>>             gives this
>>             > error:
>>             >
>>             >  ldapsearch -h id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>
>>             <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>>
>>             > <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>
>>             <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>>> -x -b
>>             > "cn=CAcert,cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com"
>>             > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>             >
>>             > adding the -d1 debugging tag results in:
>>             >
>>             > ldap_create
>>             >
>>         ldap_url_parse_ext(ldap://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>
>>             <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>>
>>             > <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>
>>             <http://id-manaement-1.internal.emerlyn.com
>>         <http://id-manaement-1.internal.emerlyn.com>>>)
>>             > ldap_sasl_bind
>>             > ldap_send_initial_request
>>             > ldap_new_connection 1 1 0
>>             > ldap_int_open_connection
>>             > ldap_connect_to_host: TCP
>>         id-manaement-1.internal.emerlyn.com:389
>>         <http://id-manaement-1.internal.emerlyn.com:389>
>>             <http://id-manaement-1.internal.emerlyn.com:389
>>         <http://id-manaement-1.internal.emerlyn.com:389>>
>>             > <http://id-manaement-1.internal.emerlyn.com:389
>>         <http://id-manaement-1.internal.emerlyn.com:389>
>>             <http://id-manaement-1.internal.emerlyn.com:389
>>         <http://id-manaement-1.internal.emerlyn.com:389>>>
>>             > ldap_connect_to_host: getaddrinfo failed: Name or service
>>         not known
>>             > ldap_err2string
>>             > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>             >
>>             > I'm able to resolve the hostname via nslookup and
>>         /etc/hosts has the
>>             > correct mapping entry.
>>             >
>>             > I'm kind of lost at this point and could use some help.
>>             >
>>             > Thanks in advance.
>>
>>             You have a typo in the hostname you're trying to connect to,
>>         missing the
>>             'g' in management.
>>
>>             I have a vague memory from other reports of this issue that
>>         the problem
>>             may be that the value of the certificate(s) in CS.cfg is
>>         different from
>>             the dogtag NSS database. I'd see if those line up.
>>
>>             rob
>>
>>
>>
>>
>>         --
>>         Jeff
>>
>>
>>
>>     Hi Jeff,
>>
>>     according to the output of getcert list, many certificates expired
>>     just yesterday (auditSigningCert cert-pki-ca, ocspSigningCert
>>     cert-pki-ca, subsystemCert cert-pki-ca, Server-Cert cert-pki-ca in
>>     the PKI NSS DB and ipaCert in /etc/httpd/alias).
>>
>>     You can refer to this page:
>>     https://access.redhat.com/solutions/643753
>>     <https://access.redhat.com/solutions/643753>
>>     to fix the issue.
>>
>>     It is likely that dogtag cannot authenticate to LDAP because its
>>     certificate is expired, and hence refuses to start. IMHO the upgrade
>>     is just an unlucky coincidence (happening the same day as cert
>>     expiration) but not the root cause.
>>
>>     HTH,
>>     Flo.
>>
>>
>>
>>
>> --
>>
>>
>


-- 
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/90986ec8/attachment.htm>

From steve.viola at criticalmedia.com  Fri Jan  6 20:12:07 2017
From: steve.viola at criticalmedia.com (Steve Viola)
Date: Fri, 6 Jan 2017 15:12:07 -0500
Subject: [Freeipa-users] Unable to add new replicas - Total update aborted -
 Replica has a different generation ID than the local data.
Message-ID: <CAJjA3c8gHTesGkZVo=PZTv3kKW1yN9HxQvvvKqJ9o-DnBMo0LQ@mail.gmail.com>

Hello,

I'm running FreeIPA 3 on CentOS 6.8, and have a bit of a bind on my hand.
Replication appeared to break with all replicas, and trying to initialize
new replicas will not proceed. I've taken my cluster apart to the point
where I have one server with no replicas, and attempting to add replicas
fails with the response:

Update failed! Status: [-2 Total update abortedLDAP error: Local error]


The dirsrv logs on the master show the following error repeating:

[06/Jan/2017:16:56:10 +0000] NSMMReplicationPlugin - agmt="cn=
> meToreplica2.example.com" (replica2:389): Replica has a different
> generation ID than the local data.


The errors on the replica I'm trying to setup show this errors:

[06/Jan/2017:16:56:11 +0000] NSMMReplicationPlugin -
> replica_replace_ruv_tombstone: failed to update replication update vector
> for replica dc=example,dc=com: LDAP error - 1


I don't see any other errors in the access or error logs on either the
master or replica, and have tried replicating to several new servers, all
which consistently fail with the same issue.

When running ipa-replica-install in debug mode, the output when things
break looks like this:

ipa.ipaserver.plugins.ldap2.SchemaCache: DEBUG    retrieving schema for
> SchemaCache url=ldaps://master.example.com:636



conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x40d2638>
> Starting replication, please wait until this has completed.
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> Update in progress
> [master.example.com] reports: Update failed! Status: [-2 Total update
> abortedLDAP error: Local error]
> ipa         : INFO       File
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line
> 614, in run_script
>     return_value = main_function()
>   File "/usr/sbin/ipa-replica-install", line 487, in main
>     ds = install_replica_ds(config)
>   File "/usr/sbin/ipa-replica-install", line 150, in install_replica_ds
>     pkcs12_info)
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py",
> line 300, in create_replica
>     self.start_creation(runtime=60)
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
> line 358, in start_creation
>     method()
>   File "/usr/lib/python2.6/site-packages/ipaserver/install/dsinstance.py",
> line 313, in __setup_replica
>     r_bindpw=self.dm_password)
>   File
> "/usr/lib/python2.6/site-packages/ipaserver/install/replication.py", line
> 865, in setup_replication
>     raise RuntimeError("Failed to start replication")
> ipa         : INFO     The ipa-replica-install command failed, exception:
> RuntimeError: Failed to start replication


On the master, when tailing the dirsrv access and error logs, the following
happens:


> [06/Jan/2017:19:13:30 +0000] conn=35465 op=16 SRCH base="cn=meTo
> replica2.example.com,cn=replica,cn=dc\3Dcriticalmention\2Cdc\3Dcom,cn=mapping
> tree,cn=config" scope=0 filter="(objectClass=*)" attrs="cn
> nsds5BeginReplicaRefresh nsds5replicaUpdateInProgress
> nsds5replicaLastInitStatus nsds5replicaLastInitStart
> nsds5replicaLastInitEnd"
> [06/Jan/2017:19:13:30 +0000] conn=35465 op=16 RESULT err=0 tag=101
> nentries=1 etime=0
> [06/Jan/2017:19:13:30 +0000] conn=35021 op=9 UNBIND
> [06/Jan/2017:19:13:30 +0000] conn=35021 op=9 fd=89 closed - U1
> [06/Jan/2017:19:13:31 +0000] conn=35465 op=17 SRCH base="cn=meTo
> replica2.example.com,cn=replica,cn=dc\3Dcriticalmention\2Cdc\3Dcom,cn=mapping
> tree,cn=config" scope=0 filter="(objectClass=*)" attrs="cn
> nsds5BeginReplicaRefresh nsds5replicaUpdateInProgress
> nsds5replicaLastInitStatus nsds5replicaLastInitStart
> nsds5replicaLastInitEnd"
> [06/Jan/2017:19:13:31 +0000] conn=35465 op=17 RESULT err=0 tag=101
> nentries=1 etime=0

==> /var/log/dirsrv/slapd-EXAMPLE-COM/errors <==
> [06/Jan/2017:19:13:37 +0000] NSMMReplicationPlugin - agmt="cn=meTo
> replica2.example.com" (replica2:389): Failed to send extended operation:
> LDAP error -1 (Can't contact LDAP server)
> [06/Jan/2017:19:13:37 +0000] NSMMReplicationPlugin - agmt="cn=meTo
> replica2.example.com" (replica2:389): Received error -1 (Can't contact
> LDAP server):  for total update operation
> [06/Jan/2017:19:13:38 +0000] NSMMReplicationPlugin - agmt="cn=meTo
> replica2.example.com" (replica2:389): Warning: unable to send
> endReplication extended operation (Can't contact LDAP server)
> [06/Jan/2017:19:13:38 +0000] NSMMReplicationPlugin - agmt="cn=meTo
> replica2.example.com" (replica2:389): Replication bind with SIMPLE auth
> resumed

[06/Jan/2017:19:13:38 +0000] NSMMReplicationPlugin - agmt="cn=meTo
> replica2.example.com" (replica2:389): Replica has a different generation
> ID than the local data.


On the replica, in the dirsrv error logs for the same time, the following
happens:

[06/Jan/2017:19:13:26 +0000] - slapd started.  Listening on All Interfaces
> port 389 for LDAP requests
> [06/Jan/2017:19:13:26 +0000] - Listening on All Interfaces port 636 for
> LDAPS requests
> [06/Jan/2017:19:13:26 +0000] - Listening on
> /var/run/slapd-EXAMPLE-COM.socket for LDAPI reque
> sts
> [06/Jan/2017:19:13:27 +0000] NSMMReplicationPlugin - agmt="cn=
> meTomaster.example.com" (master:389): Replica has a different generation
> ID than the local data.
> [06/Jan/2017:19:13:27 +0000] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=example,dc=com is going offline;
> disabling replication
> [06/Jan/2017:19:13:27 +0000] - WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to access the
> database
> [06/Jan/2017:19:13:28 +0000] - ERROR bulk import abandoned



Is there something I'm missing which needs to be changed before starting
the replication install? The information I found online for different
generation ID didn't help me get replication to work, so if there is any
advice that could help me, I'd really appreciate it.

Thanks a lot
-- 
Steven Viola
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/0cd8a781/attachment.htm>

From rcritten at redhat.com  Fri Jan  6 20:23:43 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 15:23:43 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
Message-ID: <586FFCCF.6010200@redhat.com>

Jeff Goddard wrote:
> Flo,
> 
> I'm not able to access the link you posted. I did find this thread
> though
> https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
> <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
> and have set the time back and resubmitted a request. Still no success.
> Any further hints?

You need to stop ntpd, go back in time to when the certs are valid and
restart the certmonger service.

Then use getcert list to monitor things. You really only care about the
CA subsystem certs are this point.

You may need to restart certmonger more than once to get all the certs
updated (you can manually call getcert resubmit -i <id> if you'd prefer).

Once that is done return to present day, restart ntpd then ipactl restart.

rob



From rcritten at redhat.com  Fri Jan  6 20:24:35 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 15:24:35 -0500
Subject: [Freeipa-users] unable to add or remove replica after prepare
 and failed replication
In-Reply-To: <249608026.40160.1483731945229@jersey.jacobdevans.com>
References: <249608026.40160.1483731945229@jersey.jacobdevans.com>
Message-ID: <586FFD03.4090309@redhat.com>

Jake wrote:
> Hey All,
> 
> I need to reinstall the replica ipa03.ipa.example.com after
> ipa-server-install --uninstall, however.
> 
> 
> ipa-replica-install replica-info-ipa03.example.com.gpg
> Directory Manager (existing master) password:
> 
> The host ipa03.example.com already exists on the master server.
> You should remove it before proceeding:
>     % ipa host-del ipa03.example.com
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more information
> 
> So on the master I ran:
> 
> ipa-replica-manage del ipa03.ipa.example.com
> ' ipa01.ipa.example.com' has no replication agreement for '
> ipa03.ipa.example.com'
> 
> ipa host-del ipa03.ipa.example.com
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
> disabled

Try ipa-replica-manage del ipa03.ipa.example.com --force --cleanup

You may still need to delete the host entry but the first command should
mark it as not a master.

rob



From jgoddard at emerlyn.com  Fri Jan  6 20:27:40 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 15:27:40 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <586FFCCF.6010200@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
Message-ID: <CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>

I've done this.
[root at id-management-1 ipa]# date
Sun Jan  1 01:12:27 EST 2017

 getcert list give me this as the first entry:

Request ID '20150116162120':
        status: CA_UNREACHABLE
        ca-error: Server at
https://id-management-1.internal.emerlyn.com/ipa/xml failed request, will
retry: 4001 (RPC failed at server.  ipa: Certificate Authority not found).
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=id-management-1.internal.emerlyn.com,O=
INTERNAL.EMERLYN.COM
        expires: 2017-01-16 16:21:20 UTC
        key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes

Restarting cermonger multiple times doesn't help.

Jeff




On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > Flo,
> >
> > I'm not able to access the link you posted. I did find this thread
> > though
> > https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
> > <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
> > and have set the time back and resubmitted a request. Still no success.
> > Any further hints?
>
> You need to stop ntpd, go back in time to when the certs are valid and
> restart the certmonger service.
>
> Then use getcert list to monitor things. You really only care about the
> CA subsystem certs are this point.
>
> You may need to restart certmonger more than once to get all the certs
> updated (you can manually call getcert resubmit -i <id> if you'd prefer).
>
> Once that is done return to present day, restart ntpd then ipactl restart.
>
> rob
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/8550f68e/attachment.htm>

From rcritten at redhat.com  Fri Jan  6 20:43:28 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 15:43:28 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
Message-ID: <58700170.2020009@redhat.com>

Jeff Goddard wrote:
> I've done this.
> [root at id-management-1 ipa]# date
> Sun Jan  1 01:12:27 EST 2017
> 
>  getcert list give me this as the first entry:
> 
> Request ID '20150116162120':
>         status: CA_UNREACHABLE
>         ca-error: Server at
> https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
> will retry: 4001 (RPC failed at server.  ipa: Certificate Authority not
> found).
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>         certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB'
>         CA: IPA
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=id-management-1.internal.emerlyn.com
> <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         expires: 2017-01-16 16:21:20 UTC
>         key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>         eku: id-kp-serverAuth,id-kp-clientAuth
>         pre-save command:
>         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>         track: yes
>         auto-renew: yes
> 
> Restarting cermonger multiple times doesn't help.

Sorry, I missed a step. When you go back in time you first need to
restart IPA. The CA isn't up.

rob

> 
> Jeff
> 
> 
> 
> 
> On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
> 
>     Jeff Goddard wrote:
>     > Flo,
>     >
>     > I'm not able to access the link you posted. I did find this thread
>     > though
>     >
>     https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
>     >
>     <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
>     <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>>
>     > and have set the time back and resubmitted a request. Still no
>     success.
>     > Any further hints?
> 
>     You need to stop ntpd, go back in time to when the certs are valid and
>     restart the certmonger service.
> 
>     Then use getcert list to monitor things. You really only care about the
>     CA subsystem certs are this point.
> 
>     You may need to restart certmonger more than once to get all the certs
>     updated (you can manually call getcert resubmit -i <id> if you'd
>     prefer).
> 
>     Once that is done return to present day, restart ntpd then ipactl
>     restart.
> 
>     rob
> 
> 
> 
> 
> -- 
> 



From jgoddard at emerlyn.com  Fri Jan  6 20:47:13 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 15:47:13 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <58700170.2020009@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
Message-ID: <CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>

I think my problem is deeper than that. I was following this guide:
http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Renew_CA_Certificate_on_CA_Servers
and executed the commands related to having an external CA - which we do
not have. I now get this message for the CA:

Request ID '20170101055025':
        status: NEED_KEY_GEN_PIN
        stuck: yes
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca'
        CA: dogtag-ipa-ca-renew-agent
        issuer:
        subject:
        expires: unknown
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

Is there any way I can recover?

Jeff

On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > I've done this.
> > [root at id-management-1 ipa]# date
> > Sun Jan  1 01:12:27 EST 2017
> >
> >  getcert list give me this as the first entry:
> >
> > Request ID '20150116162120':
> >         status: CA_UNREACHABLE
> >         ca-error: Server at
> > https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
> > will retry: 4001 (RPC failed at server.  ipa: Certificate Authority not
> > found).
> >         stuck: no
> >         key pair storage:
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> >         certificate:
> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> > Certificate DB'
> >         CA: IPA
> >         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> > <http://INTERNAL.EMERLYN.COM>
> >         subject: CN=id-management-1.internal.emerlyn.com
> > <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
> > <http://INTERNAL.EMERLYN.COM>
> >         expires: 2017-01-16 16:21:20 UTC
> >         key usage:
> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
> >         eku: id-kp-serverAuth,id-kp-clientAuth
> >         pre-save command:
> >         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
> >         track: yes
> >         auto-renew: yes
> >
> > Restarting cermonger multiple times doesn't help.
>
> Sorry, I missed a step. When you go back in time you first need to
> restart IPA. The CA isn't up.
>
> rob
>
> >
> > Jeff
> >
> >
> >
> >
> > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>> wrote:
> >
> >     Jeff Goddard wrote:
> >     > Flo,
> >     >
> >     > I'm not able to access the link you posted. I did find this thread
> >     > though
> >     >
> >     https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>
> >     >
> >     <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >     <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>>
> >     > and have set the time back and resubmitted a request. Still no
> >     success.
> >     > Any further hints?
> >
> >     You need to stop ntpd, go back in time to when the certs are valid
> and
> >     restart the certmonger service.
> >
> >     Then use getcert list to monitor things. You really only care about
> the
> >     CA subsystem certs are this point.
> >
> >     You may need to restart certmonger more than once to get all the
> certs
> >     updated (you can manually call getcert resubmit -i <id> if you'd
> >     prefer).
> >
> >     Once that is done return to present day, restart ntpd then ipactl
> >     restart.
> >
> >     rob
> >
> >
> >
> >
> > --
> >
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/ce0addc4/attachment.htm>

From aheverle at redhat.com  Fri Jan  6 20:56:57 2017
From: aheverle at redhat.com (Alan Heverley)
Date: Fri, 6 Jan 2017 15:56:57 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
Message-ID: <CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>

Looks like you need to get the PIN associated to the cert.

 # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf

Then replace <pin> with the PIN in the command above.

 # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'caSigningCert
cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent

On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard <jgoddard at emerlyn.com> wrote:

> I think my problem is deeper than that. I was following this guide:
> http://www.freeipa.org/page/Howto/CA_Certificate_
> Renewal#Renew_CA_Certificate_on_CA_Servers and executed the commands
> related to having an external CA - which we do not have. I now get this
> message for the CA:
>
> Request ID '20170101055025':
>         status: NEED_KEY_GEN_PIN
>         stuck: yes
>         key pair storage: type=NSSDB,location='/etc/pki/
> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',pin set
>         certificate: type=NSSDB,location='/etc/pki/
> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer:
>         subject:
>         expires: unknown
>         pre-save command:
>         post-save command:
>         track: yes
>         auto-renew: yes
>
> Is there any way I can recover?
>
> Jeff
>
> On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Jeff Goddard wrote:
>> > I've done this.
>> > [root at id-management-1 ipa]# date
>> > Sun Jan  1 01:12:27 EST 2017
>> >
>> >  getcert list give me this as the first entry:
>> >
>> > Request ID '20150116162120':
>> >         status: CA_UNREACHABLE
>> >         ca-error: Server at
>> > https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
>> > will retry: 4001 (RPC failed at server.  ipa: Certificate Authority not
>> > found).
>> >         stuck: no
>> >         key pair storage:
>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>> ',token='NSS
>> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>> >         certificate:
>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>> ',token='NSS
>> > Certificate DB'
>> >         CA: IPA
>> >         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>> > <http://INTERNAL.EMERLYN.COM>
>> >         subject: CN=id-management-1.internal.emerlyn.com
>> > <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>> > <http://INTERNAL.EMERLYN.COM>
>> >         expires: 2017-01-16 16:21:20 UTC
>> >         key usage:
>> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>> >         eku: id-kp-serverAuth,id-kp-clientAuth
>> >         pre-save command:
>> >         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>> >         track: yes
>> >         auto-renew: yes
>> >
>> > Restarting cermonger multiple times doesn't help.
>>
>> Sorry, I missed a step. When you go back in time you first need to
>> restart IPA. The CA isn't up.
>>
>> rob
>>
>> >
>> > Jeff
>> >
>> >
>> >
>> >
>> > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
>> > <mailto:rcritten at redhat.com>> wrote:
>> >
>> >     Jeff Goddard wrote:
>> >     > Flo,
>> >     >
>> >     > I'm not able to access the link you posted. I did find this thread
>> >     > though
>> >     >
>> >     https://www.redhat.com/archives/freeipa-users/2015-June/
>> msg00144.html <https://www.redhat.com/archives/freeipa-users/2015-June/
>> msg00144.html>
>> >     >
>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/
>> msg00144.html
>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/
>> msg00144.html>>
>> >     > and have set the time back and resubmitted a request. Still no
>> >     success.
>> >     > Any further hints?
>> >
>> >     You need to stop ntpd, go back in time to when the certs are valid
>> and
>> >     restart the certmonger service.
>> >
>> >     Then use getcert list to monitor things. You really only care about
>> the
>> >     CA subsystem certs are this point.
>> >
>> >     You may need to restart certmonger more than once to get all the
>> certs
>> >     updated (you can manually call getcert resubmit -i <id> if you'd
>> >     prefer).
>> >
>> >     Once that is done return to present day, restart ntpd then ipactl
>> >     restart.
>> >
>> >     rob
>> >
>> >
>> >
>> >
>> > --
>> >
>>
>>
>
>
> --
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>



-- 
Alan Heverley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/68867d91/attachment.htm>

From jgoddard at emerlyn.com  Fri Jan  6 21:05:35 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 16:05:35 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
Message-ID: <CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>

Alan,

Thank you so VERY much. That resolved the issue for the CA signing
certificate. However I'm still seeing

        ca-error: Server at "
https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileProcess"
replied: 1: Invalid Credential.

On multiple requests which have expiration dates in the past. Is there
something else I need to do?

Jeff

On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com> wrote:

> Looks like you need to get the PIN associated to the cert.
>
>  # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf
>
> Then replace <pin> with the PIN in the command above.
>
>  # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'caSigningCert
> cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
>
> On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard <jgoddard at emerlyn.com> wrote:
>
>> I think my problem is deeper than that. I was following this guide:
>> http://www.freeipa.org/page/Howto/CA_Certificate_Renew
>> al#Renew_CA_Certificate_on_CA_Servers and executed the commands related
>> to having an external CA - which we do not have. I now get this message for
>> the CA:
>>
>> Request ID '20170101055025':
>>         status: NEED_KEY_GEN_PIN
>>         stuck: yes
>>         key pair storage: type=NSSDB,location='/etc/pki/
>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',pin set
>>         certificate: type=NSSDB,location='/etc/pki/
>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer:
>>         subject:
>>         expires: unknown
>>         pre-save command:
>>         post-save command:
>>         track: yes
>>         auto-renew: yes
>>
>> Is there any way I can recover?
>>
>> Jeff
>>
>> On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden <rcritten at redhat.com>
>> wrote:
>>
>>> Jeff Goddard wrote:
>>> > I've done this.
>>> > [root at id-management-1 ipa]# date
>>> > Sun Jan  1 01:12:27 EST 2017
>>> >
>>> >  getcert list give me this as the first entry:
>>> >
>>> > Request ID '20150116162120':
>>> >         status: CA_UNREACHABLE
>>> >         ca-error: Server at
>>> > https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
>>> > will retry: 4001 (RPC failed at server.  ipa: Certificate Authority not
>>> > found).
>>> >         stuck: no
>>> >         key pair storage:
>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>> ',token='NSS
>>> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>> >         certificate:
>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>> ',token='NSS
>>> > Certificate DB'
>>> >         CA: IPA
>>> >         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>> > <http://INTERNAL.EMERLYN.COM>
>>> >         subject: CN=id-management-1.internal.emerlyn.com
>>> > <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>>> > <http://INTERNAL.EMERLYN.COM>
>>> >         expires: 2017-01-16 16:21:20 UTC
>>> >         key usage:
>>> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>> >         eku: id-kp-serverAuth,id-kp-clientAuth
>>> >         pre-save command:
>>> >         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>>> >         track: yes
>>> >         auto-renew: yes
>>> >
>>> > Restarting cermonger multiple times doesn't help.
>>>
>>> Sorry, I missed a step. When you go back in time you first need to
>>> restart IPA. The CA isn't up.
>>>
>>> rob
>>>
>>> >
>>> > Jeff
>>> >
>>> >
>>> >
>>> >
>>> > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
>>> > <mailto:rcritten at redhat.com>> wrote:
>>> >
>>> >     Jeff Goddard wrote:
>>> >     > Flo,
>>> >     >
>>> >     > I'm not able to access the link you posted. I did find this
>>> thread
>>> >     > though
>>> >     >
>>> >     https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>> 00144.html <https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>> 00144.html>
>>> >     >
>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>> g00144.html
>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>> g00144.html>>
>>> >     > and have set the time back and resubmitted a request. Still no
>>> >     success.
>>> >     > Any further hints?
>>> >
>>> >     You need to stop ntpd, go back in time to when the certs are valid
>>> and
>>> >     restart the certmonger service.
>>> >
>>> >     Then use getcert list to monitor things. You really only care
>>> about the
>>> >     CA subsystem certs are this point.
>>> >
>>> >     You may need to restart certmonger more than once to get all the
>>> certs
>>> >     updated (you can manually call getcert resubmit -i <id> if you'd
>>> >     prefer).
>>> >
>>> >     Once that is done return to present day, restart ntpd then ipactl
>>> >     restart.
>>> >
>>> >     rob
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> >
>>>
>>>
>>
>>
>> --
>>
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
> --
> Alan Heverley
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/f3f4961a/attachment.htm>

From sipazzo at yahoo.com  Fri Jan  6 21:03:47 2017
From: sipazzo at yahoo.com (sipazzo)
Date: Fri, 6 Jan 2017 21:03:47 +0000 (UTC)
Subject: [Freeipa-users] Replication has stopped and server errors
In-Reply-To: <c2d12eb6-1199-45bb-8f24-dc6b6347d5c9@redhat.com>
References: <14572427.872232.1483658995510.ref@mail.yahoo.com>
	<14572427.872232.1483658995510@mail.yahoo.com>
	<c2d12eb6-1199-45bb-8f24-dc6b6347d5c9@redhat.com>
Message-ID: <1907030761.1499705.1483736627128@mail.yahoo.com>

I have changed the number of db locks to 40000. After restart, each server reports a lot of these type errors:
DSRetroclPlugin - delete_changerecord: could not delete change record 6038434 

As well as immediately coming up with these errors (even after re-initializing)

06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - changelog program - agmt="cn=meToipa1-dev.example.local" (ipa1-corp:389): CSN 586d8aab000400110000 not found, we aren't as up to date, or we purged
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-corp.example.local" (ipa1-dev:389): Data required to update replica has been purged. The replica must be reinitialized.
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-xo:389): Incremental update failed and requires administrator action
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-dev.example.local" (ipa1-corp:389): Incremental update failed and requires administrator action
06/Jan/2017:12:15:47 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-io:389) - Can't locate CSN 586ffaf5000300100000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
[06/Jan/2017:12:15:49 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-io:389) - Can't locate CSN 586ffaf7000000100000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.

Replication topology is:3 geographic locations each with 2 ipa servers (dr, prod, dev)
ipa1-dev replicates with all servers (ipa2-dev,ipa1-dr, ipa2-dr, ipa1-prod, ipa2-prod)ipa1-dr also replicates with ipa2-dripa1-prod also replicates with ipa2-prod

As a test I deleted one host on each of the servers. I have waited 30 minutes and the results are:ipa1-dev - deletion replicated to all serversipa2-dr - deletion replicated to all servers
ipa1-dr, ipa1-prod, ipa2-dev, ipa2-prod - deletions not replicated



      From: Martin Basti <mbasti at redhat.com>
 To: sipazzo <sipazzo at yahoo.com>; Freeipa-users <freeipa-users at redhat.com> 
 Sent: Friday, January 6, 2017 8:58 AM
 Subject: Re: [Freeipa-users] Replication has stopped and server errors
   
 
  
 On 06.01.2017 00:29, sipazzo wrote:
  
  I have 6 ipa servers in 3 locations running 4.2.0-15.0.1on RHEL 7. Ipa1-dev is the CA Renewal and CRL Master server and where most of our updates  (host enrollment, password changes) end up taking place. ? Servers had been running fine. Over the holidays we started having some replication issues and looking at /var/log/dirsrv/slapd-REALM-COM/errors showed the following: 
  All servers currently have these errors for each replica the respective IPA servers are connected to: NSMMReplicationPlugin - agmt="cn=meToipa2-dr.example.local" (ipa2-dr:389): Incremental update failed and requires administrator action [04/Jan/2017:15:39:48 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-dr:389) - Can't locate CSN 583c8e74000600110000 in the changelog (DB  rc=-30988). If replication stops, the consumer may need to be reinitialized NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Data required to update replica has been purged. The replica must be reinitialized. [04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - agmt="cn=meToipa2-dev.example.local" (ipa2-dev:389): Incremental update failed and requires administrator action ?[04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Incremental update failed and requires administrator action [04/Jan/2017:13:33:27 -0800] agmt="cn=meToipa2-prod.example.local" (ipa2-prod:389) - Can't locate CSN 586d69f0000400120000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. ? And all servers have these types of errors which are worrisome but they go back quite a way
  NSACLPlugin - The ACL target cn=dns,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=dns,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=groups,cn=compat,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=computers,cn=compat,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist NSACLPlugin - The ACL target ou=sudoers,dc=networkfleet,dc=local does not exist  
 ^^^ just INFO messages, you can ignore them
 
 
 
  ? All servers except one have a lot of these DSRetroclPlugin - delete_changerecord: could not delete change record ? Ipa1-dev only has this
  04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa1-prod.example.local-pki-tomcat" (ipa1-prod:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2-dr.example.local-pki-tomcat" (ipa2-dr:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa1-dr.example.local-pki-tomcat" (ipa1-dr:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:53 -0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa2-prod.example.local-pki-tomcat" (ipa2-prod:389): Replication bind with SIMPLE auth resumed ? 3 servers (ipa1-dr ipa2-dr ipa2-prod) have these errors:  [01/Jan/2017:14:43:06 -0800] - libdb: BDB2055 Lock table is out of available lock entries [01/Jan/2017:14:43:06 -0800] - compactdb: failed to compact changelog; db error - 12 Cannot allocate memory  
 
 you probably need https://access.redhat.com/solutions/1241063 to increase number of locks (or in this threadhttps://lists.fedoraproject.org/pipermail/389-users/2011-June/013299.html)
 
 I would first increase the number of locks, and then look if something improved.
 We also don't know how your topology looks like, which servers are connected together.
 
 Martin
 
 
  ? 4 servers (ipa1-dev, ipa2-dev, ipa1-dr and ipa2-dr) have these errors
  [04/Jan/2017:15:37:21 -0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [04/Jan/2017:15:37:24 -0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) ?
  I have tried various combinations or restarting, re-initializing, disconnecting and reconnecting replicas but am down to only two servers replicating with each other currently (ipa1-dev and ipa2-dev). We did have a power outage at the dev location but it does not seem to correspond to when the errors started? Not sure how to recover from this. Any help is appreciated ? ?  
  
 
 
 

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/528de149/attachment.htm>

From freeipa at jacobdevans.com  Fri Jan  6 21:13:29 2017
From: freeipa at jacobdevans.com (Jake)
Date: Fri, 6 Jan 2017 16:13:29 -0500 (EST)
Subject: [Freeipa-users] unable to add or remove replica after prepare
 and failed replication
In-Reply-To: <586FFD03.4090309@redhat.com>
References: <249608026.40160.1483731945229@jersey.jacobdevans.com>
	<586FFD03.4090309@redhat.com>
Message-ID: <404864972.40321.1483737209149@lux.jacobdevans.com>

Worked.

Thank You!

----- Original Message -----
From: "Rob Crittenden" <rcritten at redhat.com>
To: "Jake" <freeipa at jacobdevans.com>, "freeipa-users" <freeipa-users at redhat.com>
Sent: Friday, January 6, 2017 3:24:35 PM
Subject: Re: [Freeipa-users] unable to add or remove replica after prepare and failed replication

Jake wrote:
> Hey All,
> 
> I need to reinstall the replica ipa03.ipa.example.com after
> ipa-server-install --uninstall, however.
> 
> 
> ipa-replica-install replica-info-ipa03.example.com.gpg
> Directory Manager (existing master) password:
> 
> The host ipa03.example.com already exists on the master server.
> You should remove it before proceeding:
>     % ipa host-del ipa03.example.com
> ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> ipa-replica-install command failed. See /var/log/ipareplica-install.log
> for more information
> 
> So on the master I ran:
> 
> ipa-replica-manage del ipa03.ipa.example.com
> ' ipa01.ipa.example.com' has no replication agreement for '
> ipa03.ipa.example.com'
> 
> ipa host-del ipa03.ipa.example.com
> ipa: ERROR: invalid 'hostname': An IPA master host cannot be deleted or
> disabled

Try ipa-replica-manage del ipa03.ipa.example.com --force --cleanup

You may still need to delete the host entry but the first command should
mark it as not a master.

rob



From jgoddard at emerlyn.com  Fri Jan  6 21:26:53 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 16:26:53 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
Message-ID: <CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>

I've followed the instructions related to my error here:
http://www.freeipa.org/page/Troubleshooting#PKI_Issues but I still haven't
found a solution.

Jeff

On Fri, Jan 6, 2017 at 4:05 PM, Jeff Goddard <jgoddard at emerlyn.com> wrote:

> Alan,
>
> Thank you so VERY much. That resolved the issue for the CA signing
> certificate. However I'm still seeing
>
>         ca-error: Server at "https://id-management-1.
> internal.emerlyn.com:8443/ca/agent/ca/profileProcess" replied: 1: Invalid
> Credential.
>
> On multiple requests which have expiration dates in the past. Is there
> something else I need to do?
>
> Jeff
>
> On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com> wrote:
>
>> Looks like you need to get the PIN associated to the cert.
>>
>>  # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf
>>
>> Then replace <pin> with the PIN in the command above.
>>
>>  # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'caSigningCert
>> cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
>>
>> On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard <jgoddard at emerlyn.com>
>> wrote:
>>
>>> I think my problem is deeper than that. I was following this guide:
>>> http://www.freeipa.org/page/Howto/CA_Certificate_Renew
>>> al#Renew_CA_Certificate_on_CA_Servers and executed the commands related
>>> to having an external CA - which we do not have. I now get this message for
>>> the CA:
>>>
>>> Request ID '20170101055025':
>>>         status: NEED_KEY_GEN_PIN
>>>         stuck: yes
>>>         key pair storage: type=NSSDB,location='/etc/pki/
>>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',pin set
>>>         certificate: type=NSSDB,location='/etc/pki/
>>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca'
>>>         CA: dogtag-ipa-ca-renew-agent
>>>         issuer:
>>>         subject:
>>>         expires: unknown
>>>         pre-save command:
>>>         post-save command:
>>>         track: yes
>>>         auto-renew: yes
>>>
>>> Is there any way I can recover?
>>>
>>> Jeff
>>>
>>> On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden <rcritten at redhat.com>
>>> wrote:
>>>
>>>> Jeff Goddard wrote:
>>>> > I've done this.
>>>> > [root at id-management-1 ipa]# date
>>>> > Sun Jan  1 01:12:27 EST 2017
>>>> >
>>>> >  getcert list give me this as the first entry:
>>>> >
>>>> > Request ID '20150116162120':
>>>> >         status: CA_UNREACHABLE
>>>> >         ca-error: Server at
>>>> > https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
>>>> > will retry: 4001 (RPC failed at server.  ipa: Certificate Authority
>>>> not
>>>> > found).
>>>> >         stuck: no
>>>> >         key pair storage:
>>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>>> ',token='NSS
>>>> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>>> >         certificate:
>>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>>> ',token='NSS
>>>> > Certificate DB'
>>>> >         CA: IPA
>>>> >         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>>> > <http://INTERNAL.EMERLYN.COM>
>>>> >         subject: CN=id-management-1.internal.emerlyn.com
>>>> > <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>>>> > <http://INTERNAL.EMERLYN.COM>
>>>> >         expires: 2017-01-16 16:21:20 UTC
>>>> >         key usage:
>>>> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>>> >         eku: id-kp-serverAuth,id-kp-clientAuth
>>>> >         pre-save command:
>>>> >         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>>>> >         track: yes
>>>> >         auto-renew: yes
>>>> >
>>>> > Restarting cermonger multiple times doesn't help.
>>>>
>>>> Sorry, I missed a step. When you go back in time you first need to
>>>> restart IPA. The CA isn't up.
>>>>
>>>> rob
>>>>
>>>> >
>>>> > Jeff
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
>>>> > <mailto:rcritten at redhat.com>> wrote:
>>>> >
>>>> >     Jeff Goddard wrote:
>>>> >     > Flo,
>>>> >     >
>>>> >     > I'm not able to access the link you posted. I did find this
>>>> thread
>>>> >     > though
>>>> >     >
>>>> >     https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>>> 00144.html <https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>>> 00144.html>
>>>> >     >
>>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>>> g00144.html
>>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>>> g00144.html>>
>>>> >     > and have set the time back and resubmitted a request. Still no
>>>> >     success.
>>>> >     > Any further hints?
>>>> >
>>>> >     You need to stop ntpd, go back in time to when the certs are
>>>> valid and
>>>> >     restart the certmonger service.
>>>> >
>>>> >     Then use getcert list to monitor things. You really only care
>>>> about the
>>>> >     CA subsystem certs are this point.
>>>> >
>>>> >     You may need to restart certmonger more than once to get all the
>>>> certs
>>>> >     updated (you can manually call getcert resubmit -i <id> if you'd
>>>> >     prefer).
>>>> >
>>>> >     Once that is done return to present day, restart ntpd then ipactl
>>>> >     restart.
>>>> >
>>>> >     rob
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> >
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>>
>> --
>> Alan Heverley
>>
>
>
>
> --
>
>


-- 
Jeff Goddard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/654961d3/attachment.htm>

From aheverle at redhat.com  Fri Jan  6 21:31:22 2017
From: aheverle at redhat.com (Alan Heverley)
Date: Fri, 6 Jan 2017 16:31:22 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
Message-ID: <CAMzNYRbis9gBKop0gjjtb_D2U-im4Dfnzn8avtEU3C=wMfDKhQ@mail.gmail.com>

First we have to query the NSS database to get the current ipaCert
certificate for the ipara user and store it into a file:
# cd /tmp
# certutil -a -d /etc/httpd/alias/ -n ipaCert -L | sed '/^-.*/d' | tr -d
'\r\n' > ipaCert.cert


Then we need to replace the userCertificate attribute with the content of
ipaCert.cert:

# ldapmodify -h localhost -D "cn=Directory Manager" -W
dn: uid=ipara,ou=people,o=ipaca
changetype: modify
replace: userCertificate
userCertificate:: <please paste here the content of ipaCert.cert>


Next we modify the description attribute of the same entry.

# ldapmodify -h localhost -D "cn=Directory Manager" -W
dn: uid=ipara,ou=people,o=ipaca
changetype: modify
replace: description
description: 2;267976771;CN=Certificate
Authority,O=EXAMPLE.LOCAL;CN=IPA RA,O=EXAMPLE.LOCAL

/var/log/pki/pki-tomcat/ca/system log file shows, that the
authentication of the ipara user failed:

0.http-bio-8443-exec-14 - [13/May/2015:22:04:26 CET] [6] [3] Cannot
authenticate agent with certificate Serial 0xff90043


The long number in the description represents the serial number of the
user certificate in decimal. It can be calculated with the help of bc:

# echo "ibase=16; FF90043"|bc  <--- 0xff90043 is the serial number
from the ca error log.
267976771

The following command verifies that all went well:

# ldapsearch -x -h localhost -b uid=ipara,ou=people,o=ipaca

If everything went ok, please resubmit the certificates and check if the
expiration date of the same has changed to a future date:

# getcert resubmit -d /etc/pki/pki-tomcat/alias -n "auditSigningCert
cert-pki-ca"
# getcert resubmit -d /etc/pki/pki-tomcat/alias -n "ocspSigningCert cert-pki-ca"
# getcert resubmit -d /etc/pki/pki-tomcat/alias -n "subsystemCert cert-pki-ca"



On Fri, Jan 6, 2017 at 4:05 PM, Jeff Goddard <jgoddard at emerlyn.com> wrote:

> Alan,
>
> Thank you so VERY much. That resolved the issue for the CA signing
> certificate. However I'm still seeing
>
>         ca-error: Server at "https://id-management-1.
> internal.emerlyn.com:8443/ca/agent/ca/profileProcess" replied: 1: Invalid
> Credential.
>
> On multiple requests which have expiration dates in the past. Is there
> something else I need to do?
>
> Jeff
>
> On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com> wrote:
>
>> Looks like you need to get the PIN associated to the cert.
>>
>>  # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf
>>
>> Then replace <pin> with the PIN in the command above.
>>
>>  # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'caSigningCert
>> cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
>>
>> On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard <jgoddard at emerlyn.com>
>> wrote:
>>
>>> I think my problem is deeper than that. I was following this guide:
>>> http://www.freeipa.org/page/Howto/CA_Certificate_Renew
>>> al#Renew_CA_Certificate_on_CA_Servers and executed the commands related
>>> to having an external CA - which we do not have. I now get this message for
>>> the CA:
>>>
>>> Request ID '20170101055025':
>>>         status: NEED_KEY_GEN_PIN
>>>         stuck: yes
>>>         key pair storage: type=NSSDB,location='/etc/pki/
>>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',pin set
>>>         certificate: type=NSSDB,location='/etc/pki/
>>> pki-tomcat/alias',nickname='caSigningCert cert-pki-ca'
>>>         CA: dogtag-ipa-ca-renew-agent
>>>         issuer:
>>>         subject:
>>>         expires: unknown
>>>         pre-save command:
>>>         post-save command:
>>>         track: yes
>>>         auto-renew: yes
>>>
>>> Is there any way I can recover?
>>>
>>> Jeff
>>>
>>> On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden <rcritten at redhat.com>
>>> wrote:
>>>
>>>> Jeff Goddard wrote:
>>>> > I've done this.
>>>> > [root at id-management-1 ipa]# date
>>>> > Sun Jan  1 01:12:27 EST 2017
>>>> >
>>>> >  getcert list give me this as the first entry:
>>>> >
>>>> > Request ID '20150116162120':
>>>> >         status: CA_UNREACHABLE
>>>> >         ca-error: Server at
>>>> > https://id-management-1.internal.emerlyn.com/ipa/xml failed request,
>>>> > will retry: 4001 (RPC failed at server.  ipa: Certificate Authority
>>>> not
>>>> > found).
>>>> >         stuck: no
>>>> >         key pair storage:
>>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>>> ',token='NSS
>>>> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>>> >         certificate:
>>>> > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert
>>>> ',token='NSS
>>>> > Certificate DB'
>>>> >         CA: IPA
>>>> >         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
>>>> > <http://INTERNAL.EMERLYN.COM>
>>>> >         subject: CN=id-management-1.internal.emerlyn.com
>>>> > <http://id-management-1.internal.emerlyn.com>,O=INTERNAL.EMERLYN.COM
>>>> > <http://INTERNAL.EMERLYN.COM>
>>>> >         expires: 2017-01-16 16:21:20 UTC
>>>> >         key usage:
>>>> > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>>>> >         eku: id-kp-serverAuth,id-kp-clientAuth
>>>> >         pre-save command:
>>>> >         post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>>>> >         track: yes
>>>> >         auto-renew: yes
>>>> >
>>>> > Restarting cermonger multiple times doesn't help.
>>>>
>>>> Sorry, I missed a step. When you go back in time you first need to
>>>> restart IPA. The CA isn't up.
>>>>
>>>> rob
>>>>
>>>> >
>>>> > Jeff
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden <rcritten at redhat.com
>>>> > <mailto:rcritten at redhat.com>> wrote:
>>>> >
>>>> >     Jeff Goddard wrote:
>>>> >     > Flo,
>>>> >     >
>>>> >     > I'm not able to access the link you posted. I did find this
>>>> thread
>>>> >     > though
>>>> >     >
>>>> >     https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>>> 00144.html <https://www.redhat.com/archives/freeipa-users/2015-June/msg
>>>> 00144.html>
>>>> >     >
>>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>>> g00144.html
>>>> >     <https://www.redhat.com/archives/freeipa-users/2015-June/ms
>>>> g00144.html>>
>>>> >     > and have set the time back and resubmitted a request. Still no
>>>> >     success.
>>>> >     > Any further hints?
>>>> >
>>>> >     You need to stop ntpd, go back in time to when the certs are
>>>> valid and
>>>> >     restart the certmonger service.
>>>> >
>>>> >     Then use getcert list to monitor things. You really only care
>>>> about the
>>>> >     CA subsystem certs are this point.
>>>> >
>>>> >     You may need to restart certmonger more than once to get all the
>>>> certs
>>>> >     updated (you can manually call getcert resubmit -i <id> if you'd
>>>> >     prefer).
>>>> >
>>>> >     Once that is done return to present day, restart ntpd then ipactl
>>>> >     restart.
>>>> >
>>>> >     rob
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> >
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>>
>> --
>> Alan Heverley
>>
>
>
>
> --
>
>


-- 
Alan Heverley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/4d5a11ca/attachment.htm>

From rcritten at redhat.com  Fri Jan  6 21:32:38 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 16:32:38 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
Message-ID: <58700CF6.5000007@redhat.com>

Jeff Goddard wrote:
> I've followed the instructions related to my error here:
> http://www.freeipa.org/page/Troubleshooting#PKI_Issues but I still
> haven't found a solution.

Look at these instructions
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal

Look only at the ipaCert part, particularly the ou=people part and the
description attribute.

rob

> 
> Jeff
> 
> On Fri, Jan 6, 2017 at 4:05 PM, Jeff Goddard <jgoddard at emerlyn.com
> <mailto:jgoddard at emerlyn.com>> wrote:
> 
>     Alan,
> 
>     Thank you so VERY much. That resolved the issue for the CA signing
>     certificate. However I'm still seeing
> 
>             ca-error: Server at
>     "https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileProcess
>     <https://id-management-1.internal.emerlyn.com:8443/ca/agent/ca/profileProcess>"
>     replied: 1: Invalid Credential.
> 
>     On multiple requests which have expiration dates in the past. Is
>     there something else I need to do?
> 
>     Jeff
> 
>     On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com
>     <mailto:aheverle at redhat.com>> wrote:
> 
>         Looks like you need to get the PIN associated to the cert.|
> 
>          # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf |
> 
>         Then replace <pin> with the PIN in the command above.
>          
>          # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n
>         'caSigningCert cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
> 
>         On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard
>         <jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>> wrote:
> 
>             I think my problem is deeper than that. I was following this
>             guide:http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Renew_CA_Certificate_on_CA_Servers
>             <http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Renew_CA_Certificate_on_CA_Servers>
>             and executed the commands related to having an external CA -
>             which we do not have. I now get this message for the CA:
> 
>             Request ID '20170101055025':
>                     status: NEED_KEY_GEN_PIN
>                     stuck: yes
>                     key pair storage:
>             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>             cert-pki-ca',pin set
>                     certificate:
>             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
>             cert-pki-ca'
>                     CA: dogtag-ipa-ca-renew-agent
>                     issuer:
>                     subject:
>                     expires: unknown
>                     pre-save command:
>                     post-save command:
>                     track: yes
>                     auto-renew: yes
> 
>             Is there any way I can recover?
> 
>             Jeff
> 
>             On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden
>             <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
> 
>                 Jeff Goddard wrote:
>                 > I've done this.
>                 > [root at id-management-1 ipa]# date
>                 > Sun Jan  1 01:12:27 EST 2017
>                 >
>                 >  getcert list give me this as the first entry:
>                 >
>                 > Request ID '20150116162120':
>                 >         status: CA_UNREACHABLE
>                 >         ca-error: Server at
>                 > https://id-management-1.internal.emerlyn.com/ipa/xml
>                 <https://id-management-1.internal.emerlyn.com/ipa/xml>
>                 failed request,
>                 > will retry: 4001 (RPC failed at server.  ipa:
>                 Certificate Authority not
>                 > found).
>                 >         stuck: no
>                 >         key pair storage:
>                 >
>                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>                 > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>                 >         certificate:
>                 >
>                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>                 > Certificate DB'
>                 >         CA: IPA
>                 >         issuer: CN=Certificate
>                 Authority,O=INTERNAL.EMERLYN.COM
>                 <http://INTERNAL.EMERLYN.COM>
>                 > <http://INTERNAL.EMERLYN.COM>
>                 >         subject:
>                 CN=id-management-1.internal.emerlyn.com
>                 <http://id-management-1.internal.emerlyn.com>
>                 > <http://id-management-1.internal.emerlyn.com
>                 <http://id-management-1.internal.emerlyn.com>>,O=INTERNAL.EMERLYN.COM
>                 <http://INTERNAL.EMERLYN.COM>
>                 > <http://INTERNAL.EMERLYN.COM>
>                 >         expires: 2017-01-16 16:21:20 UTC
>                 >         key usage:
>                 >
>                 digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>                 >         eku: id-kp-serverAuth,id-kp-clientAuth
>                 >         pre-save command:
>                 >         post-save command:
>                 /usr/lib64/ipa/certmonger/restart_httpd
>                 >         track: yes
>                 >         auto-renew: yes
>                 >
>                 > Restarting cermonger multiple times doesn't help.
> 
>                 Sorry, I missed a step. When you go back in time you
>                 first need to
>                 restart IPA. The CA isn't up.
> 
>                 rob
> 
>                 >
>                 > Jeff
>                 >
>                 >
>                 >
>                 >
>                 > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden
>                 <rcritten at redhat.com <mailto:rcritten at redhat.com>
>                 > <mailto:rcritten at redhat.com
>                 <mailto:rcritten at redhat.com>>> wrote:
>                 >
>                 >     Jeff Goddard wrote:
>                 >     > Flo,
>                 >     >
>                 >     > I'm not able to access the link you posted. I
>                 did find this thread
>                 >     > though
>                 >     >
>                 >   
>                  https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
>                 <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
>                 <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
>                 <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>>
>                 >     >
>                 >   
>                  <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
>                 <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
>                 >   
>                  <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
>                 <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>>>
>                 >     > and have set the time back and resubmitted a
>                 request. Still no
>                 >     success.
>                 >     > Any further hints?
>                 >
>                 >     You need to stop ntpd, go back in time to when the
>                 certs are valid and
>                 >     restart the certmonger service.
>                 >
>                 >     Then use getcert list to monitor things. You
>                 really only care about the
>                 >     CA subsystem certs are this point.
>                 >
>                 >     You may need to restart certmonger more than once
>                 to get all the certs
>                 >     updated (you can manually call getcert resubmit -i
>                 <id> if you'd
>                 >     prefer).
>                 >
>                 >     Once that is done return to present day, restart
>                 ntpd then ipactl
>                 >     restart.
>                 >
>                 >     rob
>                 >
>                 >
>                 >
>                 >
>                 > --
>                 >
> 
> 
> 
> 
>             -- 
> 
> 
> 
>             --
>             Manage your subscription for the Freeipa-users mailing list:
>             https://www.redhat.com/mailman/listinfo/freeipa-users
>             <https://www.redhat.com/mailman/listinfo/freeipa-users>
>             Go to http://freeipa.org for more info on the project
> 
> 
> 
> 
>         -- 
>         Alan Heverley
> 
> 
> 
> 
>     -- 
> 
> 
> 
> 
> -- 
> Jeff Goddard
> 
> 



From jgoddard at emerlyn.com  Fri Jan  6 22:02:04 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 17:02:04 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <58700CF6.5000007@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
	<58700CF6.5000007@redhat.com>
Message-ID: <CA+No-6FRuJcqJ0V0PvzcGz3M2cTKmCN2YzrA4NUGZzcT+e4Xrw@mail.gmail.com>

Rob,

I'm missing something in either the syntax of execution. I'm getting this
error:

ldap_modify: Invalid DN syntax (34)
        additional info: invalid dn

Just as a reminder the version of ipa I'm on is 4.4.

Jeff

On Fri, Jan 6, 2017 at 4:32 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > I've followed the instructions related to my error here:
> > http://www.freeipa.org/page/Troubleshooting#PKI_Issues but I still
> > haven't found a solution.
>
> Look at these instructions
> http://www.freeipa.org/page/IPA_2x_Certificate_Renewal
>
> Look only at the ipaCert part, particularly the ou=people part and the
> description attribute.
>
> rob
>
> >
> > Jeff
> >
> > On Fri, Jan 6, 2017 at 4:05 PM, Jeff Goddard <jgoddard at emerlyn.com
> > <mailto:jgoddard at emerlyn.com>> wrote:
> >
> >     Alan,
> >
> >     Thank you so VERY much. That resolved the issue for the CA signing
> >     certificate. However I'm still seeing
> >
> >             ca-error: Server at
> >     "https://id-management-1.internal.emerlyn.com:8443/ca/
> agent/ca/profileProcess
> >     <https://id-management-1.internal.emerlyn.com:8443/ca/
> agent/ca/profileProcess>"
> >     replied: 1: Invalid Credential.
> >
> >     On multiple requests which have expiration dates in the past. Is
> >     there something else I need to do?
> >
> >     Jeff
> >
> >     On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com
> >     <mailto:aheverle at redhat.com>> wrote:
> >
> >         Looks like you need to get the PIN associated to the cert.|
> >
> >          # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf |
> >
> >         Then replace <pin> with the PIN in the command above.
> >
> >          # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n
> >         'caSigningCert cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
> >
> >         On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard
> >         <jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>> wrote:
> >
> >             I think my problem is deeper than that. I was following this
> >             guide:http://www.freeipa.org/page/Howto/CA_Certificate_
> Renewal#Renew_CA_Certificate_on_CA_Servers
> >             <http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#
> Renew_CA_Certificate_on_CA_Servers>
> >             and executed the commands related to having an external CA -
> >             which we do not have. I now get this message for the CA:
> >
> >             Request ID '20170101055025':
> >                     status: NEED_KEY_GEN_PIN
> >                     stuck: yes
> >                     key pair storage:
> >             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='
> caSigningCert
> >             cert-pki-ca',pin set
> >                     certificate:
> >             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='
> caSigningCert
> >             cert-pki-ca'
> >                     CA: dogtag-ipa-ca-renew-agent
> >                     issuer:
> >                     subject:
> >                     expires: unknown
> >                     pre-save command:
> >                     post-save command:
> >                     track: yes
> >                     auto-renew: yes
> >
> >             Is there any way I can recover?
> >
> >             Jeff
> >
> >             On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden
> >             <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
> >
> >                 Jeff Goddard wrote:
> >                 > I've done this.
> >                 > [root at id-management-1 ipa]# date
> >                 > Sun Jan  1 01:12:27 EST 2017
> >                 >
> >                 >  getcert list give me this as the first entry:
> >                 >
> >                 > Request ID '20150116162120':
> >                 >         status: CA_UNREACHABLE
> >                 >         ca-error: Server at
> >                 > https://id-management-1.internal.emerlyn.com/ipa/xml
> >                 <https://id-management-1.internal.emerlyn.com/ipa/xml>
> >                 failed request,
> >                 > will retry: 4001 (RPC failed at server.  ipa:
> >                 Certificate Authority not
> >                 > found).
> >                 >         stuck: no
> >                 >         key pair storage:
> >                 >
> >                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-
> Cert',token='NSS
> >                 > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> >                 >         certificate:
> >                 >
> >                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-
> Cert',token='NSS
> >                 > Certificate DB'
> >                 >         CA: IPA
> >                 >         issuer: CN=Certificate
> >                 Authority,O=INTERNAL.EMERLYN.COM
> >                 <http://INTERNAL.EMERLYN.COM>
> >                 > <http://INTERNAL.EMERLYN.COM>
> >                 >         subject:
> >                 CN=id-management-1.internal.emerlyn.com
> >                 <http://id-management-1.internal.emerlyn.com>
> >                 > <http://id-management-1.internal.emerlyn.com
> >                 <http://id-management-1.internal.emerlyn.com>>,O=INTER
> NAL.EMERLYN.COM
> >                 <http://INTERNAL.EMERLYN.COM>
> >                 > <http://INTERNAL.EMERLYN.COM>
> >                 >         expires: 2017-01-16 16:21:20 UTC
> >                 >         key usage:
> >                 >
> >                 digitalSignature,nonRepudiation,keyEncipherment,
> dataEncipherment
> >                 >         eku: id-kp-serverAuth,id-kp-clientAuth
> >                 >         pre-save command:
> >                 >         post-save command:
> >                 /usr/lib64/ipa/certmonger/restart_httpd
> >                 >         track: yes
> >                 >         auto-renew: yes
> >                 >
> >                 > Restarting cermonger multiple times doesn't help.
> >
> >                 Sorry, I missed a step. When you go back in time you
> >                 first need to
> >                 restart IPA. The CA isn't up.
> >
> >                 rob
> >
> >                 >
> >                 > Jeff
> >                 >
> >                 >
> >                 >
> >                 >
> >                 > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden
> >                 <rcritten at redhat.com <mailto:rcritten at redhat.com>
> >                 > <mailto:rcritten at redhat.com
> >                 <mailto:rcritten at redhat.com>>> wrote:
> >                 >
> >                 >     Jeff Goddard wrote:
> >                 >     > Flo,
> >                 >     >
> >                 >     > I'm not able to access the link you posted. I
> >                 did find this thread
> >                 >     > though
> >                 >     >
> >                 >
> >                  https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>>
> >                 >     >
> >                 >
> >                  <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>
> >                 >
> >                  <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>>>
> >                 >     > and have set the time back and resubmitted a
> >                 request. Still no
> >                 >     success.
> >                 >     > Any further hints?
> >                 >
> >                 >     You need to stop ntpd, go back in time to when the
> >                 certs are valid and
> >                 >     restart the certmonger service.
> >                 >
> >                 >     Then use getcert list to monitor things. You
> >                 really only care about the
> >                 >     CA subsystem certs are this point.
> >                 >
> >                 >     You may need to restart certmonger more than once
> >                 to get all the certs
> >                 >     updated (you can manually call getcert resubmit -i
> >                 <id> if you'd
> >                 >     prefer).
> >                 >
> >                 >     Once that is done return to present day, restart
> >                 ntpd then ipactl
> >                 >     restart.
> >                 >
> >                 >     rob
> >                 >
> >                 >
> >                 >
> >                 >
> >                 > --
> >                 >
> >
> >
> >
> >
> >             --
> >
> >
> >
> >             --
> >             Manage your subscription for the Freeipa-users mailing list:
> >             https://www.redhat.com/mailman/listinfo/freeipa-users
> >             <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >             Go to http://freeipa.org for more info on the project
> >
> >
> >
> >
> >         --
> >         Alan Heverley
> >
> >
> >
> >
> >     --
> >
> >
> >
> >
> > --
> > Jeff Goddard
> >
> >
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/0ddd51d4/attachment.htm>

From jgoddard at emerlyn.com  Fri Jan  6 22:32:55 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 17:32:55 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <58700CF6.5000007@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
	<58700CF6.5000007@redhat.com>
Message-ID: <CA+No-6FXN6e8uJ3zVHywFLEB+_5L8mgubpfu19Nq=SynsbX6SA@mail.gmail.com>

Rob,

I'm getting this error: certutil -M -n "auditSigningCert cert-pki-ca" -d
/var/lib/pki-ca/alias -t u,u,Pu
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.

Jeff


On Fri, Jan 6, 2017 at 4:32 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > I've followed the instructions related to my error here:
> > http://www.freeipa.org/page/Troubleshooting#PKI_Issues but I still
> > haven't found a solution.
>
> Look at these instructions
> http://www.freeipa.org/page/IPA_2x_Certificate_Renewal
>
> Look only at the ipaCert part, particularly the ou=people part and the
> description attribute.
>
> rob
>
> >
> > Jeff
> >
> > On Fri, Jan 6, 2017 at 4:05 PM, Jeff Goddard <jgoddard at emerlyn.com
> > <mailto:jgoddard at emerlyn.com>> wrote:
> >
> >     Alan,
> >
> >     Thank you so VERY much. That resolved the issue for the CA signing
> >     certificate. However I'm still seeing
> >
> >             ca-error: Server at
> >     "https://id-management-1.internal.emerlyn.com:8443/ca/
> agent/ca/profileProcess
> >     <https://id-management-1.internal.emerlyn.com:8443/ca/
> agent/ca/profileProcess>"
> >     replied: 1: Invalid Credential.
> >
> >     On multiple requests which have expiration dates in the past. Is
> >     there something else I need to do?
> >
> >     Jeff
> >
> >     On Fri, Jan 6, 2017 at 3:56 PM, Alan Heverley <aheverle at redhat.com
> >     <mailto:aheverle at redhat.com>> wrote:
> >
> >         Looks like you need to get the PIN associated to the cert.|
> >
> >          # grep 'internal=' /var/lib/pki/pki-tomcat/conf/password.conf |
> >
> >         Then replace <pin> with the PIN in the command above.
> >
> >          # getcert start-tracking -d /etc/pki/pki-tomcat/alias -n
> >         'caSigningCert cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent
> >
> >         On Fri, Jan 6, 2017 at 3:47 PM, Jeff Goddard
> >         <jgoddard at emerlyn.com <mailto:jgoddard at emerlyn.com>> wrote:
> >
> >             I think my problem is deeper than that. I was following this
> >             guide:http://www.freeipa.org/page/Howto/CA_Certificate_
> Renewal#Renew_CA_Certificate_on_CA_Servers
> >             <http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#
> Renew_CA_Certificate_on_CA_Servers>
> >             and executed the commands related to having an external CA -
> >             which we do not have. I now get this message for the CA:
> >
> >             Request ID '20170101055025':
> >                     status: NEED_KEY_GEN_PIN
> >                     stuck: yes
> >                     key pair storage:
> >             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='
> caSigningCert
> >             cert-pki-ca',pin set
> >                     certificate:
> >             type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='
> caSigningCert
> >             cert-pki-ca'
> >                     CA: dogtag-ipa-ca-renew-agent
> >                     issuer:
> >                     subject:
> >                     expires: unknown
> >                     pre-save command:
> >                     post-save command:
> >                     track: yes
> >                     auto-renew: yes
> >
> >             Is there any way I can recover?
> >
> >             Jeff
> >
> >             On Fri, Jan 6, 2017 at 3:43 PM, Rob Crittenden
> >             <rcritten at redhat.com <mailto:rcritten at redhat.com>> wrote:
> >
> >                 Jeff Goddard wrote:
> >                 > I've done this.
> >                 > [root at id-management-1 ipa]# date
> >                 > Sun Jan  1 01:12:27 EST 2017
> >                 >
> >                 >  getcert list give me this as the first entry:
> >                 >
> >                 > Request ID '20150116162120':
> >                 >         status: CA_UNREACHABLE
> >                 >         ca-error: Server at
> >                 > https://id-management-1.internal.emerlyn.com/ipa/xml
> >                 <https://id-management-1.internal.emerlyn.com/ipa/xml>
> >                 failed request,
> >                 > will retry: 4001 (RPC failed at server.  ipa:
> >                 Certificate Authority not
> >                 > found).
> >                 >         stuck: no
> >                 >         key pair storage:
> >                 >
> >                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-
> Cert',token='NSS
> >                 > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> >                 >         certificate:
> >                 >
> >                 type=NSSDB,location='/etc/httpd/alias',nickname='Server-
> Cert',token='NSS
> >                 > Certificate DB'
> >                 >         CA: IPA
> >                 >         issuer: CN=Certificate
> >                 Authority,O=INTERNAL.EMERLYN.COM
> >                 <http://INTERNAL.EMERLYN.COM>
> >                 > <http://INTERNAL.EMERLYN.COM>
> >                 >         subject:
> >                 CN=id-management-1.internal.emerlyn.com
> >                 <http://id-management-1.internal.emerlyn.com>
> >                 > <http://id-management-1.internal.emerlyn.com
> >                 <http://id-management-1.internal.emerlyn.com>>,O=INTER
> NAL.EMERLYN.COM
> >                 <http://INTERNAL.EMERLYN.COM>
> >                 > <http://INTERNAL.EMERLYN.COM>
> >                 >         expires: 2017-01-16 16:21:20 UTC
> >                 >         key usage:
> >                 >
> >                 digitalSignature,nonRepudiation,keyEncipherment,
> dataEncipherment
> >                 >         eku: id-kp-serverAuth,id-kp-clientAuth
> >                 >         pre-save command:
> >                 >         post-save command:
> >                 /usr/lib64/ipa/certmonger/restart_httpd
> >                 >         track: yes
> >                 >         auto-renew: yes
> >                 >
> >                 > Restarting cermonger multiple times doesn't help.
> >
> >                 Sorry, I missed a step. When you go back in time you
> >                 first need to
> >                 restart IPA. The CA isn't up.
> >
> >                 rob
> >
> >                 >
> >                 > Jeff
> >                 >
> >                 >
> >                 >
> >                 >
> >                 > On Fri, Jan 6, 2017 at 3:23 PM, Rob Crittenden
> >                 <rcritten at redhat.com <mailto:rcritten at redhat.com>
> >                 > <mailto:rcritten at redhat.com
> >                 <mailto:rcritten at redhat.com>>> wrote:
> >                 >
> >                 >     Jeff Goddard wrote:
> >                 >     > Flo,
> >                 >     >
> >                 >     > I'm not able to access the link you posted. I
> >                 did find this thread
> >                 >     > though
> >                 >     >
> >                 >
> >                  https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>>
> >                 >     >
> >                 >
> >                  <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>
> >                 >
> >                  <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html
> >                 <https://www.redhat.com/archives/freeipa-users/2015-
> June/msg00144.html>>>
> >                 >     > and have set the time back and resubmitted a
> >                 request. Still no
> >                 >     success.
> >                 >     > Any further hints?
> >                 >
> >                 >     You need to stop ntpd, go back in time to when the
> >                 certs are valid and
> >                 >     restart the certmonger service.
> >                 >
> >                 >     Then use getcert list to monitor things. You
> >                 really only care about the
> >                 >     CA subsystem certs are this point.
> >                 >
> >                 >     You may need to restart certmonger more than once
> >                 to get all the certs
> >                 >     updated (you can manually call getcert resubmit -i
> >                 <id> if you'd
> >                 >     prefer).
> >                 >
> >                 >     Once that is done return to present day, restart
> >                 ntpd then ipactl
> >                 >     restart.
> >                 >
> >                 >     rob
> >                 >
> >                 >
> >                 >
> >                 >
> >                 > --
> >                 >
> >
> >
> >
> >
> >             --
> >
> >
> >
> >             --
> >             Manage your subscription for the Freeipa-users mailing list:
> >             https://www.redhat.com/mailman/listinfo/freeipa-users
> >             <https://www.redhat.com/mailman/listinfo/freeipa-users>
> >             Go to http://freeipa.org for more info on the project
> >
> >
> >
> >
> >         --
> >         Alan Heverley
> >
> >
> >
> >
> >     --
> >
> >
> >
> >
> > --
> > Jeff Goddard
> >
> >
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/20136a28/attachment.htm>

From rcritten at redhat.com  Fri Jan  6 22:43:11 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 17:43:11 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6FRuJcqJ0V0PvzcGz3M2cTKmCN2YzrA4NUGZzcT+e4Xrw@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
	<58700CF6.5000007@redhat.com>
	<CA+No-6FRuJcqJ0V0PvzcGz3M2cTKmCN2YzrA4NUGZzcT+e4Xrw@mail.gmail.com>
Message-ID: <58701D7F.5080100@redhat.com>

Jeff Goddard wrote:
> Rob,
> 
> I'm missing something in either the syntax of execution. I'm getting
> this error:
> 
> ldap_modify: Invalid DN syntax (34)
>         additional info: invalid dn
> 
> Just as a reminder the version of ipa I'm on is 4.4.

I'd need to see the ldif you're trying to apply.

rob



From rcritten at redhat.com  Fri Jan  6 22:44:41 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 6 Jan 2017 17:44:41 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <CA+No-6FXN6e8uJ3zVHywFLEB+_5L8mgubpfu19Nq=SynsbX6SA@mail.gmail.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
	<58700CF6.5000007@redhat.com>
	<CA+No-6FXN6e8uJ3zVHywFLEB+_5L8mgubpfu19Nq=SynsbX6SA@mail.gmail.com>
Message-ID: <58701DD9.7060305@redhat.com>

Jeff Goddard wrote:
> Rob,
> 
> I'm getting this error: certutil -M -n "auditSigningCert cert-pki-ca" -d
> /var/lib/pki-ca/alias -t u,u,Pu
> certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
> certificate/key database is in an old, unsupported format.

The database is in /var/lib/pki/pki-tomcat/alias

I'd start by checking current trust.

Be very wary about documents related to old versions of IPA and proceed
cautiously and understand the changes you may make before applying them.

rob



From jgoddard at emerlyn.com  Fri Jan  6 22:50:40 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Fri, 6 Jan 2017 17:50:40 -0500
Subject: [Freeipa-users] pki-tomcatd fails to start
In-Reply-To: <58701DD9.7060305@redhat.com>
References: <CA+No-6Gk47L857zTJg-EqMKaGQ4XC+K_CjjpZ=vrXstha1_JhQ@mail.gmail.com>
	<586FB569.1090101@redhat.com>
	<CA+No-6GU506PO4_sCLxzv0Z3nrQJht=+tkac_YLW-2ipGK=YVw@mail.gmail.com>
	<7eae0a0a-6def-43bd-2079-66e6087e9e6c@redhat.com>
	<CA+No-6HMZzFdJNWROFGoUeDEtAG5a_gR-xs5KFRN_ONfFxRO3w@mail.gmail.com>
	<027087a3-3919-ef6e-0cf2-9d050b70b151@redhat.com>
	<CA+No-6HzJLeo9L-+TsX2uf2o6RaBYKhP_x0qAU3yLV_Rb-CddQ@mail.gmail.com>
	<586FFCCF.6010200@redhat.com>
	<CA+No-6E4akBfu9V4CQowPehumzF+ggLGxzLZkOOoTqkWGPe74g@mail.gmail.com>
	<58700170.2020009@redhat.com>
	<CA+No-6FZH0W-f8nu2mjHkco6uz0NfqXu87M_HHXpvZQrBAbVJQ@mail.gmail.com>
	<CAMzNYRbRO5seuTc_S2tJfc+dk35CVs1Vn=2DOCm6yhnJoYEHZA@mail.gmail.com>
	<CA+No-6H-S2TFDfpqan1=0YMbPMP5AYX3bAvtWT6y5xeGPPTONQ@mail.gmail.com>
	<CA+No-6FDZKOAY4EXsaKQXFr9jVWWfkM0fvJXKDCczD8HCKpLDA@mail.gmail.com>
	<58700CF6.5000007@redhat.com>
	<CA+No-6FXN6e8uJ3zVHywFLEB+_5L8mgubpfu19Nq=SynsbX6SA@mail.gmail.com>
	<58701DD9.7060305@redhat.com>
Message-ID: <CA+No-6FtU3zvcxAzkyBxtVkyYNa-PuZMwVMTKy0Q=j5t3aM28A@mail.gmail.com>

I have to confess I'm in over my head already. Another shot in the foot
isn't going to help. Is there good documentation for solving the problem on
the version I'm using?

Jeff

On Fri, Jan 6, 2017 at 5:44 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
> > Rob,
> >
> > I'm getting this error: certutil -M -n "auditSigningCert cert-pki-ca" -d
> > /var/lib/pki-ca/alias -t u,u,Pu
> > certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The
> > certificate/key database is in an old, unsupported format.
>
> The database is in /var/lib/pki/pki-tomcat/alias
>
> I'd start by checking current trust.
>
> Be very wary about documents related to old versions of IPA and proceed
> cautiously and understand the changes you may make before applying them.
>
> rob
>



--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170106/e484eaf4/attachment.htm>

From luchen26 at hotmail.com  Sat Jan  7 02:14:45 2017
From: luchen26 at hotmail.com (Chen Lufan)
Date: Sat, 7 Jan 2017 02:14:45 +0000
Subject: [Freeipa-users] Getting error "Permission denied (publickey,
 gssapi-with-mic, password)"  when running below ssh command
Message-ID: <CY4PR18MB0920273F50F0B786B4BAC4B0D2620@CY4PR18MB0920.namprd18.prod.outlook.com>

Dear Team,

I am new to freeIPA and GSS authentication so maybe someone can shed a light on where the issue is when I perform below ssh?  Your help will be greatly appreciated!


host2$  ssh -F /home/user/config   user at host1.example.com


I got below error in audit.log in host1  :

type=CRYPTO_SESSION msg=audit(1483753488.905:727): user pid=17872 uid=0 auid=6974 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 rport=36989 laddr=67.217.92.20 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=10.22.6.70, terminal=? res=success)'
type=USER_ERR msg=audit(1483753489.839:728): user pid=17872 uid=0 auid=6974 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=10.22.6.70, addr=10.22.6.70, terminal=ssh res=failed)'


where

host2$ more /home/user/config
Host *
    Protocol 2

    # Options for Protocol 1 only
    #RSAAuthentication no
    #RhostsRSAAuthentication no

    HostbasedAuthentication no
    PubKeyAuthentication no
    PasswordAuthentication no

    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes

    PreferredAuthentications gssapi-with-mic

    StrictHostKeyChecking no
    CheckHostIP no

    LogLevel FATAL

    UserKnownHostsFile /uhome/installer/.ssh/known_hosts
    IdentityFile /uhome/installer/.ssh/id_rsa


AND on host1:

# grep -v "^#" /etc/ssh/sshd_config |grep -v "^$"
Protocol 2
SyslogFacility AUTHPRIV
LogLevel INFO
PermitRootLogin no
PubkeyAuthentication yes
HostbasedAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
UsePAM yes
AllowTcpForwarding no
X11Forwarding no
PrintMotd no
UseDNS no
Banner /etc/issue.net
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Ciphers aes128-ctr,aes192-ctr,aes256-ctr

host1# more krb5.conf

[libdefaults]
  default_realm = EXAMPLE.COM
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  forwardable = yes

[realms]
  EXAMPLE.COM = {
    kdc = auth1.iad.example.com.
    kdc = auth2.iad.example.com.
    admin_server = auth1.iad.example.com.

    default_domain = example.com
    pkinit_anchors = FILE:/etc/ipa/ca.crt

    auth_to_local = RULE:[2:$1;$2](.*;root)s/;root$//
    auth_to_local = RULE:[2:$1;$2](.*;admin)s/;admin$//
    auth_to_local = RULE:[1:$1@$0](.*@AD.CORP.EXAMPLE.COM)s/@.*$//
    auth_to_local = DEFAULT
}

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

[appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  }


Thanks,

Lufan



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170107/6b9232dc/attachment.htm>

From Adam.Bishop at jisc.ac.uk  Sat Jan  7 05:19:42 2017
From: Adam.Bishop at jisc.ac.uk (Adam Bishop)
Date: Sat, 7 Jan 2017 05:19:42 +0000
Subject: [Freeipa-users] DirSrv hanging
Message-ID: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>

I have a standalone FreeIPA instance that is becoming unresponsive every few hours. While in this state it will accept connections, but will not do anything with them (i.e. if you connect an ldaps client to 636, you see SYN->SYNACK->ACK->ClientHello, but a ServerHello is not returned). This system is running FreeIPA 4.4.0 currently, but this also occurred on 4.2.x. Time is synchronised correctly and this is a fairly new installation so all the PKI expiry dates are well into the future.

It handles queries without complaint, right up until the point it doesn't.

Inspecting the process with strace shows it waiting on a socket:

    getpeername(7, 0x7ffeb749af70, [112])   = -1 ENOTCONN (Transport endpoint is not connected)
    poll([{fd=50, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, 
    {fd=66, events=POLLIN}, {fd=80, events=POLLIN}, {fd=79, events=POLLIN}, {fd=78, events=POLLIN}, 
    {fd=77, events=POLLIN}, {fd=76, events=POLLIN}, {fd=75, events=POLLIN}, {fd=73, events=POLLIN}, 
    {fd=71, events=POLLIN}, {fd=70, events=POLLIN}, {fd=68, events=POLLIN}], 15, 250) = 0 (Timeout)

fd 7 is a constant:

    ls -l /proc/2428/fd
    lrwx------. 1 root root 64 Jan  6 17:16 7 -> socket:[18972]

I'm not sure if I'm understanding the meaning of the fd entry correctly, but I believe this is the entry:

    [root at ldap-001 log]# lsof -p 2428 | grep 18972
    ns-slapd 2428 dirsrv    7u  IPv6              18972      0t0      TCP *:ldaps (LISTEN)

A backtrace from GDB follows at the end of this message -  it shows the address struct, which just contains the source address of the last connection to port 636 before DirSrv hangs.

The server is configured to use the FreeIPA dns service as its own resolver. The DNS service is definitely still running, and resolves the query fine when executed with dig.

There is nothing in the DirSrv logs that indicates an issue. The KDC logs indicate a problem, but I i don't know if DirSrv is hanging because of the KDC, or if the KDC is just reflecting that DirSrv is unresponsive.

    Jan 06 21:53:29 ldap-001.domain krb5kdc[2702](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 193.63.63.108: LOOKING_UP_CLIENT: host/ldap-001.domain at DOMAIN for krbtgt/DOMAIN at DOMAIN, Server error
    Jan 06 21:53:29 ldap-001.domain krb5kdc[2702](info): closing down fd 12

sssd reports an issue too, but that is almost certainly due to an unresponsive DirSrv:

    (Sat Jan  7 03:16:08 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]

I'm not really sure what to check next - all the individual components seem to be working, but not together.

Any suggestions are appreciated.

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

---

[root at ldap-001 log]# gdb -p 2428
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 2428
0x00007fc80bf4fdfd in poll () at ../sysdeps/unix/syscall-template.S:81
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
Missing separate debuginfos, use: debuginfo-install ipa-server-4.4.0-14.el7.centos.1.1.x86_64
(gdb) break getpeername
Breakpoint 1 at 0x7fc80bf5b4b0: file ../sysdeps/unix/syscall-template.S, line 81.
(gdb) cont
Continuing.

Breakpoint 1, getpeername () at ../sysdeps/unix/syscall-template.S:81
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
(gdb) bt full
#0  getpeername () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x00007fc80c888389 in pt_GetPeerName (fd=0x7fc810d92010, addr=0x7ffeb749af70) at ../../../nspr/pr/src/pthreads/ptio.c:2795
        rv = -1
        addr_len = 112
#2  0x00007fc80d3fec23 in ssl_Poll (fd=0x7fc810b69260, how_flags=<optimized out>, p_out_flags=0x7ffeb749b06c) at sslsock.c:2639
        ss = 0x7fc810d94f30
        new_flags = 1
        addr = {raw = {family = 0, data = '\000' <repeats 13 times>}, inet = {family = 0, port = 0, ip = 0, pad = "\000\000\000\000\000\000\000"}, ipv6 = {family = 0, port = 0, flowinfo = 0,
            ip = {_S6_un = {_S6_u8 = '\000' <repeats 15 times>, _S6_u16 = {0, 0, 0, 0, 0, 0, 0, 0}, _S6_u32 = {0, 0, 0, 0}, _S6_u64 = {0, 0}}}, scope_id = 0}, local = {family = 0,
            path = '\000' <repeats 30 times>, "\061\071\063.63.63.108\000\000\000`\327!\f\310\177\000\000\017\000\000\000\000\000\000\000p\260I\267\376\177\000\000\000\000\000\000\000\000\000\000\372", '\000' <repeats 15 times>, "\372\000\000\000\000\000\000\000\215", <incomplete sequence \343>}}
#3  0x00007fc80c887a45 in _pr_poll_with_poll (pds=0x7fc811256b40, npds=15, timeout=timeout at entry=250) at ../../../nspr/pr/src/pthreads/ptio.c:3812
        in_flags_read = 0
        in_flags_write = 0
        out_flags_read = 0
        out_flags_write = 0
        stack_syspoll = {{fd = 50, events = 1, revents = 0}, {fd = 6, events = 1, revents = 0}, {fd = 7, events = 1, revents = 0}, {fd = 8, events = 1, revents = 0}, {fd = 66, events = 1,
            revents = 0}, {fd = 80, events = 1, revents = 0}, {fd = 79, events = 1, revents = 0}, {fd = 78, events = 1, revents = 0}, {fd = 77, events = 1, revents = 0}, {fd = 76, events = 1,
            revents = 0}, {fd = 75, events = 1, revents = 0}, {fd = 73, events = 1, revents = 0}, {fd = 71, events = 1, revents = 0}, {fd = 70, events = 1, revents = 0}, {fd = 68, events = 1,
            revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 1219907217, events = -32767, revents = -1}, {fd = 2, events = 32766, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0,
            events = 0, revents = 0}, {fd = 48, events = 91, revents = 0}, {fd = -1219907216, events = 32766, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {
            fd = 110, events = 119, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = -1219907217, events = 32766, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = -1219907201,
            events = 32766, revents = 0}, {fd = 203544416, events = 32712, revents = 0}, {fd = 124, events = 0, revents = 0}, {fd = 2560, events = 0, revents = 0}, {fd = 1219907089,
            events = -32767, revents = -1}, {fd = 3, events = 32712, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 48, events = 91, revents = 0}, {
            fd = -1219907088, events = 32766, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 110, events = 119, revents = 0}, {fd = 0, events = 0,
            revents = 0}, {fd = -1219907089, events = 32766, revents = 0}, {fd = 210264088, events = 32712, revents = 0}, {fd = 1, events = 0, revents = 0}, {fd = 287047696, events = 32712,
            revents = 0}, {fd = -1, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0,
            revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 287320512, events = 32712, revents = 0}, {fd = 210265391,
            events = 32712, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 281542400, events = 32712, revents = 0}, {fd = 287320512, events = 32712, revents = 0}, {fd = -133551240,
            events = 32711, revents = 0}, {fd = 0, events = 0, revents = 0}, {fd = 246979857, events = 32712, revents = 0}, {fd = 5, events = 15, revents = 0}, {fd = -1219906728, events = 32766,
            revents = 0}}
        syspoll = 0x7ffeb749b070
        index = 2
        msecs = <optimized out>
        ready = 0
        start = <optimized out>
        elapsed = <optimized out>
        remaining = <optimized out>
#4  0x00007fc80c88a655 in PR_Poll (pds=<optimized out>, npds=<optimized out>, timeout=timeout at entry=250) at ../../../nspr/pr/src/pthreads/ptio.c:4324
No locals.
#5  0x00007fc80eb8d789 in slapd_daemon (ports=ports at entry=0x7ffeb749b630) at ldap/servers/slapd/daemon.c:1242
        select_return = 0
        prerr = <optimized out>
        n_tcps = 0x7fc810b6db30
        s_tcps = 0x7fc810b6da30
        i_unix = 0x7fc810b6da10
        fdesp = 0x0
        num_poll = 15
        pr_timeout = 250
        time_thread_p = 0x7fc8111ff350
        threads = <optimized out>
        in_referral_mode = 0
        tp = 0x0
        tp_config = {init_flag = 1219906497, initial_threads = -32767, max_threads = 9, stacksize = 0, event_queue_size = 2, work_queue_size = 0, log_fct = 0x0,
          log_start_fct = 0xffff800148b64ba1, log_close_fct = 0x7ffe0000000a, malloc_fct = 0x2, calloc_fct = 0x0, realloc_fct = 0x5b00000032, free_fct = 0x7ffeb749b460}
#6  0x00007fc80eb7f253 in main (argc=5, argv=0x7ffeb749bc68) at ldap/servers/slapd/main.c:1143
        return_value = 0
        slapdFrontendConfig = <optimized out>
        ports_info = {n_port = 389, s_port = 636, n_listenaddr = 0x7fc810b6dc40, s_listenaddr = 0x7fc810b6dba0, n_socket = 0x7fc810b6db30, i_listenaddr = 0x7fc810b6db50, i_port = 1,
          i_socket = 0x7fc810b6da10, s_socket = 0x7fc810b6da30}
        m = <optimized out>
        notify = <optimized out>

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  




From lslebodn at redhat.com  Sat Jan  7 15:34:00 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Sat, 7 Jan 2017 16:34:00 +0100
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <1302294420.1935936.1483722924050@mail.yahoo.com>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<1302294420.1935936.1483722924050@mail.yahoo.com>
Message-ID: <20170107153359.GA29848@10.4.128.1>

On (06/01/17 17:15), James Harrison wrote:
>Any ideas?
>      From: James Harrison <jamesaharrisonuk at yahoo.co.uk>
> To: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
> Sent: Thursday, 5 January 2017, 13:36
> Subject: FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
>   
>Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>I get 1 rule returned, which I expect.
>Many thanks,James Harrison
>
>
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [x_james.harrison] from [domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*))(&(dataExpireTimestamp<=1483618197)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]
>
Yes, 1 rule was returned for user x_james.harrison.
Can you see something in output of "sudo -l"


>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1082600012] pid[5470].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected!
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_unix(sudo:auth): authentication failure; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost=? user=x_james.harrison
>
I do not understand a reason why there is a failure in auth.log;
because there isn't sssd_pam.log @see above.

>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [x_james.harrison] not found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [domain.com][0x3][BE_REQ_INITGROUPS][1][name=x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [x_james.harrison] added to PAM initgroup cache
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x410090:3:x_james.harrison at domain.com]
>
>==> syslog <==
>Jan? 5 12:10:17 pul-lp-sql-00 kernel: [ 1272.582518] audit: type=1400 audit(1483618217.180:43): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/1082600012" pid=5570 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authentication was succesfull for sudo service.

>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 84
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_sss(sudo:auth): authentication success; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost= user=x_james.harrison
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User [x_james.harrison] found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authorisation was successful for sudo


>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 35
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: x_james.harrison : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/x_james.harrison ; USER=root ; COMMAND=/bin/bash
>
auth.log says something different the sssd_pam.log

I suspect some problem with sudo itself.
https://www.redhat.com/archives/freeipa-users/2016-August/msg00489.html

And here is importnatn message from the mail:
>unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16 contains
> a new option called netgroup_tuple, which tells whether a full netgroup
> tuply is check or only the host/user part in host/user check. However,
> the patch didn't make the sssd plugin to obey this option and it always
> check both hostname and username.
>
>It is fixed in 1.8.17 by this patch:
>https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
>
Please, report bug against Ubuntu sudo to backport this patch or rebase sudo.

Workaround mught be to install newer package from debian 1.8.19-1
https://packages.debian.org/stretch/sudo

LS



From bentech4you at gmail.com  Sun Jan  8 04:03:53 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Sun, 8 Jan 2017 07:03:53 +0300
Subject: [Freeipa-users] ipa replica installation help
Message-ID: <CA+C_GOV7xzcmoLJMRNhHEKF4SeQCeay8EHKMgTgguLOCjKENwQ@mail.gmail.com>

HI List,

how can i solve this? is this a bug ,normal behavior or any missing
configuration from my end,

Till now i didn't get ant clue on this.

Regards
Ben

On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale <ftweedal at redhat.com> wrote:

> On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote:
> > HI
> >
> > there is no filrewall running on both servers,
> >
> > [root at zkwipamstr01 ~]# systemctl status firewalld
> > ? firewalld.service - firewalld - dynamic firewall daemon
> >    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
> > vendor preset: enabled)
> >    Active: inactive (dead)
> >      Docs: man:firewalld(1)
> >
> > [root at zkwipamstr01 ~]# sestatus
> > SELinux status:                 disabled
> >
> OK, very well.  And actually, forget about my idea about connecting
> to port 8009 from client - that is not what happens at all.  It is
> the end of day for me and my brain checked out :/
>
> I shall continue analysis of your problem tomorrow.
>
> Thanks,
> Fraser
>
> >
> > On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
> >
> > > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
> > > > HI,
> > > >
> > > > on master server and replica server, i have enabled ipv6
> > > >
> > > > below on master server
> > > >
> > > > [root at zkwipamstr01 ~]# ip addr | grep inet6
> > > >
> > > >     inet6 fe80::250:56ff:fea0:3857/64 scope link
> > > >
> > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > > > tcp6       0      0 ::1:8009                :::*
> > > LISTEN
> > > >      12692/java
> > > >
> > > >
> > > > after that 8009 is listening on master server.
> > > >
> > > > on replica side uninstalled ipa and tried to enrolled again. Do i
> need to
> > > > enable any service replica side?
> > > >
> > > > [28/44]: restarting directory server
> > > > ipa         : CRITICAL Failed to restart the directory server
> (Command
> > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
> non-zero
> > > > exit status 1). See the installation log for details.
> > > >   [29/44]: setting up initial replication
> > > >   [error] error: [Errno 111] Connection refused
> > > > Your system may be partly configured.
> > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > >
> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
> 111]
> > > > Connection refused
> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
> > > > ipa-replica-install command failed. See /var/log/ipareplica-install.
> log
> > > for
> > > > more information
> > > > [root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > > Job for pki-tomcatd at pki-tomcat.service failed because the control
> > > process
> > > > exited with error code. See "systemctl status
> > > pki-tomcatd at pki-tomcat.service"
> > > > and "journalctl -xe" for details.
> > > >
> > > > Still same error.
> > > >
> > > > is this service restart pki-tomcatd at pki-tomcat only applicable on
> master
> > > > server?
> > > >
> > > Yes, because no CA has been created on replica (yet).
> > >
> > > Can you confirm that your firewall (if any/enabled) on master is
> > > letting the traffic from client/replica through to :8009?
> > > Executing: ``nc -v $MASTER_IP 8009`` from the client machine
> > > suffices to check.
> > >
> > > Thanks,
> > > Fraser
> > >
> > > > Regards,
> > > > Ben
> > > >
> > > >
> > > > On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com>
> > > wrote:
> > > >
> > > > > On 01/05/2017 07:10 AM, Ben .T.George wrote:
> > > > > > HI
> > > > > >
> > > > > > yes i did the same and still port is not listening.
> > > > > >
> > > > > > [root at zkwipamstr01 ~]# cat /etc/hosts
> > > > > > 127.0.0.1   localhost localhost.localdomain localhost4
> > > > > localhost4.localdomain4
> > > > > > ::1         localhost localhost.localdomain localhost6
> > > > > localhost6.localdomain6
> > > > > > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > > > > example.com>
> > > > > >     zkwipamstr01
> > > > > > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw.
> > > > > example.com>
> > > > > >     zkwiparepa01
> > > > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
> > > > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
> > > > > >
> > > > > >
> > > > > > Regards
> > > > > > Ben
> > > > >
> > > > > Also IPv6 stack needs to be enabled.
> > > > >
> > > > > >
> > > > > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <
> ftweedal at redhat.com
> > > > > > <mailto:ftweedal at redhat.com>> wrote:
> > > > > >
> > > > > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George
> wrote:
> > > > > >     > HI
> > > > > >     >
> > > > > >     > port 8009 is not listening in master server
> > > > > >     >
> > > > > >     > and i added ::1         localhost localhost.localdomain
> > > localhost6
> > > > > >     > localhost6.localdomain6 in hosts file.
> > > > > >     >
> > > > > >
> > > > > >     Did you add this to the host file on the master (then
> `systemctl
> > > > > >     restart pki-tomcatd at pki-tomcat` and confirm it is listening
> on
> > > port
> > > > > >     8009)?  Or just the client you are trying to promote?
> > > > > >
> > > > > >     It is needed on the master.  Won't hurt to make this change
> to
> > > > > >     /etc/hosts on both machines, though.
> > > > > >
> > > > > >     HTH,
> > > > > >     Fraser
> > > > > >
> > > > > >      > still getting same error
> > > > > >      >
> > > > > >      >  [28/44]: restarting directory server
> > > > > >      > ipa         : CRITICAL Failed to restart the directory
> server
> > > > > (Command
> > > > > >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
> > > returned
> > > > > non-zero
> > > > > >      > exit status 1). See the installation log for details.
> > > > > >      >   [29/44]: setting up initial replication
> > > > > >      >   [error] error: [Errno 111] Connection refused
> > > > > >      > Your system may be partly configured.
> > > > > >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > > > > >      >
> > > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
> > > [Errno
> > > > > 111]
> > > > > >      > Connection refused
> > > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
>   The
> > > > > >      > ipa-replica-install command failed. See
> > > > > /var/log/ipareplica-install.log for
> > > > > >      > more information
> > > > > >      >
> > > > > >      >
> > > > > >      > Also  ipv6 is disabled on both nodes
> > > > > >      >
> > > > > >      > Regards,
> > > > > >      > Ben
> > > > > >      >
> > > > > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
> > > > > pvoborni at redhat.com
> > > > > >     <mailto:pvoborni at redhat.com>> wrote:
> > > > > >      >
> > > > > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
> > > > > >      > > > HI
> > > > > >      > > >
> > > > > >      > > > i tried the method mentioned on that document and it
> end
> > > up
> > > > > with below
> > > > > >      > > error. My
> > > > > >      > > > DNS is managed by external box and i dont want to
> create
> > > any
> > > > > DNS record
> > > > > >      > > on these
> > > > > >      > > > servers.
> > > > > >      > > >
> > > > > >      > > > and the command which i tried is(non client server)
> > > > > >      > > >
> > > > > >      > > > ipa-replica-install --principal admin --admin-password
> > > > > P at ssw0rd --domain
> > > > > >      > > > kw.example.com <http://kw.example.com> <
> > > http://kw.example.com>
> > > > > --server
> > > > > >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
> > > example.com
> > > > > >
> > > > > >      > > > <http://zkwipamstr01.kw.example.com <
> > > http://zkwipamstr01.kw.
> > > > > example.com>>
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > > ipa         : CRITICAL Failed to restart the directory
> > > server
> > > > > (Command
> > > > > >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service
> '
> > > > > returned
> > > > > >      > > non-zero exit
> > > > > >      > > > status 1). See the installation log for details.
> > > > > >      > > >    [29/44]: setting up initial replication
> > > > > >      > > >    [error] error: [Errno 111] Connection refused
> > > > > >      > > > Your system may be partly configured.
> > > > > >      > > > Run /usr/sbin/ipa-server-install --uninstall to clean
> up.
> > > > > >      > > >
> > > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica):
> ERROR
> > > > > [Errno 111]
> > > > > >      > > Connection
> > > > > >      > > > refused
> > > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica):
> ERROR
> > >   The
> > > > > >      > > > ipa-replica-install command failed. See
> > > > > /var/log/ipareplica-install.log
> > > > > >      > > for more
> > > > > >      > > > information
> > > > > >      > >
> > > > > >      > > This looks like bug https://fedorahosted.org/
> > > > > freeipa/ticket/6575
> > > > > >     <https://fedorahosted.org/freeipa/ticket/6575>
> > > > > >      > >
> > > > > >      > > To verify that, could you check if master server
> internally
> > > > > listens on
> > > > > >      > > port 8009 or if ipareplica-install.log contains
> > > CA_UNREACHABLE
> > > > > string
> > > > > >      > > near  step 27.
> > > > > >      > >
> > > > > >      > > Usual fix is to add following line to /etc/hosts
> > > > > >      > >   ::1         localhost localhost.localdomain localhost6
> > > > > >      > > localhost6.localdomain6
> > > > > >      > >
> > > > > >      > >
> > > > > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
> > > > > >      > > dirsrv at KW-EXAMPLE-COM.service
> > > > > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed because
> the
> > > > > control
> > > > > >      > > process exited
> > > > > >      > > > with error code. See "systemctl status
> > > > > dirsrv at KW-EXAMPLE-COM.service"
> > > > > >      > > and
> > > > > >      > > > "journalctl -xe" for details.
> > > > > >      > > >
> > > > > >      > > > [root at zkwiparepa01 ~]# systemctl status
> > > > > dirsrv at KW-EXAMPLE-COM.service
> > > > > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory
> Server
> > > > > KW-EXAMPLE-COM.
> > > > > >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv@
> > > .service;
> > > > > enabled;
> > > > > >      > > vendor
> > > > > >      > > > preset: disabled)
> > > > > >      > > >     Active: failed (Result: exit-code) since Wed
> > > 2017-01-04
> > > > > 12:54:46
> > > > > >      > > AST; 13s ago
> > > > > >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
> > > > > /etc/dirsrv/slapd-%i -i
> > > > > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited,
> > > status=1/FAILURE)
> > > > > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
> > > > > systemd_ask_password_acl
> > > > > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited,
> > > status=0/SUCCESS)
> > > > > >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
> > > > > >      > > >
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891
> +0300]
> > > > > Error:
> > > > > >      > > > betxnpostoperation plu...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752
> +0300]
> > > > > Error: object
> > > > > >      > > plugin
> > > > > >      > > > Roles Pl...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340
> +0300]
> > > > > Error:
> > > > > >      > > preoperation
> > > > > >      > > > plugin su...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432
> +0300]
> > > > > Error: object
> > > > > >      > > plugin USN
> > > > > >      > > > is n...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209
> +0300]
> > > > > Error: object
> > > > > >      > > plugin
> > > > > >      > > > Views is...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981
> +0300]
> > > > > Error:
> > > > > >      > > extendedop plugin
> > > > > >      > > > whoa...arted
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main
> process
> > > > > exited,
> > > > > >      > > code=exited,
> > > > > >      > > > status=1/FAILURE
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > systemd[1]: Failed to start 389 Directory Server
> > > > > KW-EXAMPLE-COM..
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service
> entered
> > > > > failed state.
> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
> > > > > >     <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw
> .
> > > > > >      > > example.com <http://example.com>>
> > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
> > > > > >      > > > Hint: Some lines were ellipsized, use -l to show in
> full.
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > > Regards,
> > > > > >      > > > Ben
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
> > > > > mbabinsk at redhat.com
> > > > > >     <mailto:mbabinsk at redhat.com>
> > > > > >      > > > <mailto:mbabinsk at redhat.com <mailto:
> mbabinsk at redhat.com
> > > >>>
> > > > > wrote:
> > > > > >      > > >
> > > > > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
> > > > > >      > > >
> > > > > >      > > >         HI
> > > > > >      > > >
> > > > > >      > > >         while trying to create ipa replica, i am
> getting
> > > > > below error,
> > > > > >      > > >
> > > > > >      > > >         Replica creation using 'ipa-replica-prepare'
> to
> > > > > generate replica
> > > > > >      > > file
> > > > > >      > > >         is supported only in 0-level IPA domain.
> > > > > >      > > >
> > > > > >      > > >         The current IPA domain level is 1 and thus the
> > > > > replica must
> > > > > >      > > >         be created by promoting an existing IPA
> client.
> > > > > >      > > >
> > > > > >      > > >         To set up a replica use the following
> procedure:
> > > > > >      > > >              1.) set up a client on the host using
> > > > > 'ipa-client-install'
> > > > > >      > > >              2.) promote the client to replica running
> > > > > >      > > 'ipa-replica-install'
> > > > > >      > > >                  *without* replica file specified
> > > > > >      > > >
> > > > > >      > > >         'ipa-replica-prepare' is allowed only in
> domain
> > > level
> > > > > 0
> > > > > >      > > >         The ipa-replica-prepare command failed.
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >         i have IPA master server without AD
> integration
> > > and
> > > > > DNS is
> > > > > >      > > managed by
> > > > > >      > > >         3rd party appliances.
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >         Regards,
> > > > > >      > > >         Ben
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >     Hi Ben,
> > > > > >      > > >
> > > > > >      > > >     If you installed IPA 4.4 server then domain level
> 1 is
> > > > > the default.
> > > > > >      > > This
> > > > > >      > > >     domain level uses different mechanism to stand up
> > > > > replicas. See the
> > > > > >      > > latest
> > > > > >      > > >     IdM documentation[1] for more details.
> > > > > >      > > >
> > > > > >      > > >     [1]
> > > > > >      > > > https://access.redhat.com/
> documentation/en-US/Red_Hat_
> > > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > > > Authentication_and_Policy_
> > > > > >      > > Guide/creating-the-replica.html
> > > > > >      > > >     <https://access.redhat.com/
> > > documentation/en-US/Red_Hat_
> > > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
> > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
> > > > > Authentication_and_Policy_
> > > > > >      > > Guide/creating-the-replica.html>
> > > > > >      > > >
> > > > > >      > > >     --
> > > > > >      > > >     Martin^3 Babinsky
> > > > > >      > > >
> > > > > >      > > >     --
> > > > > >      > > >     Manage your subscription for the Freeipa-users
> mailing
> > > > > list:
> > > > > >      > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > > > >      > > >     <https://www.redhat.com/
> > > mailman/listinfo/freeipa-users
> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
> > > > > >      > > >     Go to http://freeipa.org for more info on the
> project
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > > >
> > > > > >      > >
> > > > > >      > >
> > > > > >      > > --
> > > > > >      > > Petr Vobornik
> > > > > >      > >
> > > > > >
> > > > > >      > --
> > > > > >      > Manage your subscription for the Freeipa-users mailing
> list:
> > > > > >      > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
> > > > > >      > Go to http://freeipa.org for more info on the project
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Petr Vobornik
> > > > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170108/a82bcb19/attachment.htm>

From tk at mdevsys.com  Sun Jan  8 05:22:14 2017
From: tk at mdevsys.com (TomK)
Date: Sun, 8 Jan 2017 00:22:14 -0500
Subject: [Freeipa-users] [sssd[pam]] [pam_reply] (0x0200): pam_reply called
 with result [6]: Permission denied.
Message-ID: <de131f81-7e9c-10d0-4477-5bcbfaa8170d@mdevsys.com>

Hey All,

Wanted to tap your experience a bit.  Do you recall under which 
conditions this error can be triggered under?

(Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [6 (Permission denied)][mds.xyz]
(Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [6]: Permission denied.

Pass is OK (tested) and UNIX Login for AD users works on the servers but 
not the clients.

-- 
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.



From tk at mdevsys.com  Sun Jan  8 22:13:10 2017
From: tk at mdevsys.com (TomK)
Date: Sun, 8 Jan 2017 17:13:10 -0500
Subject: [Freeipa-users] [sssd[pam]] [pam_reply] (0x0200): pam_reply
 called with result [6]: Permission denied.
In-Reply-To: <de131f81-7e9c-10d0-4477-5bcbfaa8170d@mdevsys.com>
References: <de131f81-7e9c-10d0-4477-5bcbfaa8170d@mdevsys.com>
Message-ID: <07f4b77a-8ede-5f7a-6373-537329072edd@mdevsys.com>

On 1/8/2017 12:22 AM, TomK wrote:
> Hey All,
>
> Wanted to tap your experience a bit.  Do you recall under which
> conditions this error can be triggered under?
>
> (Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> received: [6 (Permission denied)][mds.xyz]
> (Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> called with result [6]: Permission denied.
>
> Pass is OK (tested) and UNIX Login for AD users works on the servers but
> not the clients.
>
Resolved.  It was multiple domains being listed in sssd.conf that caused 
this.

-- 
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.



From abokovoy at redhat.com  Mon Jan  9 05:48:11 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 9 Jan 2017 07:48:11 +0200
Subject: [Freeipa-users] Effect of reversing trust relationship
In-Reply-To: <CAE9rU+5c=9v_5ytQ-Jn0i3V35MqQ8QdFgsZjpTFsub1VbV=T3g@mail.gmail.com>
References: <CAE9rU+5c=9v_5ytQ-Jn0i3V35MqQ8QdFgsZjpTFsub1VbV=T3g@mail.gmail.com>
Message-ID: <20170109054811.q3lbe6fsoxosttbl@redhat.com>

On to, 05 tammi 2017, William Muriithi wrote:
>Hello,
>
>Curious, two weeks ago, we established a two way trust between AD and
>FreeIPA. This has been working fine till yesterday when AD started
>having DNS issues.  I am 99% certain trust had nothing to do with DNS
>issue, but want to reverse the trust and see if we could fair better
>
>My question is, if I run "ipa trustdomain-del", what does it do behind the back?
>
>- Will there be a change in the AD systems or just remove association
>on IPA side without reversing changes on the AD side?
It does remove the trust object associated with the child domain in
question on IPA side and removes SID of that domain from the SID
blacklist of the trust. Nothing changes on the AD side.

>- Whats the implication on the IPA client?  Any possibility of an outage?
IPA clients will stop seeing AD users from the child domain, eventually,
once SSSD refreshes its cache on IPA master that client is connected to.

>- Whats the difference of "ipa trustdomain-del" and restoring from
>"ipa-backup" and what would be more recommended if one has both
>options?
I'm not sure if ipa-backup actually backs up Samba databases, it is
probably not doing that. When you restored a master with ipa-backup,
you'd probably better to re-run ipa-adtrust-install on the master to
repair Samba configuration.

This would not change the fact that if you applied 'ipa trustdomain-del'
prior to taking a backup, information about that child domain will not
be restored. You'd need to run 'ipa trust-fetch-domains' to actually
refresh the list of child domains from the trust.

Also, you need to make sure that whatever backup version was restored,
it should have the same trust object password on both IPA and AD sides.
If trust was re-established since the time the backup was taken, it is a
sure way to get everything broken.

-- 
/ Alexander Bokovoy



From matrix.zj at qq.com  Mon Jan  9 07:29:54 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Mon, 9 Jan 2017 15:29:54 +0800
Subject: [Freeipa-users] ipa_server and ipa_backup_server failover time
Message-ID: <tencent_229B76D9413A6F1E5B528044@qq.com>

Hi, all


The purpose of this email is to know more about timeout ipa server failover. 


Env: 
# rpm -qa | grep sssd
sssd-krb5-common-1.13.0-40.el7_2.12.x86_64
python-sssdconfig-1.13.0-40.el7_2.12.noarch
sssd-ipa-1.13.0-40.el7_2.12.x86_64
sssd-client-1.13.0-40.el7_2.12.x86_64
sssd-ad-1.13.0-40.el7_2.12.x86_64
sssd-proxy-1.13.0-40.el7_2.12.x86_64
sssd-common-pac-1.13.0-40.el7_2.12.x86_64
sssd-ldap-1.13.0-40.el7_2.12.x86_64
sssd-krb5-1.13.0-40.el7_2.12.x86_64
sssd-common-1.13.0-40.el7_2.12.x86_64
sssd-1.13.0-40.el7_2.12.x86_64



base config:
# cat /etc/sssd/sssd.conf
[domain/example.com]


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = spare01.example.com
chpass_provider = ipa

debug_level = 4
ldap_tls_cacert = /etc/ipa/ca.crt
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2


domains = example.com



Situation A: both Server A and Server B have been configured in 'ipa_server'
ipa_server = ipa01.example.com, ipa02.example.com


Once ipa01 ipa service failed, id lookup/auth will be failed over to ipa02 around 15mins later. It should be controlled by 'ldap_connection_expire_timeout', with default value 900 seconds. I have proved it with changing it to 300 seconds. 


But if ipa01 was brought back, id lookup/auth will not be back to ipa01. Is it expected ? 


Situation B: Server A has been configured as 'ipa_server', and Server B configured as 'ipa_backup_server'
ipa_server = ipa01.example.com
ipa_backup_server = ipa02.example.com



Once ipa01 ipa service failed, id lookup/auth will be failed over ipa02 some minutes later. I have tried 2 times, failover time is around 10min ~ 15min.


Is it possible to control it more accurate? how to? any parameters I can try? 


Best Regards


Matrix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/021f0f08/attachment.htm>

From rakesh.rajasekharan at gmail.com  Mon Jan  9 07:37:06 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 9 Jan 2017 13:07:06 +0530
Subject: [Freeipa-users] Kerberos Clock Skew too great
Message-ID: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>

Hi,

I am using a Freeipa 4.2.0 server.

I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And
when this happens, usually logins or new ipa-cleint-install fails.

When I checked on one of the hosts for which the clock skew was reported,

#> ntpq -p
    remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
*ip-10-10-1-150.e 171.66.97.126    2 u  869 1024  377    0.448    0.047
0.142


Does the above o/p looks fine interms of the ntp sync

Whats the max sync time difference thats allowed for a client.

Thanks
Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/6e016017/attachment.htm>

From rajat.linux at gmail.com  Mon Jan  9 07:53:21 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Mon, 9 Jan 2017 08:53:21 +0100
Subject: [Freeipa-users] Failed to connect,
	going offline (5 [Input/output error])
In-Reply-To: <CAA=996EA9uvg=cJ14AFWTk3SgLiZShbGO3Bh+ZCH-iHSJDJ_Tg@mail.gmail.com>
References: <CAA=996GVFf6LaxgSpWPOGVnkRUMPEZJyW1p=DVp1PzxkRkf=1A@mail.gmail.com>
	<CAA=996EA9uvg=cJ14AFWTk3SgLiZShbGO3Bh+ZCH-iHSJDJ_Tg@mail.gmail.com>
Message-ID: <CAA=996EFxqUFJ6ECS=kjdKqY0FtBvv-b0Q-mXQaT2uQkopFSYA@mail.gmail.com>

Hi,

Do you need any other information ?

On Fri, Jan 6, 2017 at 12:51 PM, rajat gupta <rajat.linux at gmail.com> wrote:

> sssd.conf from the ilt-gif-ipa02
>
> [root at ilt-gif-ipa02 ~]# cat /etc/sssd/sssd.conf
> [domain/ipa.preprod.local]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = ipa.preprod.local
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> chpass_provider = ipa
> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> ldap_tls_cacert = /etc/ipa/ca.crt
> debug_level = 9
>
>
> [sssd]
> default_domain_suffix = corp.corpcommon.com
> services = nss, sudo, pam, ssh
> debug_level = 9
>
>
> domains = ipa.preprod.local
> [nss]
> override_homedir = /home/%u
> debug_level = 9
>
>
>
> [pam]
> debug_level = 9
>
>
> [sudo]
>
> [autofs]
>
> [ssh]
> debug_level = 9
>
>
> [pac]
>
> [ifp]
>
>
> On Fri, Jan 6, 2017 at 11:31 AM, rajat gupta <rajat.linux at gmail.com>
> wrote:
>
>> Hi,
>>
>> only few user are able to login. ipa ad-trust setup.
>>
>> ==========================
>> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
>> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
>> POSSIBLE BREAK-IN ATTEMPT!
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
>> 146.213.128.135
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request:
>> invalid user et33015 [preauth]
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
>> the underlying authentication module for illegal user et33015 from x.x.x.x
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed
>> keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270
>> ssh2
>> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
>> [preauth]
>> ============================
>>
>> ====================
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_server_status] (0x1000): Status of server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_port_status] (0x1000): Port status of port 0 for server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
>> Input/output error
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
>> [Input/output error])
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Going offline!
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Initialize check_if_online_ptask.
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was
>> created
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
>> task 72 seconds from now [1483696200]
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>>
>> i am able to getent and  kinit for all of the AD user. but most of the
>> user are not able to login via ssh /ad-password
>>
>> getent passwd  et33015
>> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
>>
>> and
>>
>> kinit et33015 at CORP.CORPCOMMON.COM
>>
>>
>>
>> --
>>
>> *Rajat Gupta*
>>
>
>
>
> --
>
> *Rajat Gupta *
>



-- 

*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/b9c023a9/attachment.htm>

From jhrozek at redhat.com  Mon Jan  9 07:56:51 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 9 Jan 2017 08:56:51 +0100
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
	<20170106143353.jzwnccdag5ej6zzu@hendrix>
	<7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>
Message-ID: <20170109075651.lxrdpuejhxdbbxrv@hendrix>

On Fri, Jan 06, 2017 at 11:48:07AM -0500, Andy Brittingham wrote:
> Sorry for the delay, was doing some troubleshooting.
> 
> Here is what I know now:
> 
> The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu
> 14.04).
> 
> SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.
> 
> Users in the admin group can't log into these hosts.
> 
> I created a newadmins group and assigned a new user to it. When I add the
> "User Administrator" role the new user can't log into the hosts with older
> sssd.
> 
> As soon as I delete the "User Administrator" role, new user has access
> again.

So is it a role membership or a group membership that makes the
difference?

> 
> I've pasted the last bit of logs from a sssd_domain log below. I'd be happy
> to forward the entire log, or additional logs if they will be helpful.

The log only captures a user lookup, not a login, sorry..

(This might be expected if you log in e.g. with an SSH key, in which
case journald should be the first thing to look at at least to poinpoint
which piece denied access..)



From jhrozek at redhat.com  Mon Jan  9 08:11:01 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 9 Jan 2017 09:11:01 +0100
Subject: [Freeipa-users] ipa_server and ipa_backup_server failover time
In-Reply-To: <tencent_229B76D9413A6F1E5B528044@qq.com>
References: <tencent_229B76D9413A6F1E5B528044@qq.com>
Message-ID: <20170109081101.uqod6m7m3po7tqn3@hendrix>

On Mon, Jan 09, 2017 at 03:29:54PM +0800, Matrix wrote:
> Hi, all
> 
> 
> The purpose of this email is to know more about timeout ipa server failover. 
> 
> 
> Env: 
> # rpm -qa | grep sssd
> sssd-krb5-common-1.13.0-40.el7_2.12.x86_64
> python-sssdconfig-1.13.0-40.el7_2.12.noarch
> sssd-ipa-1.13.0-40.el7_2.12.x86_64
> sssd-client-1.13.0-40.el7_2.12.x86_64
> sssd-ad-1.13.0-40.el7_2.12.x86_64
> sssd-proxy-1.13.0-40.el7_2.12.x86_64
> sssd-common-pac-1.13.0-40.el7_2.12.x86_64
> sssd-ldap-1.13.0-40.el7_2.12.x86_64
> sssd-krb5-1.13.0-40.el7_2.12.x86_64
> sssd-common-1.13.0-40.el7_2.12.x86_64
> sssd-1.13.0-40.el7_2.12.x86_64
> 
> 
> 
> base config:
> # cat /etc/sssd/sssd.conf
> [domain/example.com]
> 
> 
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = example.com
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = spare01.example.com
> chpass_provider = ipa
> 
> debug_level = 4
> ldap_tls_cacert = /etc/ipa/ca.crt
> [sssd]
> services = nss, sudo, pam, ssh
> config_file_version = 2
> 
> 
> domains = example.com
> 
> 
> 
> Situation A: both Server A and Server B have been configured in 'ipa_server'
> ipa_server = ipa01.example.com, ipa02.example.com
> 
> 
> Once ipa01 ipa service failed, id lookup/auth will be failed over to ipa02 around 15mins later. It should be controlled by 'ldap_connection_expire_timeout', with default value 900 seconds. I have proved it with changing it to 300 seconds. 

If ipa01 fails, then sssd should fail over immediatelly to the next
server. I wonder how you tested the fail over?

> 
> 
> But if ipa01 was brought back, id lookup/auth will not be back to ipa01. Is it expected ? 

Yes, we stick to a server that works until it doesn't generally.

> 
> 
> Situation B: Server A has been configured as 'ipa_server', and Server B configured as 'ipa_backup_server'
> ipa_server = ipa01.example.com
> ipa_backup_server = ipa02.example.com
> 
> 
> 
> Once ipa01 ipa service failed, id lookup/auth will be failed over ipa02 some minutes later. I have tried 2 times, failover time is around 10min ~ 15min.
> 
> 
> Is it possible to control it more accurate? how to? any parameters I can try? 

No, sorry, the timeouts for switching between back up and primary
servers are hardcoded.



From jhrozek at redhat.com  Mon Jan  9 08:12:41 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 9 Jan 2017 09:12:41 +0100
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
Message-ID: <20170109081241.zu5jla6gw26koxhy@hendrix>

On Mon, Jan 09, 2017 at 01:07:06PM +0530, Rakesh Rajasekharan wrote:
> Hi,
> 
> I am using a Freeipa 4.2.0 server.
> 
> I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And
> when this happens, usually logins or new ipa-cleint-install fails.
> 
> When I checked on one of the hosts for which the clock skew was reported,
> 
> #> ntpq -p
>     remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
> *ip-10-10-1-150.e 171.66.97.126    2 u  869 1024  377    0.448    0.047
> 0.142

In general, 5 minutes is OK at least. But are you sure the server is also
in sync or just the client against an NTP server (iow, are you sure you
are checking the difference between a client and the KDC as well?)



From rakesh.rajasekharan at gmail.com  Mon Jan  9 08:37:21 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 9 Jan 2017 14:07:21 +0530
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <20170109081241.zu5jla6gw26koxhy@hendrix>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
Message-ID: <CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>

yes on the IPA server as well.. the offset isn't that high

     remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
*ip-10-10-1-150.e 132.163.4.101    2 u  119  128  377    0.431   -0.279
0.348

So, my NTP server, the ipa client and the IPA master.. all seems to not
have a high offset or a jitter.

There were about 1500 hosts that were alerting for "clock skew" and the
issue went away only after I did a resync using ntpdate on all those hosts

Is it possible that so many higher number of minor offsets adds up and
causes it. Coz from the individual offset it looks much below the 5min limit

Or, is there a way to tell whats the offset limit its actually looking for.

Thanks,
Rakesh



On Mon, Jan 9, 2017 at 1:42 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Mon, Jan 09, 2017 at 01:07:06PM +0530, Rakesh Rajasekharan wrote:
> > Hi,
> >
> > I am using a Freeipa 4.2.0 server.
> >
> > I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log.
> And
> > when this happens, usually logins or new ipa-cleint-install fails.
> >
> > When I checked on one of the hosts for which the clock skew was reported,
> >
> > #> ntpq -p
> >     remote           refid      st t when poll reach   delay   offset
> > jitter
> > ============================================================
> ==================
> > *ip-10-10-1-150.e 171.66.97.126    2 u  869 1024  377    0.448    0.047
> > 0.142
>
> In general, 5 minutes is OK at least. But are you sure the server is also
> in sync or just the client against an NTP server (iow, are you sure you
> are checking the difference between a client and the KDC as well?)
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/45be7955/attachment.htm>

From rajat.linux at gmail.com  Mon Jan  9 08:48:50 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Mon, 9 Jan 2017 09:48:50 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
Message-ID: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>

few user are able to login. ipa ad-trust setup.

==========================
Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
POSSIBLE BREAK-IN ATTEMPT!
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from x.x.x.x
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
user et33015 [preauth]
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
the underlying authentication module for illegal user et33015 from x.x.x.x
Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
for invalid user et33015 from x.x.x.x port 51270 ssh2
Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
et33015 from 146.213.128.135 port 51270 ssh2
Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
[preauth]
============================

====================
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
is 'not working'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
[Input/output error])
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Going offline!
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
(0x2000): Initialize check_if_online_ptask.
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
(0x0400): Periodic task [Check if online (periodic)] was created
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
task 72 seconds from now [1483696200]
(Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
[be_run_offline_cb] (0x0080): Going offline. Running callbacks

=================

cat /etc/sssd/sssd.conf
[domain/ipa.preprod.local]

cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = ipa.preprod.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
chpass_provider = ipa
ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
ldap_tls_cacert = /etc/ipa/ca.crt
debug_level = 9


[sssd]
default_domain_suffix = corp.corpcommon.com
services = nss, sudo, pam, ssh
debug_level = 9


domains = ipa.preprod.local
[nss]
override_homedir = /home/%u
debug_level = 9



[pam]
debug_level = 9


[sudo]

[autofs]

[ssh]
debug_level = 9


[pac]

[ifp]
===============

i am able to getent and  kinit for all of the AD user. but most of the user
are not able to login via ssh /ad-password

getent passwd  et33015
et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:

and

kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/26b8b258/attachment.htm>

From lslebodn at redhat.com  Mon Jan  9 09:31:54 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Mon, 9 Jan 2017 10:31:54 +0100
Subject: [Freeipa-users] [sssd[pam]] [pam_reply] (0x0200): pam_reply
 called with result [6]: Permission denied.
In-Reply-To: <07f4b77a-8ede-5f7a-6373-537329072edd@mdevsys.com>
References: <de131f81-7e9c-10d0-4477-5bcbfaa8170d@mdevsys.com>
	<07f4b77a-8ede-5f7a-6373-537329072edd@mdevsys.com>
Message-ID: <20170109093152.GB24255@10.4.128.1>

On (08/01/17 17:13), TomK wrote:
>On 1/8/2017 12:22 AM, TomK wrote:
>> Hey All,
>> 
>> Wanted to tap your experience a bit.  Do you recall under which
>> conditions this error can be triggered under?
>> 
>> (Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
>> received: [6 (Permission denied)][mds.xyz]
>> (Sun Jan  8 00:15:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
>> called with result [6]: Permission denied.
>> 
>> Pass is OK (tested) and UNIX Login for AD users works on the servers but
>> not the clients.
>> 
>Resolved.  It was multiple domains being listed in sssd.conf that caused
>this.
>
Could you be more specific?
sssd works well with multiple domains.

LS



From sbose at redhat.com  Mon Jan  9 09:46:22 2017
From: sbose at redhat.com (Sumit Bose)
Date: Mon, 9 Jan 2017 10:46:22 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
In-Reply-To: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
References: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
Message-ID: <20170109094622.GH528@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Mon, Jan 09, 2017 at 09:48:50AM +0100, rajat gupta wrote:
> few user are able to login. ipa ad-trust setup.
> 
> ==========================
> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> POSSIBLE BREAK-IN ATTEMPT!
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> user et33015 [preauth]
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> the underlying authentication module for illegal user et33015 from x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> for invalid user et33015 from x.x.x.x port 51270 ssh2
> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid user
> et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> [preauth]
> ============================
> 
> ====================
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server
> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> Input/output error
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error])
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Going offline!
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Initialize check_if_online_ptask.
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> (0x0400): Periodic task [Check if online (periodic)] was created
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> task 72 seconds from now [1483696200]
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_run_offline_cb] (0x0080): Going offline. Running callbacks

more data form the domain log is needed here, because it is not clear if
the system went offline before or after processing the request and why
the port is marked as not working. Please include the log data up to 5
minutes before as well.

bye,
Sumit

> 
> =================
> 
> cat /etc/sssd/sssd.conf
> [domain/ipa.preprod.local]
> 
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = ipa.preprod.local
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> chpass_provider = ipa
> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> ldap_tls_cacert = /etc/ipa/ca.crt
> debug_level = 9
> 
> 
> [sssd]
> default_domain_suffix = corp.corpcommon.com
> services = nss, sudo, pam, ssh
> debug_level = 9
> 
> 
> domains = ipa.preprod.local
> [nss]
> override_homedir = /home/%u
> debug_level = 9
> 
> 
> 
> [pam]
> debug_level = 9
> 
> 
> [sudo]
> 
> [autofs]
> 
> [ssh]
> debug_level = 9
> 
> 
> [pac]
> 
> [ifp]
> ===============
> 
> i am able to getent and  kinit for all of the AD user. but most of the user
> are not able to login via ssh /ad-password
> 
> getent passwd  et33015
> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
> 
> and
> 
> kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From mbasti at redhat.com  Mon Jan  9 09:51:42 2017
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 9 Jan 2017 10:51:42 +0100
Subject: [Freeipa-users] FreeIPA + /etc/named.conf
In-Reply-To: <cd67e097-2ad5-7331-35fd-880b48bb5f03@mdevsys.com>
References: <057676d6-5280-2348-827b-13ef4b4126a3@mdevsys.com>
	<f68f64fa-d1af-2a7d-ef77-8ffe098b4914@redhat.com>
	<cd67e097-2ad5-7331-35fd-880b48bb5f03@mdevsys.com>
Message-ID: <4b7a98e8-ba3a-246a-721f-8ba052de1967@redhat.com>



On 06.01.2017 18:14, TomK wrote:
> On 1/5/2017 2:17 PM, Martin Basti wrote:
>>
>>
>> On 05.01.2017 20:03, TomK wrote:
>>> Hey All,
>>>
>>> QQ.
>>>
>>> Should the DNS forwarders be updated in /etc/named.conf? Until I
>>> manually change /etc/named.conf, can't ping the windows AD cluster:
>>> mds.xyz.  Nor can I get dig to resolve the SRV records (dig SRV
>>> _ldap._tcp.mds.xyz).
>>>
>>> sssd-ipa-1.14.0-43.el7_3.4.x86_64
>>> ipa-client-4.4.0-14.el7.centos.x86_64
>>>
>>> IPA command below indicates that it's set to 'first' but that's not
>>> what's in /etc/named.conf file when I check.  Again, it works if I
>>> change /etc/named.conf manually.
>>>
>>
>> Forwarder settings has priority:
>>
>> named.conf < global forwarders (ipa dnsconfig-mod) < local dns server
>> config (ipa dnsserver-*) < forwardzones (applied per query, not as
>> global forwarder)
>>
>> so what is in named.conf is usually always overwritten
>>
>>
>> How did you edited the named.conf?
>>
>> Does dig @192.168.0.224 SRV _ldap._tcp.mds.xyz. works?
>> Do you have any errors in journalctl -u named-pkcs11 ??
>>
>> Martin
>
> Thanks Martin.
>
> Yes, with the manual update of /etc/named.conf this command works, as 
> I posted earlier (It doesn't work without the manual update of 
> /etc/named.conf to  forward first; ):
>
> dig @192.168.0.224 SRV _ldap._tcp.mds.xyz.
>
> ;; ANSWER SECTION:
> _ldap._tcp.mds.xyz.     3600    IN      SRV     0 100 389 
> winad02.mds.xyz.
> _ldap._tcp.mds.xyz.     600     IN      SRV     0 100 389 
> winad01.mds.xyz.
>
> Yes I stumbled on the journalctl command but really haven't seen 
> anything applicable to my scenario AFAIKT.  Nontheless, logs available 
> below:
>
> http://microdevsys.com/freeipa/named-pkcs11-working.log
> http://microdevsys.com/freeipa/named-pkcs11-non-working.log
> http://microdevsys.com/freeipa/named-pkcs11-working-again.log
>
> I'm still going over them.  The only message that seamed to make sense 
> was:
>
> ignoring inherited 'forward first;' for zone '.' - did you want 
> 'forward only;' to override automatic empty zone
>
> but it appears in both the working and non-working situations so isn't 
> looking significant ATM and nothing I found applied to this scenario.  
> Btw:
>
> [root at idmipa01 log]# cat /etc/resolv.conf
> search nix.mds.xyz mds.xyz
> nameserver 127.0.0.1
> You have new mail in /var/spool/mail/root
> [root at idmipa01 log]#
>
> And based on earlier chats, that's how it should stay.  Resolution of 
> AD ID's does work from clients though (When I have forward first; in 
> /etc/named.conf)
>
>
>


For me it looks like some DNSSEC validation issue, could you temporarily 
disable DNSSEC validation in /etc/named.conf on IPA server and then try 
again with forward only?

Martin



From sbose at redhat.com  Mon Jan  9 09:55:05 2017
From: sbose at redhat.com (Sumit Bose)
Date: Mon, 9 Jan 2017 10:55:05 +0100
Subject: [Freeipa-users] Getting error "Permission denied (publickey,
 gssapi-with-mic, password)"  when running below ssh command
In-Reply-To: <CY4PR18MB0920273F50F0B786B4BAC4B0D2620@CY4PR18MB0920.namprd18.prod.outlook.com>
References: <CY4PR18MB0920273F50F0B786B4BAC4B0D2620@CY4PR18MB0920.namprd18.prod.outlook.com>
Message-ID: <20170109095505.GI528@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Sat, Jan 07, 2017 at 02:14:45AM +0000, Chen Lufan wrote:
> Dear Team,
> 
> I am new to freeIPA and GSS authentication so maybe someone can shed a light on where the issue is when I perform below ssh?  Your help will be greatly appreciated!
> 
> 
> host2$  ssh -F /home/user/config   user at host1.example.com
> 
> 
> I got below error in audit.log in host1  :
> 
> type=CRYPTO_SESSION msg=audit(1483753488.905:727): user pid=17872 uid=0 auid=6974 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 rport=36989 laddr=67.217.92.20 lport=22 id=4294967295 exe="/usr/sbin/sshd" (hostname=?, addr=10.22.6.70, terminal=? res=success)'
> type=USER_ERR msg=audit(1483753489.839:728): user pid=17872 uid=0 auid=6974 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=10.22.6.70, addr=10.22.6.70, terminal=ssh res=failed)'

There are older reports that a similar audit message was triggered by
wrong SELinux labels on $HOME/.ssh and the files within. Although none
of the typical files in this directory are needed by GSSAPI
authentication it might worth to check. Does authentication work if you
temporally disable SELinux by calling 'setenforce 0' as root on the
command line?

HTH

bye,
Sumit

> 
> 
> where
> 
> host2$ more /home/user/config
> Host *
>     Protocol 2
> 
>     # Options for Protocol 1 only
>     #RSAAuthentication no
>     #RhostsRSAAuthentication no
> 
>     HostbasedAuthentication no
>     PubKeyAuthentication no
>     PasswordAuthentication no
> 
>     GSSAPIAuthentication yes
>     GSSAPIDelegateCredentials yes
> 
>     PreferredAuthentications gssapi-with-mic
> 
>     StrictHostKeyChecking no
>     CheckHostIP no
> 
>     LogLevel FATAL
> 
>     UserKnownHostsFile /uhome/installer/.ssh/known_hosts
>     IdentityFile /uhome/installer/.ssh/id_rsa
> 
> 
> AND on host1:
> 
> # grep -v "^#" /etc/ssh/sshd_config |grep -v "^$"
> Protocol 2
> SyslogFacility AUTHPRIV
> LogLevel INFO
> PermitRootLogin no
> PubkeyAuthentication yes
> HostbasedAuthentication no
> IgnoreRhosts yes
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> GSSAPIAuthentication yes
> UsePAM yes
> AllowTcpForwarding no
> X11Forwarding no
> PrintMotd no
> UseDNS no
> Banner /etc/issue.net
> Subsystem       sftp    /usr/libexec/openssh/sftp-server
> Ciphers aes128-ctr,aes192-ctr,aes256-ctr
> 
> host1# more krb5.conf
> 
> [libdefaults]
>   default_realm = EXAMPLE.COM
>   dns_lookup_realm = false
>   dns_lookup_kdc = false
>   ticket_lifetime = 24h
>   forwardable = yes
> 
> [realms]
>   EXAMPLE.COM = {
>     kdc = auth1.iad.example.com.
>     kdc = auth2.iad.example.com.
>     admin_server = auth1.iad.example.com.
> 
>     default_domain = example.com
>     pkinit_anchors = FILE:/etc/ipa/ca.crt
> 
>     auth_to_local = RULE:[2:$1;$2](.*;root)s/;root$//
>     auth_to_local = RULE:[2:$1;$2](.*;admin)s/;admin$//
>     auth_to_local = RULE:[1:$1@$0](.*@AD.CORP.EXAMPLE.COM)s/@.*$//
>     auth_to_local = DEFAULT
> }
> 
> [domain_realm]
>   .example.com = EXAMPLE.COM
>   example.com = EXAMPLE.COM
> 
> [appdefaults]
>   pam = {
>     debug = false
>     ticket_lifetime = 36000
>     renew_lifetime = 36000
>     forwardable = true
>     krb4_convert = false
>   }
> 
> 
> Thanks,
> 
> Lufan
> 
> 
> 

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From rajat.linux at gmail.com  Mon Jan  9 10:21:00 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Mon, 9 Jan 2017 11:21:00 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
In-Reply-To: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
References: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
Message-ID: <CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>

Hi,

Error message is changed today. but same some are able to login but most of
the user are not. Please find the below logs form ipa2 server.

/var/log/secure

Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=x.x.x.x.x user=et33015
Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth): received for
user et33015: 6 (Permission denied)
Jan  9 11:02:59 ilt-gif-ipa02 sshd[18940]: error: PAM: Authentication
failure for et33015 from x.x.x.x.x

=================================

sssd_nss.log

(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[18940].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240a7d0][23]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240a7d0][23]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240a7d0][23]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240a7d0][23]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [et33015].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [et33015] from [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f2ef0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc8323f67a0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f2ef0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc8323f67a0 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f2ef0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f67a0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc83240a680
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f67a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc83240a680 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f67a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240a7d0][23]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[18942].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [et33015].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [et33015] from [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc832402d80
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc832401560
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc832402d80 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc832401560 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc832402d80 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f39a0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc83240da50
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f39a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc83240da50 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f39a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [et33015].
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [et33015] from [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f63e0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc832402d80
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f63e0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc832402d80 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f63e0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f39a0
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc83240da50
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f39a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc83240da50 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f39a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
0x7fc8323f4780
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
on path /org/freedesktop/sssd/nss/memcache
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
(0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_update_initgr_memcache]
(0x0040): Unknown domain (corp.corpcommon.com) requested by provider
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
0x7fc8323f4780
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
on path /org/freedesktop/sssd/nss/memcache
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
(0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_update_initgr_memcache]
(0x0040): Unknown domain (corp.corpcommon.com) requested by provider
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
0x7fc8323f4780
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
on path /org/freedesktop/sssd/nss/memcache
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
(0x1000): Updating inigroups memory cache of [e600336 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_update_initgr_memcache]
(0x0040): Unknown domain (corp.corpcommon.com) requested by provider
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[16825].
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [e600336].
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'e600336' matched without domain, user is e600336
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [e600336] from [corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/e600336 at corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [e600336 at corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323f6260
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc832406870
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323f6260 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc832406870 "ltdb_timeout"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323f6260 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323ef9f0
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc8323fbd90
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323ef9f0 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc8323fbd90 "ltdb_timeout"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323ef9f0 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [e600336 at corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
(Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_close_fn] (0x2000):
Terminated client [0x7fc83240aaf0][25]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_recv] (0x0200): Client
disconnected!
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_close_fn] (0x2000):
Terminated client [0x7fc8323fa270][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[18951].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client
connected!
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Received client version [1].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
Offered version [1].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [et33015].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [et33015] from [corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323fbd90
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc832401560
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323fbd90 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc832401560 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323fbd90 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc83240b690
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc83240d9b0
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc83240b690 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc83240d9b0 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc83240b690 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running
command [17][SSS_NSS_GETPWNAM] with input [et33015].
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
Requesting info for [et33015] from [corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc8323fbd90
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc8323fab40
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc8323fbd90 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc8323fab40 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc8323fbd90 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7fc83240b690
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7fc83240d9b0
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
0x7fc83240b690 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
event 0x7fc83240d9b0 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
0x7fc83240b690 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a
LOCAL view, continuing with provided values.
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry
is valid, returning..
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7fc832406bc0][24]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn:
0x7fc8323f4780
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
on path /org/freedesktop/sssd/nss/memcache
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
(0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_update_initgr_memcache]
(0x0040): Unknown domain (corp.corpcommon.com) requested by provider


==============================================
sssd_pam.log

(Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[18942].
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client
connected to privileged pipe!
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Received client version [3].
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Offered version [3].
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100): entering
pam_cmd_preauth
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_PREAUTH
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18942
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000):
User [et33015] not found in PAM cache.
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
Creating request for [corp.corpcommon.com
][0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf824a0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf9a520
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf824a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf9a520 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf824a0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf7cbd0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf85090
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf7cbd0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf85090 "ltdb_timeout"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf7cbd0 "ltdb_callback"
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[et33015] added to PAM initgroup cache
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
request with the following data:
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_PREAUTH
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18942
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [0 (Success)][corp.corpcommon.com]
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [0]: Success.
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 44
(Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:46 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
[et33015] removed from PAM initgroup cache
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
entering pam_cmd_authenticate
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_AUTHENTICATE
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 1
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18942
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000):
User [et33015] not found in PAM cache.
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
Creating request for [corp.corpcommon.com
][0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf8fe00
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf849b0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf8fe00 "ltdb_callback"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf849b0 "ltdb_timeout"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf8fe00 "ltdb_callback"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf8fc40
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf90d60
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf8fc40 "ltdb_callback"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf90d60 "ltdb_timeout"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf8fc40 "ltdb_callback"
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[et33015] added to PAM initgroup cache
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
request with the following data:
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_AUTHENTICATE
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 1
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18942
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:52 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
[et33015] removed from PAM initgroup cache
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[16825].
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client
connected to privileged pipe!
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Received client version [3].
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Offered version [3].
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100):
entering pam_cmd_close_session
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): name 'e600336' matched without domain, user is e600336
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_CLOSE_SESSION
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
e600336
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
146.213.0.134
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
16825
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: e600336
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/e600336 at corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000):
User [e600336] not found in PAM cache.
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
Creating request for [corp.corpcommon.com
][0x3][BE_REQ_INITGROUPS][1][name=e600336 at corp.corpcommon.com:-]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf96250
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf96250
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
Requesting info for [e600336 at corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf8c680
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf9a280
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf8c680 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf9a280 "ltdb_timeout"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf8c680 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf975f0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf9b8d0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf975f0 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf9b8d0 "ltdb_timeout"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf975f0 "ltdb_callback"
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [e600336 at corp.corpcommon.com@corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is e600336 at corp.corpcommon.com
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[e600336] added to PAM initgroup cache
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
request with the following data:
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_CLOSE_SESSION
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
e600336 at corp.corpcommon.com
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
146.213.0.134
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
16825
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: e600336
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [0 (Success)][corp.corpcommon.com]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [0]: Success.
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_recv] (0x0200): Client
disconnected!
(Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_close_fn] (0x2000):
Terminated client [0x7f0becf906d0][22]
(Mon Jan  9 11:02:58 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
[e600336] removed from PAM initgroup cache
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [6 (Permission denied)][corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [6]: Permission denied.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 85
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_recv] (0x0200): Client
disconnected!
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_close_fn] (0x2000):
Terminated client [0x7f0becf7e800][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
creds: euid[0] egid[0] pid[18951].
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x0020):
SELINUX_getpeercon failed [-1][Unknown error -1].
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client
connected to privileged pipe!
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Received client version [3].
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
Offered version [3].
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][21]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100): entering
pam_cmd_preauth
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): name 'et33015' matched without domain, user is et33015
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
(0x0200): using default domain [corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_PREAUTH
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18951
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
Checking negative cache for [NCE/USER/
corp.corpcommon.com/et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000):
User [et33015] not found in PAM cache.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
Creating request for [corp.corpcommon.com
][0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf861b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
Requesting info for [et33015 at corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf8fc40
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf8fe00
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf8fc40 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf8fe00 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf8fc40 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x7f0becf84200
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x7f0becf85090
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
0x7f0becf84200 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
event 0x7f0becf85090 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
0x7f0becf84200 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
User's primary name is et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
[et33015] added to PAM initgroup cache
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
request with the following data:
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
SSS_PAM_PREAUTH
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
sshd
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
not set
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
x.x.x.x.x
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
type: 0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
newauthtok type: 0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
18951
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
name: et33015
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
pam_dp_send_req returned 0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
0x7f0becf7c310
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn:
0x7f0becf7f8b0
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
received: [4 (System error)][corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
called with result [4]: System error.
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
(Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
timer re-set for client [0x7f0becf906d0][21]

===========================

sssd_ipa.preprod.local.log

(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8f5ffb0 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8fcf1f0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8fceee0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8fcf1f0 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8fceee0 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8fcf1f0 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8ff9450
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8fa9970
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8ff9450 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8fa9970 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8ff9450 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8fc0700
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8f5e890
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8fc0700 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8f5e890 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8fc0700 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [Initgroups #1073]: Request handler finished [0]:
Success
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #1073]: Receiving request data.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_initgr_pp]
(0x0400): Ordering NSS responder to update memory cache
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #1073]:
Finished. Success.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #1073]: Returning [Success]: 0,0,Success
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0000:3:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com] from
reply table
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [Initgroups #1073]: Request
removed.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f45b8ea5830], connected[1],
ops[(nil)], ldap[0x7f45b8ee1930]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f45b8ef2930
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f45b8f0e2b0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
(0x0100): Got request with the following data
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): command: SSS_PAM_PREAUTH
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): domain: corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): user: et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): service: sshd
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): tty: ssh
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): ruser:
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): rhost: x.x.x.x.x
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): authtok type: 0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): priv: 1
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): cli_pid: 18951
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): logon name: not set
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [PAM Preauth #1074]: New request. Flags [0000].
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [
et33015 at corp.corpcommon.com] is empty, running request [0x7f45b8ef6730]
immediately.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
(0x4000): No mapping for: et33015 at corp.corpcommon.com
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8ef5860
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8ee42e0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8ef5860 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8ee42e0 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8ef5860 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8f26f60
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8f18ae0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8f26f60 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8f18ae0 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8f26f60 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x0200): Found address for server
ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://ilt-gif-ipa01.ipa.preprod.local'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_CFqm2h]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_CFqm2h]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_resolve_done] (0x2000): Subdomain corp.corpcommon.com is
inactive, will proceed offline
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [18952]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [18952]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[read_pipe_handler] (0x0400): EOF received, client finished
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 0 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[set_server_common_status] (0x0100): Marking server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 0 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
(0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
et33015 at corp.corpcommon.com].
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f45b8ef56b0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f45b8f18860
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f45b8ef56b0 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f45b8f18860 "ltdb_timeout"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f45b8ef56b0 "ltdb_callback"
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_cache_creds] (0x0080): Delayed authentication is only available
for password authentication (single factor).
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [check_wait_queue]
(0x1000): Wait queue for user [et33015 at corp.corpcommon.com] is empty.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f45b8ef6730]
done.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [PAM Preauth #1074]: Request handler finished [0]:
Success
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [PAM Preauth #1074]: Receiving request data.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [PAM Preauth #1074]: Request
removed.
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
(0x1000): DP Request [PAM Preauth #1074]: Sending result [4][
corp.corpcommon.com]
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [18952].
(Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0100): child [18952] finished successfully.



On Mon, Jan 9, 2017 at 9:48 AM, rajat gupta <rajat.linux at gmail.com> wrote:

> few user are able to login. ipa ad-trust setup.
>
> ==========================
> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> POSSIBLE BREAK-IN ATTEMPT!
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
> x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> user et33015 [preauth]
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> the underlying authentication module for illegal user et33015 from x.x.x.x
> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> for invalid user et33015 from x.x.x.x port 51270 ssh2
> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> user et33015 from 146.213.128.135 port 51270 ssh2
> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> [preauth]
> ============================
>
> ====================
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server
> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> Input/output error
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error])
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Going offline!
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> (0x2000): Initialize check_if_online_ptask.
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> (0x0400): Periodic task [Check if online (periodic)] was created
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> task 72 seconds from now [1483696200]
> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>
> =================
>
> cat /etc/sssd/sssd.conf
> [domain/ipa.preprod.local]
>
> cache_credentials = True
> krb5_store_password_if_offline = True
> ipa_domain = ipa.preprod.local
> id_provider = ipa
> auth_provider = ipa
> access_provider = ipa
> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> chpass_provider = ipa
> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> ldap_tls_cacert = /etc/ipa/ca.crt
> debug_level = 9
>
>
> [sssd]
> default_domain_suffix = corp.corpcommon.com
> services = nss, sudo, pam, ssh
> debug_level = 9
>
>
> domains = ipa.preprod.local
> [nss]
> override_homedir = /home/%u
> debug_level = 9
>
>
>
> [pam]
> debug_level = 9
>
>
> [sudo]
>
> [autofs]
>
> [ssh]
> debug_level = 9
>
>
> [pac]
>
> [ifp]
> ===============
>
> i am able to getent and  kinit for all of the AD user. but most of the
> user are not able to login via ssh /ad-password
>
> getent passwd  et33015
> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
>
> and
>
> kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
>
>
>


-- 

*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/d544a77d/attachment.htm>

From jhrozek at redhat.com  Mon Jan  9 10:59:37 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 9 Jan 2017 11:59:37 +0100
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
Message-ID: <20170109105937.uyjq3bkcae5iprvf@hendrix>

On Mon, Jan 09, 2017 at 02:07:21PM +0530, Rakesh Rajasekharan wrote:
> yes on the IPA server as well.. the offset isn't that high
> 
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
> *ip-10-10-1-150.e 132.163.4.101    2 u  119  128  377    0.431   -0.279
> 0.348
> 
> So, my NTP server, the ipa client and the IPA master.. all seems to not
> have a high offset or a jitter.
> 
> There were about 1500 hosts that were alerting for "clock skew" and the
> issue went away only after I did a resync using ntpdate on all those hosts
> 
> Is it possible that so many higher number of minor offsets adds up and
> causes it. Coz from the individual offset it looks much below the 5min limit
> 
> Or, is there a way to tell whats the offset limit its actually looking for.

Sorry, I'm a bit out of my depth here, the only other suggestion I have
is to try kinit with KRB5_TRACE=/dev/stderr when that happens, which
should at least dump which KDC is the client talking to (if you have
multiple masters..)

> 
> Thanks,
> Rakesh
> 
> 
> 
> On Mon, Jan 9, 2017 at 1:42 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> 
> > On Mon, Jan 09, 2017 at 01:07:06PM +0530, Rakesh Rajasekharan wrote:
> > > Hi,
> > >
> > > I am using a Freeipa 4.2.0 server.
> > >
> > > I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log.
> > And
> > > when this happens, usually logins or new ipa-cleint-install fails.
> > >
> > > When I checked on one of the hosts for which the clock skew was reported,
> > >
> > > #> ntpq -p
> > >     remote           refid      st t when poll reach   delay   offset
> > > jitter
> > > ============================================================
> > ==================
> > > *ip-10-10-1-150.e 171.66.97.126    2 u  869 1024  377    0.448    0.047
> > > 0.142
> >
> > In general, 5 minutes is OK at least. But are you sure the server is also
> > in sync or just the client against an NTP server (iow, are you sure you
> > are checking the difference between a client and the KDC as well?)
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> >



From jhrozek at redhat.com  Mon Jan  9 11:04:36 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 9 Jan 2017 12:04:36 +0100
Subject: [Freeipa-users] ipa_server and ipa_backup_server failover time
In-Reply-To: <tencent_5A2AEA40072D56531E778737@qq.com>
References: <tencent_229B76D9413A6F1E5B528044@qq.com>
	<20170109081101.uqod6m7m3po7tqn3@hendrix>
	<tencent_5A2AEA40072D56531E778737@qq.com>
Message-ID: <20170109110222.urw7f4t3aqpq57mb@hendrix>

(please keep CC-ing the list..)

On Mon, Jan 09, 2017 at 04:39:04PM +0800, Matrix wrote:
> Sorry, i did not trigger authentication at all. Just to check sssd logs. around 15 minutes later, I saw below messages shown:
> 
> (Mon Jan  9 01:46:35 2017) [sssd[be[fwmrm.net]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa02.example.com' as 'working'
> 
> Re-check it with authentication, failover will be happened immediately. 

Yes, then that is expected, the identity lookup was probably answered from
the cache.

> 
> >> No, sorry, the timeouts for switching between back up and primary
> >> servers are hardcoded.
> 
> May I know how long it will take for worst case? 

Seems to be 30 minutes:
    https://github.com/SSSD/sssd/blob/master/src/providers/data_provider_fo.c#L49



From bentech4you at gmail.com  Mon Jan  9 12:27:37 2017
From: bentech4you at gmail.com (Ben .T.George)
Date: Mon, 9 Jan 2017 15:27:37 +0300
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOV7xzcmoLJMRNhHEKF4SeQCeay8EHKMgTgguLOCjKENwQ@mail.gmail.com>
References: <CA+C_GOV7xzcmoLJMRNhHEKF4SeQCeay8EHKMgTgguLOCjKENwQ@mail.gmail.com>
Message-ID: <CA+C_GOXucLwOg7Mpu=5pTvus2+69M_z_xYDWHqE9KUOnAYUapA@mail.gmail.com>

Hi LIst,

is there anyone faces/fixed this issue?

Regards,
BEn

On Sun, Jan 8, 2017 at 7:03 AM, Ben .T.George <bentech4you at gmail.com> wrote:

> HI List,
>
> how can i solve this? is this a bug ,normal behavior or any missing
> configuration from my end,
>
> Till now i didn't get ant clue on this.
>
> Regards
> Ben
>
> On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale <ftweedal at redhat.com>
> wrote:
>
>> On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote:
>> > HI
>> >
>> > there is no filrewall running on both servers,
>> >
>> > [root at zkwipamstr01 ~]# systemctl status firewalld
>> > ? firewalld.service - firewalld - dynamic firewall daemon
>> >    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
>> > vendor preset: enabled)
>> >    Active: inactive (dead)
>> >      Docs: man:firewalld(1)
>> >
>> > [root at zkwipamstr01 ~]# sestatus
>> > SELinux status:                 disabled
>> >
>> OK, very well.  And actually, forget about my idea about connecting
>> to port 8009 from client - that is not what happens at all.  It is
>> the end of day for me and my brain checked out :/
>>
>> I shall continue analysis of your problem tomorrow.
>>
>> Thanks,
>> Fraser
>>
>> >
>> > On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale <ftweedal at redhat.com>
>> wrote:
>> >
>> > > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
>> > > > HI,
>> > > >
>> > > > on master server and replica server, i have enabled ipv6
>> > > >
>> > > > below on master server
>> > > >
>> > > > [root at zkwipamstr01 ~]# ip addr | grep inet6
>> > > >
>> > > >     inet6 fe80::250:56ff:fea0:3857/64 scope link
>> > > >
>> > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
>> > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
>> > > > tcp6       0      0 ::1:8009                :::*
>> > > LISTEN
>> > > >      12692/java
>> > > >
>> > > >
>> > > > after that 8009 is listening on master server.
>> > > >
>> > > > on replica side uninstalled ipa and tried to enrolled again. Do i
>> need to
>> > > > enable any service replica side?
>> > > >
>> > > > [28/44]: restarting directory server
>> > > > ipa         : CRITICAL Failed to restart the directory server
>> (Command
>> > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service' returned
>> non-zero
>> > > > exit status 1). See the installation log for details.
>> > > >   [29/44]: setting up initial replication
>> > > >   [error] error: [Errno 111] Connection refused
>> > > > Your system may be partly configured.
>> > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>> > > >
>> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    [Errno
>> 111]
>> > > > Connection refused
>> > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>> > > > ipa-replica-install command failed. See
>> /var/log/ipareplica-install.log
>> > > for
>> > > > more information
>> > > > [root at zkwiparepa01 ~]# systemctl restart pki-tomcatd at pki-tomcat
>> > > > Job for pki-tomcatd at pki-tomcat.service failed because the control
>> > > process
>> > > > exited with error code. See "systemctl status
>> > > pki-tomcatd at pki-tomcat.service"
>> > > > and "journalctl -xe" for details.
>> > > >
>> > > > Still same error.
>> > > >
>> > > > is this service restart pki-tomcatd at pki-tomcat only applicable on
>> master
>> > > > server?
>> > > >
>> > > Yes, because no CA has been created on replica (yet).
>> > >
>> > > Can you confirm that your firewall (if any/enabled) on master is
>> > > letting the traffic from client/replica through to :8009?
>> > > Executing: ``nc -v $MASTER_IP 8009`` from the client machine
>> > > suffices to check.
>> > >
>> > > Thanks,
>> > > Fraser
>> > >
>> > > > Regards,
>> > > > Ben
>> > > >
>> > > >
>> > > > On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik <pvoborni at redhat.com
>> >
>> > > wrote:
>> > > >
>> > > > > On 01/05/2017 07:10 AM, Ben .T.George wrote:
>> > > > > > HI
>> > > > > >
>> > > > > > yes i did the same and still port is not listening.
>> > > > > >
>> > > > > > [root at zkwipamstr01 ~]# cat /etc/hosts
>> > > > > > 127.0.0.1   localhost localhost.localdomain localhost4
>> > > > > localhost4.localdomain4
>> > > > > > ::1         localhost localhost.localdomain localhost6
>> > > > > localhost6.localdomain6
>> > > > > > 10.151.4.64 zkwipamstr01.kw.example.com <http://zkwipamstr01.kw
>> .
>> > > > > example.com>
>> > > > > >     zkwipamstr01
>> > > > > > 10.151.4.65 zkwiparepa01.kw.example.com <http://zkwiparepa01.kw
>> .
>> > > > > example.com>
>> > > > > >     zkwiparepa01
>> > > > > > [root at zkwipamstr01 ~]# systemctl restart pki-tomcatd at pki-tomcat
>> > > > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
>> > > > > >
>> > > > > >
>> > > > > > Regards
>> > > > > > Ben
>> > > > >
>> > > > > Also IPv6 stack needs to be enabled.
>> > > > >
>> > > > > >
>> > > > > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale <
>> ftweedal at redhat.com
>> > > > > > <mailto:ftweedal at redhat.com>> wrote:
>> > > > > >
>> > > > > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben .T.George
>> wrote:
>> > > > > >     > HI
>> > > > > >     >
>> > > > > >     > port 8009 is not listening in master server
>> > > > > >     >
>> > > > > >     > and i added ::1         localhost localhost.localdomain
>> > > localhost6
>> > > > > >     > localhost6.localdomain6 in hosts file.
>> > > > > >     >
>> > > > > >
>> > > > > >     Did you add this to the host file on the master (then
>> `systemctl
>> > > > > >     restart pki-tomcatd at pki-tomcat` and confirm it is
>> listening on
>> > > port
>> > > > > >     8009)?  Or just the client you are trying to promote?
>> > > > > >
>> > > > > >     It is needed on the master.  Won't hurt to make this change
>> to
>> > > > > >     /etc/hosts on both machines, though.
>> > > > > >
>> > > > > >     HTH,
>> > > > > >     Fraser
>> > > > > >
>> > > > > >      > still getting same error
>> > > > > >      >
>> > > > > >      >  [28/44]: restarting directory server
>> > > > > >      > ipa         : CRITICAL Failed to restart the directory
>> server
>> > > > > (Command
>> > > > > >      > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
>> > > returned
>> > > > > non-zero
>> > > > > >      > exit status 1). See the installation log for details.
>> > > > > >      >   [29/44]: setting up initial replication
>> > > > > >      >   [error] error: [Errno 111] Connection refused
>> > > > > >      > Your system may be partly configured.
>> > > > > >      > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>> > > > > >      >
>> > > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
>> > > [Errno
>> > > > > 111]
>> > > > > >      > Connection refused
>> > > > > >      > ipa.ipapython.install.cli.install_tool(Replica): ERROR
>>   The
>> > > > > >      > ipa-replica-install command failed. See
>> > > > > /var/log/ipareplica-install.log for
>> > > > > >      > more information
>> > > > > >      >
>> > > > > >      >
>> > > > > >      > Also  ipv6 is disabled on both nodes
>> > > > > >      >
>> > > > > >      > Regards,
>> > > > > >      > Ben
>> > > > > >      >
>> > > > > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
>> > > > > pvoborni at redhat.com
>> > > > > >     <mailto:pvoborni at redhat.com>> wrote:
>> > > > > >      >
>> > > > > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
>> > > > > >      > > > HI
>> > > > > >      > > >
>> > > > > >      > > > i tried the method mentioned on that document and it
>> end
>> > > up
>> > > > > with below
>> > > > > >      > > error. My
>> > > > > >      > > > DNS is managed by external box and i dont want to
>> create
>> > > any
>> > > > > DNS record
>> > > > > >      > > on these
>> > > > > >      > > > servers.
>> > > > > >      > > >
>> > > > > >      > > > and the command which i tried is(non client server)
>> > > > > >      > > >
>> > > > > >      > > > ipa-replica-install --principal admin
>> --admin-password
>> > > > > P at ssw0rd --domain
>> > > > > >      > > > kw.example.com <http://kw.example.com> <
>> > > http://kw.example.com>
>> > > > > --server
>> > > > > >      > > zkwipamstr01.kw.example.com <http://zkwipamstr01.kw.
>> > > example.com
>> > > > > >
>> > > > > >      > > > <http://zkwipamstr01.kw.example.com <
>> > > http://zkwipamstr01.kw.
>> > > > > example.com>>
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > > ipa         : CRITICAL Failed to restart the
>> directory
>> > > server
>> > > > > (Command
>> > > > > >      > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service
>> '
>> > > > > returned
>> > > > > >      > > non-zero exit
>> > > > > >      > > > status 1). See the installation log for details.
>> > > > > >      > > >    [29/44]: setting up initial replication
>> > > > > >      > > >    [error] error: [Errno 111] Connection refused
>> > > > > >      > > > Your system may be partly configured.
>> > > > > >      > > > Run /usr/sbin/ipa-server-install --uninstall to
>> clean up.
>> > > > > >      > > >
>> > > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica):
>> ERROR
>> > > > > [Errno 111]
>> > > > > >      > > Connection
>> > > > > >      > > > refused
>> > > > > >      > > > ipa.ipapython.install.cli.install_tool(Replica):
>> ERROR
>> > >   The
>> > > > > >      > > > ipa-replica-install command failed. See
>> > > > > /var/log/ipareplica-install.log
>> > > > > >      > > for more
>> > > > > >      > > > information
>> > > > > >      > >
>> > > > > >      > > This looks like bug https://fedorahosted.org/
>> > > > > freeipa/ticket/6575
>> > > > > >     <https://fedorahosted.org/freeipa/ticket/6575>
>> > > > > >      > >
>> > > > > >      > > To verify that, could you check if master server
>> internally
>> > > > > listens on
>> > > > > >      > > port 8009 or if ipareplica-install.log contains
>> > > CA_UNREACHABLE
>> > > > > string
>> > > > > >      > > near  step 27.
>> > > > > >      > >
>> > > > > >      > > Usual fix is to add following line to /etc/hosts
>> > > > > >      > >   ::1         localhost localhost.localdomain
>> localhost6
>> > > > > >      > > localhost6.localdomain6
>> > > > > >      > >
>> > > > > >      > >
>> > > > > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
>> > > > > >      > > dirsrv at KW-EXAMPLE-COM.service
>> > > > > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service failed
>> because the
>> > > > > control
>> > > > > >      > > process exited
>> > > > > >      > > > with error code. See "systemctl status
>> > > > > dirsrv at KW-EXAMPLE-COM.service"
>> > > > > >      > > and
>> > > > > >      > > > "journalctl -xe" for details.
>> > > > > >      > > >
>> > > > > >      > > > [root at zkwiparepa01 ~]# systemctl status
>> > > > > dirsrv at KW-EXAMPLE-COM.service
>> > > > > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389 Directory
>> Server
>> > > > > KW-EXAMPLE-COM.
>> > > > > >      > > >     Loaded: loaded (/usr/lib/systemd/system/dirsrv@
>> > > .service;
>> > > > > enabled;
>> > > > > >      > > vendor
>> > > > > >      > > > preset: disabled)
>> > > > > >      > > >     Active: failed (Result: exit-code) since Wed
>> > > 2017-01-04
>> > > > > 12:54:46
>> > > > > >      > > AST; 13s ago
>> > > > > >      > > >    Process: 14893 ExecStart=/usr/sbin/ns-slapd -D
>> > > > > /etc/dirsrv/slapd-%i -i
>> > > > > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited,
>> > > status=1/FAILURE)
>> > > > > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
>> > > > > systemd_ask_password_acl
>> > > > > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited,
>> > > status=0/SUCCESS)
>> > > > > >      > > >   Main PID: 14893 (code=exited, status=1/FAILURE)
>> > > > > >      > > >
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.177617891
>> +0300]
>> > > > > Error:
>> > > > > >      > > > betxnpostoperation plu...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.178379752
>> +0300]
>> > > > > Error: object
>> > > > > >      > > plugin
>> > > > > >      > > > Roles Pl...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179162340
>> +0300]
>> > > > > Error:
>> > > > > >      > > preoperation
>> > > > > >      > > > plugin su...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.179993432
>> +0300]
>> > > > > Error: object
>> > > > > >      > > plugin USN
>> > > > > >      > > > is n...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.181305209
>> +0300]
>> > > > > Error: object
>> > > > > >      > > plugin
>> > > > > >      > > > Views is...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > ns-slapd[14893]: [04/Jan/2017:12:54:46.182094981
>> +0300]
>> > > > > Error:
>> > > > > >      > > extendedop plugin
>> > > > > >      > > > whoa...arted
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service: main
>> process
>> > > > > exited,
>> > > > > >      > > code=exited,
>> > > > > >      > > > status=1/FAILURE
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > systemd[1]: Failed to start 389 Directory Server
>> > > > > KW-EXAMPLE-COM..
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > systemd[1]: Unit dirsrv at KW-EXAMPLE-COM.service
>> entered
>> > > > > failed state.
>> > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>> > > > > >     <http://zkwiparepa01.kw.example.com> <
>> http://zkwiparepa01.kw.
>> > > > > >      > > example.com <http://example.com>>
>> > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service failed.
>> > > > > >      > > > Hint: Some lines were ellipsized, use -l to show in
>> full.
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > > Regards,
>> > > > > >      > > > Ben
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin Babinsky <
>> > > > > mbabinsk at redhat.com
>> > > > > >     <mailto:mbabinsk at redhat.com>
>> > > > > >      > > > <mailto:mbabinsk at redhat.com <mailto:
>> mbabinsk at redhat.com
>> > > >>>
>> > > > > wrote:
>> > > > > >      > > >
>> > > > > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George wrote:
>> > > > > >      > > >
>> > > > > >      > > >         HI
>> > > > > >      > > >
>> > > > > >      > > >         while trying to create ipa replica, i am
>> getting
>> > > > > below error,
>> > > > > >      > > >
>> > > > > >      > > >         Replica creation using 'ipa-replica-prepare'
>> to
>> > > > > generate replica
>> > > > > >      > > file
>> > > > > >      > > >         is supported only in 0-level IPA domain.
>> > > > > >      > > >
>> > > > > >      > > >         The current IPA domain level is 1 and thus
>> the
>> > > > > replica must
>> > > > > >      > > >         be created by promoting an existing IPA
>> client.
>> > > > > >      > > >
>> > > > > >      > > >         To set up a replica use the following
>> procedure:
>> > > > > >      > > >              1.) set up a client on the host using
>> > > > > 'ipa-client-install'
>> > > > > >      > > >              2.) promote the client to replica
>> running
>> > > > > >      > > 'ipa-replica-install'
>> > > > > >      > > >                  *without* replica file specified
>> > > > > >      > > >
>> > > > > >      > > >         'ipa-replica-prepare' is allowed only in
>> domain
>> > > level
>> > > > > 0
>> > > > > >      > > >         The ipa-replica-prepare command failed.
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >         i have IPA master server without AD
>> integration
>> > > and
>> > > > > DNS is
>> > > > > >      > > managed by
>> > > > > >      > > >         3rd party appliances.
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >         Regards,
>> > > > > >      > > >         Ben
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >     Hi Ben,
>> > > > > >      > > >
>> > > > > >      > > >     If you installed IPA 4.4 server then domain
>> level 1 is
>> > > > > the default.
>> > > > > >      > > This
>> > > > > >      > > >     domain level uses different mechanism to stand up
>> > > > > replicas. See the
>> > > > > >      > > latest
>> > > > > >      > > >     IdM documentation[1] for more details.
>> > > > > >      > > >
>> > > > > >      > > >     [1]
>> > > > > >      > > > https://access.redhat.com/docu
>> mentation/en-US/Red_Hat_
>> > > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
>> > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
>> > > > > Authentication_and_Policy_
>> > > > > >      > > Guide/creating-the-replica.html
>> > > > > >      > > >     <https://access.redhat.com/
>> > > documentation/en-US/Red_Hat_
>> > > > > >     <https://access.redhat.com/documentation/en-US/Red_Hat_>
>> > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
>> > > > > Authentication_and_Policy_
>> > > > > >      > > Guide/creating-the-replica.html>
>> > > > > >      > > >
>> > > > > >      > > >     --
>> > > > > >      > > >     Martin^3 Babinsky
>> > > > > >      > > >
>> > > > > >      > > >     --
>> > > > > >      > > >     Manage your subscription for the Freeipa-users
>> mailing
>> > > > > list:
>> > > > > >      > > > https://www.redhat.com/mailman
>> /listinfo/freeipa-users
>> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>> > > > > >      > > >     <https://www.redhat.com/
>> > > mailman/listinfo/freeipa-users
>> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>> > > > > >      > > >     Go to http://freeipa.org for more info on the
>> project
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > > >
>> > > > > >      > >
>> > > > > >      > >
>> > > > > >      > > --
>> > > > > >      > > Petr Vobornik
>> > > > > >      > >
>> > > > > >
>> > > > > >      > --
>> > > > > >      > Manage your subscription for the Freeipa-users mailing
>> list:
>> > > > > >      > https://www.redhat.com/mailman/listinfo/freeipa-users
>> > > > > >     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>> > > > > >      > Go to http://freeipa.org for more info on the project
>> > > > > >
>> > > > > >
>> > > > >
>> > > > >
>> > > > > --
>> > > > > Petr Vobornik
>> > > > >
>> > >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/a47a9e92/attachment.htm>

From jamesaharrisonuk at yahoo.co.uk  Mon Jan  9 12:34:20 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Mon, 9 Jan 2017 12:34:20 +0000 (UTC)
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <20170107153359.GA29848@10.4.128.1>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<1302294420.1935936.1483722924050@mail.yahoo.com>
	<20170107153359.GA29848@10.4.128.1>
Message-ID: <813074504.2013424.1483965260827@mail.yahoo.com>

All,1.8.19-1 from Debian does not appear to work too.
James


      From: Lukas Slebodnik <lslebodn at redhat.com>
 To: James Harrison <jamesaharrisonuk at yahoo.co.uk> 
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
 Sent: Saturday, 7 January 2017, 15:34
 Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
   
On (06/01/17 17:15), James Harrison wrote:
>Any ideas?
>? ? ? From: James Harrison <jamesaharrisonuk at yahoo.co.uk>
> To: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
> Sent: Thursday, 5 January 2017, 13:36
> Subject: FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
>? 
>Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>I get 1 rule returned, which I expect.
>Many thanks,James Harrison
>
>
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [x_james.harrison] from [domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*))(&(dataExpireTimestamp<=1483618197)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]
>
Yes, 1 rule was returned for user x_james.harrison.
Can you see something in output of "sudo -l"


>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1082600012] pid[5470].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected!
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_unix(sudo:auth): authentication failure; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost=? user=x_james.harrison
>
I do not understand a reason why there is a failure in auth.log;
because there isn't sssd_pam.log @see above.

>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [x_james.harrison] not found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [domain.com][0x3][BE_REQ_INITGROUPS][1][name=x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [x_james.harrison] added to PAM initgroup cache
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x410090:3:x_james.harrison at domain.com]
>
>==> syslog <==
>Jan? 5 12:10:17 pul-lp-sql-00 kernel: [ 1272.582518] audit: type=1400 audit(1483618217.180:43): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/1082600012" pid=5570 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authentication was succesfull for sudo service.

>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 84
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_sss(sudo:auth): authentication success; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost= user=x_james.harrison
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User [x_james.harrison] found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authorisation was successful for sudo


>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 35
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: x_james.harrison : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/x_james.harrison ; USER=root ; COMMAND=/bin/bash
>
auth.log says something different the sssd_pam.log

I suspect some problem with sudo itself.
https://www.redhat.com/archives/freeipa-users/2016-August/msg00489.html

And here is importnatn message from the mail:
>unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16 contains
> a new option called netgroup_tuple, which tells whether a full netgroup
> tuply is check or only the host/user part in host/user check. However,
> the patch didn't make the sssd plugin to obey this option and it always
> check both hostname and username.
>
>It is fixed in 1.8.17 by this patch:
>https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
>
Please, report bug against Ubuntu sudo to backport this patch or rebase sudo.

Workaround mught be to install newer package from debian 1.8.19-1
https://packages.debian.org/stretch/sudo

LS


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/e07fd011/attachment.htm>

From jamesaharrisonuk at yahoo.co.uk  Mon Jan  9 12:44:08 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Mon, 9 Jan 2017 12:44:08 +0000 (UTC)
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <20170107153359.GA29848@10.4.128.1>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<1302294420.1935936.1483722924050@mail.yahoo.com>
	<20170107153359.GA29848@10.4.128.1>
Message-ID: <265350268.2066535.1483965848725@mail.yahoo.com>

All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.

James
      From: Lukas Slebodnik <lslebodn at redhat.com>
 To: James Harrison <jamesaharrisonuk at yahoo.co.uk> 
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
 Sent: Saturday, 7 January 2017, 15:34
 Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
   
On (06/01/17 17:15), James Harrison wrote:
>Any ideas?
>? ? ? From: James Harrison <jamesaharrisonuk at yahoo.co.uk>
> To: "freeipa-users at redhat.com" <freeipa-users at redhat.com> 
> Sent: Thursday, 5 January 2017, 13:36
> Subject: FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
>? 
>Hi all,I having problems with a FreeIPA client running Ububtu Xenial.
>I can authenticate OK, I get a kerberos ticket, but cannot run sudo.
>I get 1 rule returned, which I expect.
>Many thanks,James Harrison
>
>
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_user] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x0400): Retrieving rules for [x_james.harrison] from [domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x1c11d70
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(name=defaults)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*))(&(dataExpireTimestamp<=1483618197)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_rules] (0x2000): About to get sudo rules from cache
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_query_cache] (0x0200): Searching sysdb with [(&(objectClass=sudoRule)(|(sudoUser=ALL)(sudoUser=x_james.harrison)(sudoUser=#1082600012)(sudoUser=%admins)(sudoUser=%ipausers)(sudoUser=%x_james.harrison)(sudoUser=+*)))]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sort_sudo_rules] (0x0400): Sorting rules with higher-wins logic
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [sudosrv_get_sudorules_from_cache] (0x0400): Returning 1 rules for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:09:57 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x1c0e770][18]
>
Yes, 1 rule was returned for user x_james.harrison.
Can you see something in output of "sudo -l"


>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[1082600012] pid[5470].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected!
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Offered version [3].
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_unix(sudo:auth): authentication failure; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost=? user=x_james.harrison
>
I do not understand a reason why there is a failure in auth.log;
because there isn't sssd_pam.log @see above.

>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): entering pam_cmd_authenticate
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x4000): User [x_james.harrison] not found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): Issuing request for [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400): Creating request for [domain.com][0x3][BE_REQ_INITGROUPS][1][name=x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_internal_get_send] (0x0400): Entering request [0x410090:3:x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2469f20
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): [x_james.harrison] added to PAM initgroup cache
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x410090:3:x_james.harrison at domain.com]
>
>==> syslog <==
>Jan? 5 12:10:17 pul-lp-sql-00 kernel: [ 1272.582518] audit: type=1400 audit(1483618217.180:43): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/run/systemd/users/1082600012" pid=5570 comm="krb5_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x2470c00
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authentication was succesfull for sudo service.

>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 84
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: pam_sss(sudo:auth): authentication success; logname=x_james.harrison uid=1082600012 euid=0 tty=/dev/pts/1 ruser=x_james.harrison rhost= user=x_james.harrison
>
>==> sssd/sssd_pam.log <==
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): entering pam_cmd_acct_mgmt
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_parse_name_for_domains] (0x0200): name 'x_james.harrison' matched without domain, user is x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/domain.com/x_james.harrison]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_initgr_check_timeout] (0x2000): User [x_james.harrison] found in PAM cache.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0100): Requesting info for [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_check_user_search] (0x0400): Returning info for user [x_james.harrison at domain.com]
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending request with the following data:
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): command: SSS_PAM_ACCT_MGMT
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): domain: domain.com
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): user: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): service: sudo
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: /dev/pts/1
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: not set
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): newauthtok type: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid: 5470
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_print_data] (0x0100): logon name: x_james.harrison
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): pam_dp_send_req returned 0
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 0x246dd70
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x2467e60
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [0 (Success)][domain.com]
Authorisation was successful for sudo


>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [0]: Success.
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 35
>(Thu Jan? 5 12:10:17 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x2466e50][19]
>
>==> auth.log <==
>Jan? 5 12:10:17 pul-lp-sql-00 sudo: x_james.harrison : user NOT authorized on host ; TTY=pts/1 ; PWD=/home/x_james.harrison ; USER=root ; COMMAND=/bin/bash
>
auth.log says something different the sssd_pam.log

I suspect some problem with sudo itself.
https://www.redhat.com/archives/freeipa-users/2016-August/msg00489.html

And here is importnatn message from the mail:
>unfortunately sudo 1.8.16 introduced a bug in sssd plugin. 1.8.16 contains
> a new option called netgroup_tuple, which tells whether a full netgroup
> tuply is check or only the host/user part in host/user check. However,
> the patch didn't make the sssd plugin to obey this option and it always
> check both hostname and username.
>
>It is fixed in 1.8.17 by this patch:
>https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7
>
Please, report bug against Ubuntu sudo to backport this patch or rebase sudo.

Workaround mught be to install newer package from debian 1.8.19-1
https://packages.debian.org/stretch/sudo

LS


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/bf8807e3/attachment.htm>

From flo at redhat.com  Mon Jan  9 13:01:31 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Mon, 9 Jan 2017 14:01:31 +0100
Subject: [Freeipa-users] ipa replica installation help
In-Reply-To: <CA+C_GOXucLwOg7Mpu=5pTvus2+69M_z_xYDWHqE9KUOnAYUapA@mail.gmail.com>
References: <CA+C_GOV7xzcmoLJMRNhHEKF4SeQCeay8EHKMgTgguLOCjKENwQ@mail.gmail.com>
	<CA+C_GOXucLwOg7Mpu=5pTvus2+69M_z_xYDWHqE9KUOnAYUapA@mail.gmail.com>
Message-ID: <b175f03b-4752-cbee-2fef-bf3146331e8a@redhat.com>

On 01/09/2017 01:27 PM, Ben .T.George wrote:
> Hi LIst,
>
> is there anyone faces/fixed this issue?
>
> Regards,
> BEn
>
Hi Ben,

the directory server fails to restart on the replica. Are there any 
specific error message in /var/log/dirsrv/slapd-$DOMAIN/errors and 
access log files? If you are hitting ticket 6575 [1], there should be an 
error about a missing Server-Cert certificate (similar to: "Can't find 
certificate Server-Cert"), and no Server-Cert in /etc/dirsrv/slap-$DOMAIN.

Otherwise we need to figure out what causes the dirsrv startup error.

Flo

[1] https://fedorahosted.org/freeipa/ticket/6575

> On Sun, Jan 8, 2017 at 7:03 AM, Ben .T.George <bentech4you at gmail.com
> <mailto:bentech4you at gmail.com>> wrote:
>
>     HI List,
>
>     how can i solve this? is this a bug ,normal behavior or any missing
>     configuration from my end,
>
>     Till now i didn't get ant clue on this.
>
>     Regards
>     Ben
>
>     On Thu, Jan 5, 2017 at 1:21 PM, Fraser Tweedale <ftweedal at redhat.com
>     <mailto:ftweedal at redhat.com>> wrote:
>
>         On Thu, Jan 05, 2017 at 01:08:58PM +0300, Ben .T.George wrote:
>         > HI
>         >
>         > there is no filrewall running on both servers,
>         >
>         > [root at zkwipamstr01 ~]# systemctl status firewalld
>         > ? firewalld.service - firewalld - dynamic firewall daemon
>         >    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;
>         > vendor preset: enabled)
>         >    Active: inactive (dead)
>         >      Docs: man:firewalld(1)
>         >
>         > [root at zkwipamstr01 ~]# sestatus
>         > SELinux status:                 disabled
>         >
>         OK, very well.  And actually, forget about my idea about connecting
>         to port 8009 from client - that is not what happens at all.  It is
>         the end of day for me and my brain checked out :/
>
>         I shall continue analysis of your problem tomorrow.
>
>         Thanks,
>         Fraser
>
>         >
>         > On Thu, Jan 5, 2017 at 1:05 PM, Fraser Tweedale
>         <ftweedal at redhat.com <mailto:ftweedal at redhat.com>> wrote:
>         >
>         > > On Thu, Jan 05, 2017 at 12:43:47PM +0300, Ben .T.George wrote:
>         > > > HI,
>         > > >
>         > > > on master server and replica server, i have enabled ipv6
>         > > >
>         > > > below on master server
>         > > >
>         > > > [root at zkwipamstr01 ~]# ip addr | grep inet6
>         > > >
>         > > >     inet6 fe80::250:56ff:fea0:3857/64 scope link
>         > > >
>         > > > [root at zkwipamstr01 ~]# systemctl restart
>         pki-tomcatd at pki-tomcat
>         > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
>         > > > tcp6       0      0 ::1:8009                :::*
>         > > LISTEN
>         > > >      12692/java
>         > > >
>         > > >
>         > > > after that 8009 is listening on master server.
>         > > >
>         > > > on replica side uninstalled ipa and tried to enrolled
>         again. Do i need to
>         > > > enable any service replica side?
>         > > >
>         > > > [28/44]: restarting directory server
>         > > > ipa         : CRITICAL Failed to restart the directory
>         server (Command
>         > > > '/bin/systemctl restart dirsrv at KW-EXAMPLE-COM.service'
>         returned non-zero
>         > > > exit status 1). See the installation log for details.
>         > > >   [29/44]: setting up initial replication
>         > > >   [error] error: [Errno 111] Connection refused
>         > > > Your system may be partly configured.
>         > > > Run /usr/sbin/ipa-server-install --uninstall to clean up.
>         > > >
>         > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR
>         [Errno 111]
>         > > > Connection refused
>         > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>         > > > ipa-replica-install command failed. See
>         /var/log/ipareplica-install.log
>         > > for
>         > > > more information
>         > > > [root at zkwiparepa01 ~]# systemctl restart
>         pki-tomcatd at pki-tomcat
>         > > > Job for pki-tomcatd at pki-tomcat.service failed because the
>         control
>         > > process
>         > > > exited with error code. See "systemctl status
>         > > pki-tomcatd at pki-tomcat.service"
>         > > > and "journalctl -xe" for details.
>         > > >
>         > > > Still same error.
>         > > >
>         > > > is this service restart pki-tomcatd at pki-tomcat only
>         applicable on master
>         > > > server?
>         > > >
>         > > Yes, because no CA has been created on replica (yet).
>         > >
>         > > Can you confirm that your firewall (if any/enabled) on master is
>         > > letting the traffic from client/replica through to :8009?
>         > > Executing: ``nc -v $MASTER_IP 8009`` from the client machine
>         > > suffices to check.
>         > >
>         > > Thanks,
>         > > Fraser
>         > >
>         > > > Regards,
>         > > > Ben
>         > > >
>         > > >
>         > > > On Thu, Jan 5, 2017 at 11:12 AM, Petr Vobornik
>         <pvoborni at redhat.com <mailto:pvoborni at redhat.com>>
>         > > wrote:
>         > > >
>         > > > > On 01/05/2017 07:10 AM, Ben .T.George wrote:
>         > > > > > HI
>         > > > > >
>         > > > > > yes i did the same and still port is not listening.
>         > > > > >
>         > > > > > [root at zkwipamstr01 ~]# cat /etc/hosts
>         > > > > > 127.0.0.1   localhost localhost.localdomain localhost4
>         > > > > localhost4.localdomain4
>         > > > > > ::1         localhost localhost.localdomain localhost6
>         > > > > localhost6.localdomain6
>         > > > > > 10.151.4.64 zkwipamstr01.kw.example.com
>         <http://zkwipamstr01.kw.example.com> <http://zkwipamstr01.kw.
>         > > > > example.com <http://example.com>>
>         > > > > >     zkwipamstr01
>         > > > > > 10.151.4.65 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com> <http://zkwiparepa01.kw.
>         > > > > example.com <http://example.com>>
>         > > > > >     zkwiparepa01
>         > > > > > [root at zkwipamstr01 ~]# systemctl restart
>         pki-tomcatd at pki-tomcat
>         > > > > > [root at zkwipamstr01 ~]# netstat -tunap | grep 8009
>         > > > > >
>         > > > > >
>         > > > > > Regards
>         > > > > > Ben
>         > > > >
>         > > > > Also IPv6 stack needs to be enabled.
>         > > > >
>         > > > > >
>         > > > > > On Thu, Jan 5, 2017 at 9:03 AM, Fraser Tweedale
>         <ftweedal at redhat.com <mailto:ftweedal at redhat.com>
>         > > > > > <mailto:ftweedal at redhat.com
>         <mailto:ftweedal at redhat.com>>> wrote:
>         > > > > >
>         > > > > >     On Wed, Jan 04, 2017 at 03:12:12PM +0300, Ben
>         .T.George wrote:
>         > > > > >     > HI
>         > > > > >     >
>         > > > > >     > port 8009 is not listening in master server
>         > > > > >     >
>         > > > > >     > and i added ::1         localhost
>         localhost.localdomain
>         > > localhost6
>         > > > > >     > localhost6.localdomain6 in hosts file.
>         > > > > >     >
>         > > > > >
>         > > > > >     Did you add this to the host file on the master
>         (then `systemctl
>         > > > > >     restart pki-tomcatd at pki-tomcat` and confirm it is
>         listening on
>         > > port
>         > > > > >     8009)?  Or just the client you are trying to promote?
>         > > > > >
>         > > > > >     It is needed on the master.  Won't hurt to make
>         this change to
>         > > > > >     /etc/hosts on both machines, though.
>         > > > > >
>         > > > > >     HTH,
>         > > > > >     Fraser
>         > > > > >
>         > > > > >      > still getting same error
>         > > > > >      >
>         > > > > >      >  [28/44]: restarting directory server
>         > > > > >      > ipa         : CRITICAL Failed to restart the
>         directory server
>         > > > > (Command
>         > > > > >      > '/bin/systemctl restart
>         dirsrv at KW-EXAMPLE-COM.service'
>         > > returned
>         > > > > non-zero
>         > > > > >      > exit status 1). See the installation log for
>         details.
>         > > > > >      >   [29/44]: setting up initial replication
>         > > > > >      >   [error] error: [Errno 111] Connection refused
>         > > > > >      > Your system may be partly configured.
>         > > > > >      > Run /usr/sbin/ipa-server-install --uninstall to
>         clean up.
>         > > > > >      >
>         > > > > >      >
>         ipa.ipapython.install.cli.install_tool(Replica): ERROR
>         > > [Errno
>         > > > > 111]
>         > > > > >      > Connection refused
>         > > > > >      >
>         ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
>         > > > > >      > ipa-replica-install command failed. See
>         > > > > /var/log/ipareplica-install.log for
>         > > > > >      > more information
>         > > > > >      >
>         > > > > >      >
>         > > > > >      > Also  ipv6 is disabled on both nodes
>         > > > > >      >
>         > > > > >      > Regards,
>         > > > > >      > Ben
>         > > > > >      >
>         > > > > >      > On Wed, Jan 4, 2017 at 2:05 PM, Petr Vobornik <
>         > > > > pvoborni at redhat.com <mailto:pvoborni at redhat.com>
>         > > > > >     <mailto:pvoborni at redhat.com
>         <mailto:pvoborni at redhat.com>>> wrote:
>         > > > > >      >
>         > > > > >      > > On 01/04/2017 10:59 AM, Ben .T.George wrote:
>         > > > > >      > > > HI
>         > > > > >      > > >
>         > > > > >      > > > i tried the method mentioned on that
>         document and it end
>         > > up
>         > > > > with below
>         > > > > >      > > error. My
>         > > > > >      > > > DNS is managed by external box and i dont
>         want to create
>         > > any
>         > > > > DNS record
>         > > > > >      > > on these
>         > > > > >      > > > servers.
>         > > > > >      > > >
>         > > > > >      > > > and the command which i tried is(non client
>         server)
>         > > > > >      > > >
>         > > > > >      > > > ipa-replica-install --principal admin
>         --admin-password
>         > > > > P at ssw0rd --domain
>         > > > > >      > > > kw.example.com <http://kw.example.com>
>         <http://kw.example.com> <
>         > > http://kw.example.com>
>         > > > > --server
>         > > > > >      > > zkwipamstr01.kw.example.com
>         <http://zkwipamstr01.kw.example.com> <http://zkwipamstr01.kw.
>         > > example.com <http://example.com>
>         > > > > >
>         > > > > >      > > > <http://zkwipamstr01.kw.example.com
>         <http://zkwipamstr01.kw.example.com> <
>         > > http://zkwipamstr01.kw.
>         > > > > example.com <http://example.com>>>
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > > ipa         : CRITICAL Failed to restart
>         the directory
>         > > server
>         > > > > (Command
>         > > > > >      > > > '/bin/systemctl restart
>         dirsrv at KW-EXAMPLE-COM.service'
>         > > > > returned
>         > > > > >      > > non-zero exit
>         > > > > >      > > > status 1). See the installation log for
>         details.
>         > > > > >      > > >    [29/44]: setting up initial replication
>         > > > > >      > > >    [error] error: [Errno 111] Connection
>         refused
>         > > > > >      > > > Your system may be partly configured.
>         > > > > >      > > > Run /usr/sbin/ipa-server-install
>         --uninstall to clean up.
>         > > > > >      > > >
>         > > > > >      > > >
>         ipa.ipapython.install.cli.install_tool(Replica): ERROR
>         > > > > [Errno 111]
>         > > > > >      > > Connection
>         > > > > >      > > > refused
>         > > > > >      > > >
>         ipa.ipapython.install.cli.install_tool(Replica): ERROR
>         > >   The
>         > > > > >      > > > ipa-replica-install command failed. See
>         > > > > /var/log/ipareplica-install.log
>         > > > > >      > > for more
>         > > > > >      > > > information
>         > > > > >      > >
>         > > > > >      > > This looks like bug https://fedorahosted.org/
>         > > > > freeipa/ticket/6575
>         > > > > >     <https://fedorahosted.org/freeipa/ticket/6575
>         <https://fedorahosted.org/freeipa/ticket/6575>>
>         > > > > >      > >
>         > > > > >      > > To verify that, could you check if master
>         server internally
>         > > > > listens on
>         > > > > >      > > port 8009 or if ipareplica-install.log contains
>         > > CA_UNREACHABLE
>         > > > > string
>         > > > > >      > > near  step 27.
>         > > > > >      > >
>         > > > > >      > > Usual fix is to add following line to /etc/hosts
>         > > > > >      > >   ::1         localhost localhost.localdomain
>         localhost6
>         > > > > >      > > localhost6.localdomain6
>         > > > > >      > >
>         > > > > >      > >
>         > > > > >      > > > [root at zkwiparepa01 ~]# /bin/systemctl restart
>         > > > > >      > > dirsrv at KW-EXAMPLE-COM.service
>         > > > > >      > > > Job for dirsrv at KW-EXAMPLE-COM.service
>         failed because the
>         > > > > control
>         > > > > >      > > process exited
>         > > > > >      > > > with error code. See "systemctl status
>         > > > > dirsrv at KW-EXAMPLE-COM.service"
>         > > > > >      > > and
>         > > > > >      > > > "journalctl -xe" for details.
>         > > > > >      > > >
>         > > > > >      > > > [root at zkwiparepa01 ~]# systemctl status
>         > > > > dirsrv at KW-EXAMPLE-COM.service
>         > > > > >      > > > ? dirsrv at KW-EXAMPLE-COM.service - 389
>         Directory Server
>         > > > > KW-EXAMPLE-COM.
>         > > > > >      > > >     Loaded: loaded
>         (/usr/lib/systemd/system/dirsrv@
>         > > .service;
>         > > > > enabled;
>         > > > > >      > > vendor
>         > > > > >      > > > preset: disabled)
>         > > > > >      > > >     Active: failed (Result: exit-code)
>         since Wed
>         > > 2017-01-04
>         > > > > 12:54:46
>         > > > > >      > > AST; 13s ago
>         > > > > >      > > >    Process: 14893
>         ExecStart=/usr/sbin/ns-slapd -D
>         > > > > /etc/dirsrv/slapd-%i -i
>         > > > > >      > > > /var/run/dirsrv/slapd-%i.pid (code=exited,
>         > > status=1/FAILURE)
>         > > > > >      > > >    Process: 14887 ExecStartPre=/usr/sbin/ds_
>         > > > > systemd_ask_password_acl
>         > > > > >      > > > /etc/dirsrv/slapd-%i/dse.ldif (code=exited,
>         > > status=0/SUCCESS)
>         > > > > >      > > >   Main PID: 14893 (code=exited,
>         status=1/FAILURE)
>         > > > > >      > > >
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.177617891 +0300]
>         > > > > Error:
>         > > > > >      > > > betxnpostoperation plu...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.178379752 +0300]
>         > > > > Error: object
>         > > > > >      > > plugin
>         > > > > >      > > > Roles Pl...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.179162340 +0300]
>         > > > > Error:
>         > > > > >      > > preoperation
>         > > > > >      > > > plugin su...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.179993432 +0300]
>         > > > > Error: object
>         > > > > >      > > plugin USN
>         > > > > >      > > > is n...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.181305209 +0300]
>         > > > > Error: object
>         > > > > >      > > plugin
>         > > > > >      > > > Views is...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > ns-slapd[14893]:
>         [04/Jan/2017:12:54:46.182094981 +0300]
>         > > > > Error:
>         > > > > >      > > extendedop plugin
>         > > > > >      > > > whoa...arted
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service:
>         main process
>         > > > > exited,
>         > > > > >      > > code=exited,
>         > > > > >      > > > status=1/FAILURE
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > systemd[1]: Failed to start 389 Directory
>         Server
>         > > > > KW-EXAMPLE-COM..
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > systemd[1]: Unit
>         dirsrv at KW-EXAMPLE-COM.service entered
>         > > > > failed state.
>         > > > > >      > > > Jan 04 12:54:46 zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>
>         > > > > >     <http://zkwiparepa01.kw.example.com
>         <http://zkwiparepa01.kw.example.com>> <http://zkwiparepa01.kw.
>         > > > > >      > > example.com <http://example.com>
>         <http://example.com>>
>         > > > > >      > > > systemd[1]: dirsrv at KW-EXAMPLE-COM.service
>         failed.
>         > > > > >      > > > Hint: Some lines were ellipsized, use -l to
>         show in full.
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > > Regards,
>         > > > > >      > > > Ben
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > > On Wed, Jan 4, 2017 at 11:19 AM, Martin
>         Babinsky <
>         > > > > mbabinsk at redhat.com <mailto:mbabinsk at redhat.com>
>         > > > > >     <mailto:mbabinsk at redhat.com
>         <mailto:mbabinsk at redhat.com>>
>         > > > > >      > > > <mailto:mbabinsk at redhat.com
>         <mailto:mbabinsk at redhat.com> <mailto:mbabinsk at redhat.com
>         <mailto:mbabinsk at redhat.com>
>         > > >>>
>         > > > > wrote:
>         > > > > >      > > >
>         > > > > >      > > >     On 01/04/2017 07:21 AM, Ben .T.George
>         wrote:
>         > > > > >      > > >
>         > > > > >      > > >         HI
>         > > > > >      > > >
>         > > > > >      > > >         while trying to create ipa replica,
>         i am getting
>         > > > > below error,
>         > > > > >      > > >
>         > > > > >      > > >         Replica creation using
>         'ipa-replica-prepare' to
>         > > > > generate replica
>         > > > > >      > > file
>         > > > > >      > > >         is supported only in 0-level IPA
>         domain.
>         > > > > >      > > >
>         > > > > >      > > >         The current IPA domain level is 1
>         and thus the
>         > > > > replica must
>         > > > > >      > > >         be created by promoting an existing
>         IPA client.
>         > > > > >      > > >
>         > > > > >      > > >         To set up a replica use the
>         following procedure:
>         > > > > >      > > >              1.) set up a client on the
>         host using
>         > > > > 'ipa-client-install'
>         > > > > >      > > >              2.) promote the client to
>         replica running
>         > > > > >      > > 'ipa-replica-install'
>         > > > > >      > > >                  *without* replica file
>         specified
>         > > > > >      > > >
>         > > > > >      > > >         'ipa-replica-prepare' is allowed
>         only in domain
>         > > level
>         > > > > 0
>         > > > > >      > > >         The ipa-replica-prepare command failed.
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >         i have IPA master server without AD
>         integration
>         > > and
>         > > > > DNS is
>         > > > > >      > > managed by
>         > > > > >      > > >         3rd party appliances.
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >         Regards,
>         > > > > >      > > >         Ben
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >     Hi Ben,
>         > > > > >      > > >
>         > > > > >      > > >     If you installed IPA 4.4 server then
>         domain level 1 is
>         > > > > the default.
>         > > > > >      > > This
>         > > > > >      > > >     domain level uses different mechanism
>         to stand up
>         > > > > replicas. See the
>         > > > > >      > > latest
>         > > > > >      > > >     IdM documentation[1] for more details.
>         > > > > >      > > >
>         > > > > >      > > >     [1]
>         > > > > >      > > >
>         https://access.redhat.com/documentation/en-US/Red_Hat_
>         <https://access.redhat.com/documentation/en-US/Red_Hat_>
>         > > > > >
>          <https://access.redhat.com/documentation/en-US/Red_Hat_
>         <https://access.redhat.com/documentation/en-US/Red_Hat_>>
>         > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
>         > > > > Authentication_and_Policy_
>         > > > > >      > > Guide/creating-the-replica.html
>         > > > > >      > > >     <https://access.redhat.com/
>         > > documentation/en-US/Red_Hat_
>         > > > > >
>          <https://access.redhat.com/documentation/en-US/Red_Hat_
>         <https://access.redhat.com/documentation/en-US/Red_Hat_>>
>         > > > > >      > > Enterprise_Linux/7/html/Linux_Domain_Identity_
>         > > > > Authentication_and_Policy_
>         > > > > >      > > Guide/creating-the-replica.html>
>         > > > > >      > > >
>         > > > > >      > > >     --
>         > > > > >      > > >     Martin^3 Babinsky
>         > > > > >      > > >
>         > > > > >      > > >     --
>         > > > > >      > > >     Manage your subscription for the
>         Freeipa-users mailing
>         > > > > list:
>         > > > > >      > > >
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>         > > > > >
>          <https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>         > > > > >      > > >     <https://www.redhat.com/
>         > > mailman/listinfo/freeipa-users
>         > > > > >
>          <https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>>>
>         > > > > >      > > >     Go to http://freeipa.org for more info
>         on the project
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > > >
>         > > > > >      > >
>         > > > > >      > >
>         > > > > >      > > --
>         > > > > >      > > Petr Vobornik
>         > > > > >      > >
>         > > > > >
>         > > > > >      > --
>         > > > > >      > Manage your subscription for the Freeipa-users
>         mailing list:
>         > > > > >      >
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>         > > > > >
>          <https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>>
>         > > > > >      > Go to http://freeipa.org for more info on the
>         project
>         > > > > >
>         > > > > >
>         > > > >
>         > > > >
>         > > > > --
>         > > > > Petr Vobornik
>         > > > >
>         > >
>
>
>
>
>



From Oucema.Bellagha at hotmail.com  Mon Jan  9 07:50:37 2017
From: Oucema.Bellagha at hotmail.com (Oucema Bellagha)
Date: Mon, 9 Jan 2017 07:50:37 +0000
Subject: [Freeipa-users] FreeIPA, Duo Security integration
Message-ID: <DB6PR0301MB2262473717B92261F1926FAFF9640@DB6PR0301MB2262.eurprd03.prod.outlook.com>


Hi,
As of now, we have FreeIPA with OTP working perfectly.  Now, I am looking at possibly integrating Duo security instead of FreeIPA's 2FA.  I am concerned about how it will fit in with FreeIPA... Has anyone else tried this before?  If so, are there any pitfalls or problems you have encountered or any general advise?

Cheers,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/13b66684/attachment.htm>

From lslebodn at redhat.com  Mon Jan  9 13:09:31 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Mon, 9 Jan 2017 14:09:31 +0100
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <265350268.2066535.1483965848725@mail.yahoo.com>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<1302294420.1935936.1483722924050@mail.yahoo.com>
	<20170107153359.GA29848@10.4.128.1>
	<265350268.2066535.1483965848725@mail.yahoo.com>
Message-ID: <20170109130931.GF24255@10.4.128.1>

On (09/01/17 12:44), James Harrison wrote:
>All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.
>
Could you provide sudo logs with 1.8.19-1
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO

sssd log files will be helpfull as well.


LS



From th at casalogic.dk  Mon Jan  9 13:06:58 2017
From: th at casalogic.dk (Troels Hansen)
Date: Mon, 9 Jan 2017 14:06:58 +0100 (CET)
Subject: [Freeipa-users] SLAPD stops answering
Message-ID: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>

Hi, we have a IPA installation, which obviously needs upgrading. 
Its a single server running RHEL7.1 running IPA 4.1 

However, it have been running smooth untill now: 

Rebooting makes everything running again, but only for a few days. 

It looks like everything fails around 0:17:47 and comes up again just before 8, when the server is rebooted. 

Jan 6 00:19:46 fbbidm01 winbindd[2965]: failed to bind to server ldapi://%2fvar%2frun%2fslapd-DOMAIN.LAN.socket with dn="[Anonymous bind]" Error: Local error 
Jan 6 00:19:46 fbbidm01 winbindd[2965]: (unknown) 
Jan 6 00:20:29 fbbidm01 winbindd[2965]: [2017/01/06 00:20:29.758332, 0] ipa_sam.c:4128(bind_callback_cleanup) 

Looking at the SLAPD logs also reveals it stopped answering: 

[06/Jan/2017:00:17:47 +0100] conn=40702 op=62 SRCH base="cn=radius_aura_admin,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0 filter="(objectClass=*)" attrs="cn" 
[06/Jan/2017:00:17:47 +0100] conn=40702 op=62 RESULT err=0 tag=101 nentries=1 etime=0 
[06/Jan/2017:00:17:47 +0100] conn=40702 op=63 SRCH base="cn=radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0 filter="(objectClass=*)" attrs="cn" 
[06/Jan/2017:00:17:47 +0100] conn=40702 op=63 RESULT err=0 tag=101 nentries=1 etime=0 
[06/Jan/2017:00:17:47 +0100] conn=40702 op=64 SRCH base="cn=system_radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0 filter="(objectClass=*)" attrs="cn" 
[06/Jan/2017:00:17:47 +0100] conn=40702 op=64 RESULT err=0 tag=101 nentries=1 etime=0 
[06/Jan/2017:00:17:48 +0100] conn=40702 op=65 SRCH base="cn=accounts,dc=domain,dc=lan" scope=2 filter="(uid=sys_prov_aura)" attrs=ALL 
[06/Jan/2017:00:17:48 +0100] conn=40702 op=65 RESULT err=0 tag=101 nentries=1 etime=0 
[06/Jan/2017:00:17:48 +0100] conn=40702 op=66 BIND dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan" method=128 version=3 
[06/Jan/2017:00:17:48 +0100] conn=40702 op=66 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan" 
[06/Jan/2017:00:17:51 +0100] conn=40703 fd=158 slot=158 connection from 10.250.8.66 to 10.250.8.58 
[06/Jan/2017:00:17:53 +0100] conn=40704 fd=159 slot=159 SSL connection from 10.250.8.37 to 10.250.8.58 
[06/Jan/2017:00:18:02 +0100] conn=40705 fd=160 slot=160 SSL connection from 10.250.8.57 to 10.250.8.58 
[06/Jan/2017:00:18:02 +0100] conn=40706 fd=161 slot=161 SSL connection from 10.250.20.102 to 10.250.8.58 
[06/Jan/2017:00:18:03 +0100] conn=40707 fd=162 slot=162 SSL connection from 10.250.20.102 to 10.250.8.58 
[06/Jan/2017:00:18:58 +0100] conn=40708 fd=163 slot=163 connection from 10.250.8.66 to 10.250.8.58 
[06/Jan/2017:00:19:03 +0100] conn=40709 fd=164 slot=164 connection from local to /var/run/slapd-DOMAIN.LAN.socket 
[06/Jan/2017:00:19:35 +0100] conn=40710 fd=165 slot=165 connection from 10.250.8.58 to 10.250.8.58 
[06/Jan/2017:00:19:35 +0100] conn=40711 fd=166 slot=166 connection from 10.150.27.7 to 10.250.8.58 
[06/Jan/2017:00:19:43 +0100] conn=40712 fd=167 slot=167 SSL connection from 10.250.20.102 to 10.250.8.58 
[06/Jan/2017:00:19:46 +0100] conn=40713 fd=168 slot=168 connection from local to /var/run/slapd-DOMAIN.LAN.socket 

It looks like it just stops answering at 00:17:48 

The slapd error log reveals nothing: 

[06/Jan/2017:00:17:34 +0100] DSRetroclPlugin - replog: an error occured while adding change number 3875312, dn = changenumber=3875312,cn=changelog: Already exists. 
[06/Jan/2017:00:17:34 +0100] retrocl-plugin - retrocl_postob: operation failure [68] 
[06/Jan/2017:07:57:21 +0100] - slapd shutting down - signaling operation threads - op stack size 0 max work q size 735 max work q stack size 23 
[06/Jan/2017:07:57:21 +0100] - slapd shutting down - waiting for 30 threads to terminate 
[06/Jan/2017:07:58:02 +0100] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2 

However, see a gazillion of these lines in the error log: 

DSRetroclPlugin - replog: an error occured while adding change number 3875312, dn = changenumber=3875312,cn=changelog: Already exists. 

Anyone with some thoughts about this, other that "Just upgrade". 

-- 


Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/721433ea/attachment.htm>

From piolet.y at gmail.com  Mon Jan  9 13:37:10 2017
From: piolet.y at gmail.com (Youenn PIOLET)
Date: Mon, 9 Jan 2017 14:37:10 +0100
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <20170109075651.lxrdpuejhxdbbxrv@hendrix>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
	<20170106143353.jzwnccdag5ej6zzu@hendrix>
	<7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>
	<20170109075651.lxrdpuejhxdbbxrv@hendrix>
Message-ID: <CAF7cxud6qYnUCJDZ4nCwQn-_f82D1UJ3fE-hyNiQ576tKGUHwA@mail.gmail.com>

Hey there,

I got the same issue after upgrading my servers to 4.4.0
The problem comes from duplicate entries in :
cn=permissions,cn=pbac,dc=example,dc=com

I think FreeIPA upgrade fails to create ACL on pbac specific entries,
resulting in a conflict entry creation.

The problem is that SSSD on Ubuntu 14.04 is crashing when reading pbac
where cn contains symbol "+".
You should check if you got these conflict entries in
cn=permissions,cn=pbac,dc=example,dc=com and remove them.

Ubuntu authentication was working for me directly after the suppression.

Regards,

--
Youenn Piolet
piolet.y at gmail.com


2017-01-09 8:56 GMT+01:00 Jakub Hrozek <jhrozek at redhat.com>:

> On Fri, Jan 06, 2017 at 11:48:07AM -0500, Andy Brittingham wrote:
> > Sorry for the delay, was doing some troubleshooting.
> >
> > Here is what I know now:
> >
> > The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu
> > 14.04).
> >
> > SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.
> >
> > Users in the admin group can't log into these hosts.
> >
> > I created a newadmins group and assigned a new user to it. When I add the
> > "User Administrator" role the new user can't log into the hosts with
> older
> > sssd.
> >
> > As soon as I delete the "User Administrator" role, new user has access
> > again.
>
> So is it a role membership or a group membership that makes the
> difference?
>
> >
> > I've pasted the last bit of logs from a sssd_domain log below. I'd be
> happy
> > to forward the entire log, or additional logs if they will be helpful.
>
> The log only captures a user lookup, not a login, sorry..
>
> (This might be expected if you log in e.g. with an SSH key, in which
> case journald should be the first thing to look at at least to poinpoint
> which piece denied access..)
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/d6028171/attachment.htm>

From lkrispen at redhat.com  Mon Jan  9 13:54:40 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Mon, 09 Jan 2017 14:54:40 +0100
Subject: [Freeipa-users] SLAPD stops answering
In-Reply-To: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
References: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
Message-ID: <58739620.6000704@redhat.com>

Hi,

there seem to be to issues here, maybe related: a hanging slapd process 
and the retro CL errors.

If the slapd process is not responding can we get a pstack or gdb 
backtrace (http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes) 
of the process ?
About the Retro CL messages, is it always the same changenumber which 
is  reported ?

On 01/09/2017 02:06 PM, Troels Hansen wrote:
> Hi, we have a IPA installation, which obviously needs upgrading.
> Its a single server running RHEL7.1 running IPA 4.1
>
> However, it have been running smooth untill now:
>
> Rebooting makes everything running again, but only for a few days.
>
> It looks like everything fails around 0:17:47 and comes up again just 
> before 8, when the server is rebooted.
>
> Jan  6 00:19:46 fbbidm01 winbindd[2965]: failed to bind to server 
> ldapi://%2fvar%2frun%2fslapd-DOMAIN.LAN.socket with dn="[Anonymous 
> bind]" Error: Local error
> Jan  6 00:19:46 fbbidm01 winbindd[2965]: (unknown)
> Jan  6 00:20:29 fbbidm01 winbindd[2965]: [2017/01/06 00:20:29.758332,  
> 0] ipa_sam.c:4128(bind_callback_cleanup)
>
> Looking at the SLAPD logs also reveals it stopped answering:
>
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=62 SRCH 
> base="cn=radius_aura_admin,cn=groups,cn=accounts,dc=domain,dc=lan" 
> scope=0 filter="(objectClass=*)" attrs="cn"
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=62 RESULT err=0 tag=101 
> nentries=1 etime=0
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=63 SRCH 
> base="cn=radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0 
> filter="(objectClass=*)" attrs="cn"
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=63 RESULT err=0 tag=101 
> nentries=1 etime=0
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=64 SRCH 
> base="cn=system_radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" 
> scope=0 filter="(objectClass=*)" attrs="cn"
> [06/Jan/2017:00:17:47 +0100] conn=40702 op=64 RESULT err=0 tag=101 
> nentries=1 etime=0
> [06/Jan/2017:00:17:48 +0100] conn=40702 op=65 SRCH 
> base="cn=accounts,dc=domain,dc=lan" scope=2 
> filter="(uid=sys_prov_aura)" attrs=ALL
> [06/Jan/2017:00:17:48 +0100] conn=40702 op=65 RESULT err=0 tag=101 
> nentries=1 etime=0
> [06/Jan/2017:00:17:48 +0100] conn=40702 op=66 BIND 
> dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan" 
> method=128 version=3
> [06/Jan/2017:00:17:48 +0100] conn=40702 op=66 RESULT err=0 tag=97 
> nentries=0 etime=0 
> dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan"
> [06/Jan/2017:00:17:51 +0100] conn=40703 fd=158 slot=158 connection 
> from 10.250.8.66 to 10.250.8.58
> [06/Jan/2017:00:17:53 +0100] conn=40704 fd=159 slot=159 SSL connection 
> from 10.250.8.37 to 10.250.8.58
> [06/Jan/2017:00:18:02 +0100] conn=40705 fd=160 slot=160 SSL connection 
> from 10.250.8.57 to 10.250.8.58
> [06/Jan/2017:00:18:02 +0100] conn=40706 fd=161 slot=161 SSL connection 
> from 10.250.20.102 to 10.250.8.58
> [06/Jan/2017:00:18:03 +0100] conn=40707 fd=162 slot=162 SSL connection 
> from 10.250.20.102 to 10.250.8.58
> [06/Jan/2017:00:18:58 +0100] conn=40708 fd=163 slot=163 connection 
> from 10.250.8.66 to 10.250.8.58
> [06/Jan/2017:00:19:03 +0100] conn=40709 fd=164 slot=164 connection 
> from local to /var/run/slapd-DOMAIN.LAN.socket
> [06/Jan/2017:00:19:35 +0100] conn=40710 fd=165 slot=165 connection 
> from 10.250.8.58 to 10.250.8.58
> [06/Jan/2017:00:19:35 +0100] conn=40711 fd=166 slot=166 connection 
> from 10.150.27.7 to 10.250.8.58
> [06/Jan/2017:00:19:43 +0100] conn=40712 fd=167 slot=167 SSL connection 
> from 10.250.20.102 to 10.250.8.58
> [06/Jan/2017:00:19:46 +0100] conn=40713 fd=168 slot=168 connection 
> from local to /var/run/slapd-DOMAIN.LAN.socket
>
> It looks like it just stops answering at 00:17:48
>
> The slapd error log reveals nothing:
>
> [06/Jan/2017:00:17:34 +0100] DSRetroclPlugin - replog: an error 
> occured while adding change number 3875312, dn = 
> changenumber=3875312,cn=changelog: Already exists.
> [06/Jan/2017:00:17:34 +0100] retrocl-plugin - retrocl_postob: 
> operation failure [68]
> [06/Jan/2017:07:57:21 +0100] - slapd shutting down - signaling 
> operation threads - op stack size 0 max work q size 735 max work q 
> stack size 23
> [06/Jan/2017:07:57:21 +0100] - slapd shutting down - waiting for 30 
> threads to terminate
> [06/Jan/2017:07:58:02 +0100] SSL Initialization - Configured SSL 
> version range: min: TLS1.0, max: TLS1.2
>
> However, see a gazillion of these lines in the error log:
>
> DSRetroclPlugin - replog: an error occured while adding change number 
> 3875312, dn = changenumber=3875312,cn=changelog: Already exists.
>
> Anyone with some thoughts about this, other that "Just upgrade".
>
> -- 
>
> Med venlig hilsen
>
> *Troels Hansen*
>
> Systemkonsulent
>
> Casalogic A/S
>
> T  (+45) 70 20 10 63
>
> M (+45) 22 43 71 57
>
> <http://www.casalogic.dk/signatur/th.vcf> 
> <http://www.linkedin.com/company/67524> <http://twitter.com/casalogic>
> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, 
> Sophos og meget mere.
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/130a3bae/attachment.htm>

From amrivkin at gmail.com  Mon Jan  9 13:56:13 2017
From: amrivkin at gmail.com (=?UTF-8?B?0JDQvdC00YDQtdC5INCg0LjQstC60LjQvQ==?=)
Date: Mon, 9 Jan 2017 16:56:13 +0300
Subject: [Freeipa-users] FreeIpa client can't execute any command
Message-ID: <CACpE_qES-E=OH-c04MALp7qGL7JLoZf6Lm8F+R=SZ-We+Z1GVg@mail.gmail.com>

Hello everyone!

I'm new to FreeIpa, so if my question is very simple just point me to the
documentation.

I've installed FreeIpa on host demo3.xxx.com.
Then registred some other host demo5.xxx.com. I've used ipa add host
command.
Then installed ipa-client and ipa-admin-tools demo5.
Checked that they worked and were able to execute commands like kinit and
ipa host-find.

On the host demo3 I've restarted service ipa (service ipa restart).
Now I'm able to execute  ipa host-find on demo3, but not able to execute
this command on demo3.
I've done kinit by 'someadmin'.
All ipa commands not working:


[root at demo5 ~]# ipa -v -d
ipa: DEBUG: Starting external process
ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:someadmin at XXX.COM
ipa: DEBUG: Process finished, return code=1
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=keyctl_search: Required key not available

ipa: DEBUG: failed to find session_cookie in persistent storage for
principal 'someadmin at XXX.COM'
ipa: INFO: trying https://demo3.xxx.com/ipa/json
ipa: DEBUG: Created connection context.rpcclient_41215888
ipa: INFO: Forwarding 'schema' to json server '
https://demo3.xxx.com/ipa/json'
ipa: DEBUG: Destroyed connection context.rpcclient_41215888
ipa: ERROR: Service 'HTTP at demo3.xxx.com' not found in Kerberos database


It looks like my client is not connected to my server.
Any ideas how to debug this situation?

P.S. Hosts - Centos 7. DNS on demo3.

Regards,
Andrey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/395ff212/attachment.htm>

From Adam.Bishop at jisc.ac.uk  Mon Jan  9 14:37:46 2017
From: Adam.Bishop at jisc.ac.uk (Adam Bishop)
Date: Mon, 9 Jan 2017 14:37:46 +0000
Subject: [Freeipa-users] SLAPD stops answering
In-Reply-To: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
References: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
Message-ID: <C8BB8FB8-6649-4D3C-9412-C6A118716B4F@jisc.ac.uk>

On 9 Jan 2017, at 13:06, Troels Hansen <th at casalogic.dk> wrote:
> Anyone with some thoughts about this, other that "Just upgrade".

This sounds similar to the behaviour I'm seeing on my standalone instance; though I don't have anything in the error log:
  https://www.redhat.com/archives/freeipa-users/2017-January/msg00162.html

If you attach strace to the slapd process, do you see repeated (failing) calls to getpeername()?

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  




From sbose at redhat.com  Mon Jan  9 14:40:45 2017
From: sbose at redhat.com (Sumit Bose)
Date: Mon, 9 Jan 2017 15:40:45 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
In-Reply-To: <CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>
References: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
	<CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>
Message-ID: <20170109144045.GJ528@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Mon, Jan 09, 2017 at 11:21:00AM +0100, rajat gupta wrote:
> Hi,
> 
> Error message is changed today. but same some are able to login but most of
> the user are not. Please find the below logs form ipa2 server.
> 
> /var/log/secure
> 
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=x.x.x.x.x user=et33015
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth): received for
> user et33015: 6 (Permission denied)
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18940]: error: PAM: Authentication
> failure for et33015 from x.x.x.x.x
> 
> =================================
> 
...
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Preauth #1074]: Request handler finished [0]:
> Success
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Preauth #1074]: Receiving request data.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #1074]: Request
> removed.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Preauth #1074]: Sending result [4][
> corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18952].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [18952] finished successfully.

Can you add the messages that follows here as well and the related
messages from krb5_child.log?

bye,
Sumit

> 
> 
> 
> On Mon, Jan 9, 2017 at 9:48 AM, rajat gupta <rajat.linux at gmail.com> wrote:
> 
> > few user are able to login. ipa ad-trust setup.
> >
> > ==========================
> > Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
> > getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
> > POSSIBLE BREAK-IN ATTEMPT!
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
> > x.x.x.x
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request: invalid
> > user et33015 [preauth]
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
> > the underlying authentication module for illegal user et33015 from x.x.x.x
> > Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed keyboard-interactive/pam
> > for invalid user et33015 from x.x.x.x port 51270 ssh2
> > Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
> > user et33015 from 146.213.128.135 port 51270 ssh2
> > Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
> > [preauth]
> > ============================
> >
> > ====================
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [get_server_status] (0x1000): Status of server
> > 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> > (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> > is 'not working'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> > Input/output error
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> > [Input/output error])
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> > (0x2000): Going offline!
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_mark_offline]
> > (0x2000): Initialize check_if_online_ptask.
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_create]
> > (0x0400): Periodic task [Check if online (periodic)] was created
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
> > task 72 seconds from now [1483696200]
> > (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
> > [be_run_offline_cb] (0x0080): Going offline. Running callbacks
> >
> > =================
> >
> > cat /etc/sssd/sssd.conf
> > [domain/ipa.preprod.local]
> >
> > cache_credentials = True
> > krb5_store_password_if_offline = True
> > ipa_domain = ipa.preprod.local
> > id_provider = ipa
> > auth_provider = ipa
> > access_provider = ipa
> > ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
> > chpass_provider = ipa
> > ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
> > ldap_tls_cacert = /etc/ipa/ca.crt
> > debug_level = 9
> >
> >
> > [sssd]
> > default_domain_suffix = corp.corpcommon.com
> > services = nss, sudo, pam, ssh
> > debug_level = 9
> >
> >
> > domains = ipa.preprod.local
> > [nss]
> > override_homedir = /home/%u
> > debug_level = 9
> >
> >
> >
> > [pam]
> > debug_level = 9
> >
> >
> > [sudo]
> >
> > [autofs]
> >
> > [ssh]
> > debug_level = 9
> >
> >
> > [pac]
> >
> > [ifp]
> > ===============
> >
> > i am able to getent and  kinit for all of the AD user. but most of the
> > user are not able to login via ssh /ad-password
> >
> > getent passwd  et33015
> > et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
> >
> > and
> >
> > kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
> >
> >
> >
> 
> 
> -- 
> 
> *Rajat Gupta *

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From rajat.linux at gmail.com  Mon Jan  9 15:19:34 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Mon, 9 Jan 2017 16:19:34 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
In-Reply-To: <CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>
References: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
	<CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>
Message-ID: <CAA=996GdO_cqUyzn2vp4N-4na53ajTYmi79LO1t_4Lfmz1iW3w@mail.gmail.com>

These logs are related to sssd_ipadomain.log log. Please find the updated
logs below.

=======================
sssd_ipa.preprod.local.log
=======================

(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb43cd0 "ltdb_callback"

(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_done]
(0x0400): Task [SUDO Full Refresh]: finished successfully
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
[be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task
21600 seconds from last execution time [1483995891]
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[(nil)], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
[delayed_online_authentication_callback] (0x0200): Backend is online,
starting delayed online authentication.
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb1e590
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x1][BE_REQ_USER][1][name=et33015 at corp.corpcommon.com]
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [Account #248]: New request. Flags [0x0001].
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
view [Default Trust View] with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_print_server] (0x2000): Searching 10.150.144.113:389
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 11 timeout 6
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb44790], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 11 finished
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_done] (0x4000): No override found with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 12
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 12 timeout 6
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb58640], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb58640], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 12 finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb748d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_search_by_name] (0x0400): No such entry
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb375c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb375c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb818a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb818a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb818a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb818a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75120 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68630

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68630 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83210

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74750

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb74810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74750 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb74810 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74750 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83210

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb68630

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83210

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83210 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7eae0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7eae0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb68630

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7eae0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7eae0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e8d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7c830

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e8d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7c830 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e8d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7c830

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7c830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7c830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83210

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83210 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb85670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7b4d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb85670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7b4d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb85670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb68630

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb87ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb87ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb68630 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83210

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87ca0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83210 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87ca0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb866d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e8d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb866d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e8d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb866d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7f490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7f490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7f490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7d200

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7d200 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb866d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88f00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb866d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88f00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb866d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e1f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84ef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e1f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84ef0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e1f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7f400

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84ef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7f400 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84ef0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7f400 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb871e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7b670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb871e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7b670 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb871e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb861d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7c260

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb861d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7c260 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb861d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb861d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88a30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb861d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88a30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb861d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ac20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8a740

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ac20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8a740 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ac20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb846d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e1f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb846d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb846d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb846d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e1f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb846d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb846d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8bca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8bca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80f20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ebe0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80f20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ebe0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80f20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84ef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80f20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84ef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80f20 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84ef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86c50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b8a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86c50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b8a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86c50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e1f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ffb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ffb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8cc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8f250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8cc80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8f250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8cc80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ed50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91690

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ed50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91690 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ed50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fd00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ed50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fd00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ed50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fd00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c7a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c7a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fd10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91bd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fd10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb990d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb990d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb880a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7d810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb880a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7d810 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb880a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91a00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92970

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91a00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92970 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91a00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8eee0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92090

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8eee0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92090 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8eee0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8cbc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8cc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8cbc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8cc80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8cbc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75ac0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75ac0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb872c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb872c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c6e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb872c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb900d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb822d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb900d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb822d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb900d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb942c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb900d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb942c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb900d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb942c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90b20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92fe0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90b20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92fe0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90b20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb942c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb942c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96120 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb942c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb965f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb965f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb972a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90b20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb972a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90b20 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb972a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9cd80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9cd80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb822d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb822d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96120 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb822d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92600

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91a00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91a00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacc40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83e00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacc40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83e00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacc40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94fd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb911c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb911c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96cc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96cc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96cc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb822d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb822d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb822d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb99bf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb99bf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94fd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba31c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba31c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94fd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba31c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba31c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94fd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb94fd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb94fd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84270

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84270 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84270 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb843b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb843b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb843b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb843b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb843b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb843b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba31c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb983c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba31c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb983c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba31c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba31c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb983c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba31c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb983c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba31c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92fe0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96cc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96cc0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83340 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93550

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9e5d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93550 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9e5d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93550 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9b910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9b9d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9b910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9b9d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9b910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93690

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5650

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93690 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5650 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93690 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d680

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93690

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d680 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93690 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d680 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9e1c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ddc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9e1c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ddc0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9e1c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0a30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba4e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0a30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba4e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0a30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0a30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba4e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0a30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba4e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0a30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb87600

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb87600 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9ebd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9ebd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0810 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9ebd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9a900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9a900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9a900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0fc70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0fc70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ace0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ace0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba18c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba18c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba1f00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba1f00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba1f00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83340 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75330 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0fc70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb982f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb982f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0fc70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc16170

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0fc70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc16170 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0fc70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc16170 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9a900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb905a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba18c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb905a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba18c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb905a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba18c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0ef40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba18c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0ef40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba18c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba1350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc120a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba1350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc120a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba1350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb948a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9ace0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc11660

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9ace0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc11660 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9ace0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8de50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba46f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8de50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba46f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8de50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8de50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8de50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8de50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9a900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb99200

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc150d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb99200 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb99200 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb99200

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb99200 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb99200 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb948a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9a900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb948a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb948a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb948a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc05900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc05900 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc14b10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ace0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc14b10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ace0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc14b10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc150d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc150d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc150d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc150d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb948a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb948a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb948a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc13cf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc13cf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb948a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba08d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba08d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba08d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb755f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb755f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfbdd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfbdd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfbdd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc150d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc150d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf9410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf9e40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf9410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf9e40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf9410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb976d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbac9a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbac9a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfada0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaaa90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfada0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaaa90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfada0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0f890

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc128e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc128e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacbf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacbf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacbf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb904b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb976d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfbd50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfbd50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9a6d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaa430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9a6d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9a6d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb976d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf9e40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf9e40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0f890

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9ff90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb37d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9ff90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb37d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9ff90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb904b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfbd50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfbd50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfbd50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb976d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb976d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb904b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaa430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb8600

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb976d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb8600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb976d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb8600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac9a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb959d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac9a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac9a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9600

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba10c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba10c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb959d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb959d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d3b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb959d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d3b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d3b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0f890

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0f890 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0f890

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaa430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0f890 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac9a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac9a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0e6b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac9a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0e6b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9600

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb8960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb8960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9600 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf8d90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ff90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ff90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba10c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe1d80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba10c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe1d80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba10c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe1f70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe1f70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe1f70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba69f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba69f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba69f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe1f70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe1f70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf5180

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe3330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf5180 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe3330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf5180 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0bb10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0bb10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0bb10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0e6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8d90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe3620

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d9b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe3620 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d9b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe3620 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6010

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0bb10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0bb10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0bb10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ff90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ff90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0bb10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf4400

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf4400 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0bb10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8d9b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe3620

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8d9b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe3620 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8d9b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d0e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbe2a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d0e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbe2a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d0e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaf370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaf370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7500 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaf370 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc010f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0f5c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbe2a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0f5c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbe2a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0f5c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0f5c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0f5c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc010f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0f5c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc010f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d0e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d0e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc010f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6010

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7cb30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7cb30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7cb30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d9b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7cb30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d9b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7cb30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe66a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee240 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe66a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee240 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7500

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0f5c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0f5c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7500 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 13
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 13 timeout 6
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdbacaf0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdbacaf0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 13 finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9e470

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9e470 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d820 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9e470 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73f40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9e470

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73f40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9e470

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc11140

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9e470 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc11140 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9e470 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9e470

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc11140

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc11140 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d820 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc11140 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9e470

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [dhub at corp.corpcommon.com][name=dhub at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f080 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e9d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87ef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ea90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e9d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87ef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe2110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91d50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ea90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87ef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe2110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96d30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7db0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91d50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe2110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96d30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0c010

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7db0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96d30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0c010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f080 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0c010 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7c6b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbab1e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7c6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbab1e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7c6b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88eb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88eb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8aa90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc10240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8aa90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc10240 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8aa90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc10240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc10240 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0b740

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc10240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc10240 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0da30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ccf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ccf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0da30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0b740

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8aa90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8aa90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0b740

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc10240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc10240 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0b740 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89a70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf370

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89a70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf370 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89a70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc10240

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ccf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc10240 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ccf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc10240 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01820

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8e9e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8e9e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01820 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9b830

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe2f30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9b830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe2f30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9b830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc113a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88b00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc113a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88b00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc113a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [Account #248]: Request handler finished [0]: Success
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [Account #248]: Receiving request data.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_reply_list_success] (0x0400): DP Request [Account #248]: Finished.
Success.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_reply_std]
(0x1000): DP Request [Account #248]: Returning [Success]: 0,0,Success
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0x0001:1:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com] from
reply table
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [Account #248]: Request removed.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[(nil)], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb58ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d5b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb65770

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb77d10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb77dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb65770 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb77d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0b60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb77dd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb77d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e310

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb780b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0b60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e310 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95ea0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb787f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb780b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e310 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95ea0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95ea0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7b280

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb787f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7b280 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7b280 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95460

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb787f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb78d10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95460

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb787f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb78d10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79ac0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb780b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79ac0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb780b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95460

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb787f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79ac0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb780b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacaf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95d50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95460 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb780b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba93e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95d50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb780b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95d50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbad390

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba93e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb780b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95d50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacaf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ef30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbad390 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95d50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc479f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbad320

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc479f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ef30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbad320 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc479f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78d10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbad320

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacaf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ef30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbad320 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc479f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbad320

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc479f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ef30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbad320 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc479f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78d10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf780

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacaf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ef30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78d10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaf780

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb35a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacaf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaf780 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc134d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb35a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaf780 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb35a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc163d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc134d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78dd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb35a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc134d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbae970

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc163d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb35a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc134d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc163d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98ad0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbae970 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc134d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc163d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbae970

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb77f00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98ad0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc163d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbae970 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98ad0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbab220

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb77f00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbae970 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98ad0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb77f00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbab220 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98ad0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb77f00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbab220

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc26580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb77f00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbab220 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1a490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb23a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc26580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbab220 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1a490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc26580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ac20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb23a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1a490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc26580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb23a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba38d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ac20 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc26580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb23a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1ac20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1b2a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba38d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb23a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1ac20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba38d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb77c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1b2a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1ac20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba38d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1b2a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba27e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb77c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba38d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1b2a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb23a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb7400

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba27e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1b2a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb23a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba27e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb7be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb7400 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb23a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba27e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb7400

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc270f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb7be0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba27e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb7400 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb7be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdd039f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc270f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb7400 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb7be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc270f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6d60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdd039f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb7be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc270f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdd039f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1f040

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6d60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc270f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdd039f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6d60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc28020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1f040 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdd039f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6d60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1f040

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc24480

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc28020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6d60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1f040 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc28020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc24da0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc24480 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1f040 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2680

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1e760

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc24da0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2680 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0bc50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1e760 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2680 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0bd10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0040

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0bc50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0bd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0bc50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdd03910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0040 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0bd10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0bc50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc28020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2680

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdd03910 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0bc50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdd03910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2680 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdd03910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1f960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba3ec0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d340 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdd03910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0d340

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0caf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba3ec0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1f960 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0d340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc28020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0ec00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0caf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0d340 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdd03910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba4110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0ec00 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc28020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdd03910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0ec00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbec7c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba4110 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdd03910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0ec00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba4110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1e760

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbec7c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0ec00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba4110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbec7c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba58f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1e760 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba4110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbec7c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1e760

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1d380

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba58f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbec7c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1e760 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba58f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d200

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1d380 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1e760 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba58f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee620

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc34730

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d200 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba58f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee620 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc34730 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee620 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [Initgroups #249]: New request. Flags [0000].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
view [Default Trust View] with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_print_server] (0x2000): Searching 10.150.144.113:389
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 14 timeout 6
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb58ac0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 14 finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_done] (0x4000): No override found with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb0ab10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb34040

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb0ab10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb34040 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb0ab10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74fe0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb64060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb64060 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb76aa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb199f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb76aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb76aa0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[check_if_pac_is_available] (0x4000): No PAC available.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 15
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 15 timeout 6
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 15 finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5d720

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5d7e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5d720 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5d7e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5d720 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_search_by_name] (0x0400): No such entry
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5db00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5dcd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5db00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5dcd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5db00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb199f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb199f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb199f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5cd30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb67f10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb67f10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb483f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb67b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb483f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb67b90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb483f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb67f10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb67f10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92610

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb792a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92610 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb792a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92610 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5cd30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb67f10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb67f10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb67f10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92610

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92610 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79810 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92610 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90520 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90520 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc25cb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc258a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc25cb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc258a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc25cb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68d60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68d60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb65f50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb65f50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc28980

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb927b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc28980 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb927b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc28980 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2f360

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2f360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79580 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2f360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2f360

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2f360 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc31b00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb927b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc31b00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb927b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc31b00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb65f50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb65f50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc32fe0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb199f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc32fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc32fe0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65f50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2a2b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65f50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2a2b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65f50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5cd30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc29350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc29350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5cd30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc28810

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5e3b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc28810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5e3b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc28810 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2c150

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2acd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2c150 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2acd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2c150 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2c150

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2acd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2c150 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2acd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2c150 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2acd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb199f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2acd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2acd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc29fc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc33250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc29fc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc33250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc29fc0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc33250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2bdb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc33250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2bdb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc33250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2ba50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2ba50 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93be0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc33250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc33250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc33250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc32d40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc32d40 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc29350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc29350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb833b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2bdb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb833b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2bdb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb833b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2bdb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2bdb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2bdb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2bdb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2bdb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2bdb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65f50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc29350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65f50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc29350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65f50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2eb40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2eb40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2eb40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc27520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc27520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc27520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc27520

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc27520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc27520 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc29350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc31a90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc29350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc31a90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc29350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2eb40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2eb40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2eb40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86f60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86f60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86f60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc28c90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc28c90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82ec0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82ec0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82ec0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82350 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5dc30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86640

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5dc30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86640 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5dc30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb658f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8f4c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8f4c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb658f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86640

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86640 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86640 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb849c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb849c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb849c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83de0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2f880

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83de0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2f880 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83de0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f440

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f440 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f440 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84940

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84940 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2a4c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc29dd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2a4c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc29dd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2a4c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb888a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb888a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb888a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91250 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a8d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93be0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a8d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a8d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89230

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91250

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89230 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91250 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89230 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b5d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b5d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b5d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc2cef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90660

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc2cef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90660 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc2cef0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89ae0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89ae0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89ae0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb946a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88960

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88960 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8dc30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb946a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8dc30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8dc30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d330

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d330 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb884b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb884b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb66170

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb66170 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb66170

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb66170 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc29350

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc29350 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbeef40

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbeef40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbeef40 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ab30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ab30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ab30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a860

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc28c90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a860 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc28c90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a860 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94ae0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94ae0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94ae0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ccf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb78490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ccf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb78490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ccf0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb862f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb862f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb862f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6020

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6020 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9f4f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9f4f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9f4f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf08d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf08d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2060 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbd8f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc85a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f4f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc85a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f4f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc85a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2060 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9f4f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9f4f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb971c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb971c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5d50

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9b4a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5d50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9b4a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5d50 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb971c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf04f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb971c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf04f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb971c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9b650

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b3a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9b650 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b3a0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9b650 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d930

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d930 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d930 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba01e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba01e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5b90

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5b90 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb972f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b8c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb972f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb972f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0860

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0860 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d6e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d6e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0860

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0860 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d6e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96110 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb972f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb972f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb972f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96110

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96110 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95390

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95390 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95e80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95e80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95e80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95390

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95390 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96ec0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb972f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb972f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96ec0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96ec0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95390

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95390 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95390 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb954c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbae120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbae120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbae120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbadc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97b10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97b10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1e30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbadc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb878b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0860

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0860 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0860 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb00e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb00e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb00e0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbadc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbadc80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbadc80 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaf060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbadc80

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaf060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaf060 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb00e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb00e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb954c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0bb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0bb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1910 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf060

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf060 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb25d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb25d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4420 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb25d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce7d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce7d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba0430 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce7d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbae120

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbae120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1e30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbae120 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc31080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1910

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc31080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1910 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc31080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba0430

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba0430 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1e30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1e30 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc31080

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9ae70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc31080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9ae70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc31080 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97540 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97540

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97540 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb25d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb25d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb1670

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb1670 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd0ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd0ca0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd0ca0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc48b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc48b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc48b0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd3900

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd3900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd3900 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd0ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb999f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb649f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb8850

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb8850 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb649f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd4e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd0ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd4e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd4e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd0ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd4e60

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb999f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd4e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd4e60 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e70

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd0ca0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e70 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 16
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 16 timeout 6
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb8fe60], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb8fe60], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 16 finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb659d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0f30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb659d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb659d0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86ab0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0f30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86ab0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86ab0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0f30

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86ab0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ecb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86ab0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ecb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86ab0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ecb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ecb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96490 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ecb0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96490

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86bf0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86bf0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96490 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb78bd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc7e10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb78bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc7e10 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb78bd0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf5d20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ecb0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf5d20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ecb0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf5d20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb887a0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b980

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb887a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b980 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb887a0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbca00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc2d860

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbca00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc2d860 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbca00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbbca00

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7f1d0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbbca00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7f1d0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbbca00 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9dcd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9dcd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8e280

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8e280 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94360

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4420 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d5b0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79fa0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79fa0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94360

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9dcd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9dcd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94360 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb8da0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb8da0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4420

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2bc0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2bc0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4420 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94c10

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79790

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94c10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79790 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94c10 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b2c0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91790

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b2c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91790 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b2c0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9e830

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf3df0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9e830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf3df0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9e830 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [Initgroups #249]: Request handler finished [0]:
Success
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #249]: Receiving request data.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_initgr_pp]
(0x0400): Ordering NSS responder to update memory cache
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #249]:
Finished. Success.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #249]: Returning [Success]: 0,0,Success
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0000:3:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com] from
reply table
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [Initgroups #249]: Request removed.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[(nil)], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb1e590
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
(0x0100): Got request with the following data
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): command: SSS_PAM_PREAUTH
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): domain: corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): user: et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): service: sshd
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): tty: ssh
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): ruser:
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): rhost: 146.213.128.135
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): authtok type: 0
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): priv: 1
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): cli_pid: 17946
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): logon name: not set
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [PAM Preauth #250]: New request. Flags [0000].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [
et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
immediately.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
(0x4000): No mapping for: et33015 at corp.corpcommon.com
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb43cd0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb43cd0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb10580

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb65ef0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb10580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb65ef0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb10580 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 389 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x0200): Found address for server
ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [17947]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [17947]
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [17947].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0100): child [17947] finished successfully.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[read_pipe_handler] (0x0400): EOF received, client finished
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[parse_krb5_child_response] (0x1000): child response [0][11][0].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[set_server_common_status] (0x0100): Marking server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 389 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
(0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
et33015 at corp.corpcommon.com].
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb35d20

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb654e0

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb35d20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb654e0 "ltdb_timeout"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb35d20 "ltdb_callback"

(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [check_wait_queue]
(0x1000): Wait queue for user [et33015 at corp.corpcommon.com] is empty.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
done.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [PAM Preauth #250]: Request handler finished [0]:
Success
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [PAM Preauth #250]: Receiving request data.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [PAM Preauth #250]: Request
removed.
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
(0x1000): DP Request [PAM Preauth #250]: Sending result [0][
corp.corpcommon.com]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb627b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d9d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb627b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d9d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb627b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb05e30

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb05e30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb05e30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb56720

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb13e60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb56720 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb56720 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fd60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ee80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fd60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f2d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ebd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ee80 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fd60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f2d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb960c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ee80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ebd0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f2d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f2d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ee80 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f2d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb960c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fca0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f2d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb960c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93310 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90bd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fca0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb960c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90bd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9d70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90bd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9d70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fca0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9d70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9d70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9d70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbad370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8960

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9d70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbad370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fca0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8960 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbad370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbad370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbbdb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbad370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8960

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbbdb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbad370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47850

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8960 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ebd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93310 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47850

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93310 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ebd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0020

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93310 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0020 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ebd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc16400

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc16400 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ebd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc47850

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc47850 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc15230

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc47850

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92f70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc15230 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc47850 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc15230 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47850

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb971d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ee80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb971d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47850 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb971d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a150

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a150 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1a150

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1a150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ee80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1a150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb971d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1a150

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1a150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc25080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1a150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb971d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc25080 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc25080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc27740

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb971d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc25080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc26ad0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc27740 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc25080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc27740

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc26ad0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc27740 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc26ad0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6bb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbacb40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc27740 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc26ad0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6bb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc26ad0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6bb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc27740

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6bb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc27740 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6bb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbac9f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc27740 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6bb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba79f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbac9f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6bb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1ecb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba79f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1ecb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba79f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbbbda0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbacb40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba79f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbbbda0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba79f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0cd90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb27a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc27670

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0cd90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb27a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc27670 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc27670 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0cd90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1ecb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d440

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1ecb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0cd90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbed290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d440 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1ecb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0cd90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbacb40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d440

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbed290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0cd90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbed290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d440 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbacb40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d440

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5e40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbed290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d440 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0cd90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbed290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5e40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d440 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0cd90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbed290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0cd90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [Initgroups #251]: New request. Flags [0000].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
view [Default Trust View] with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_print_server] (0x2000): Searching 10.150.144.113:389
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 17
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 17 timeout 6
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb58ac0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 17 finished
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_done] (0x4000): No override found with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb0ab10

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb64050

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb0ab10 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb64050 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb0ab10 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d5b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb13e60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d5b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb13e60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[check_if_pac_is_available] (0x4000): No PAC available.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 18
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 18 timeout 6
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb35830], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb35830], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 18 finished
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb67430

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb674f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb67430 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb674f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb67430 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_search_by_name] (0x0400): No such entry
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04e20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04ee0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04e20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04ee0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04e20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04170 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba5580

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba5640

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba5580 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba5640 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba5580 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb66230

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb76430

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb66230 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb76430 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb66230 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb76430

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb76430 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb76430 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb69440

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ed50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb69440 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ed50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ee80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ef40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ef40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ee80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb914d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb914d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb914d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb914d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fc90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb766c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fc90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fc90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04170 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb674b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb76ad0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb674b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb76ad0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb674b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93550

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ed50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93550 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ed50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ed50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba3a70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb674b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba3a70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb674b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba3a70 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9a9c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9a9c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb917e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90cb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb766c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90cb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90cb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb66ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba37e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb66ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba37e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb66ce0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb66ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb66ce0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92520

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba3e80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92520 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba3e80 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92520 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb93af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb735d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb735d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb93af0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb917e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93af0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92930

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb94ea0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92930 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb94ea0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92930 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb954c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94050

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94050 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95380 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94050 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9cba0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9c7a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9cba0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9c7a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9cba0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92de0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97f70

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92de0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97f70 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92de0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb917e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92de0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92de0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9cba0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9c7a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9cba0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9c7a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9cba0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb966c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73e90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb966c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73e90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb966c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb917e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73e90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73e90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb917e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb985a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb766c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb985a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb985a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9a3d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92930

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9a3d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92930 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9a3d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9a3d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb97760

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9a3d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb97760 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9a3d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96550

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96550 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96550 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9cfe0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9cfe0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9cfe0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9a7a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9a7a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7fb00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba29a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d260

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba29a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba29a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7fb00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91590

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91590 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8d260

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91590

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8d260 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91590 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8d260 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75ae0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba29a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75ae0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba29a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75ae0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97d50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7fb00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7fb00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97d50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7cb20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7cb20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba29a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba29a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91590

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d260

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91590 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91590 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97d50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7cb20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7cb20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7cb20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ef50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d260

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ef50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ef50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91590

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91590 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91590 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ef50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95530

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ef50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95530 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ef50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91aa0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7b0f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91aa0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7b0f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91aa0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb97d50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb97d50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7aa40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb766c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7aa40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7aa40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7b950

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb691b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7b950 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb691b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7b950 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8aaa0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8aaa0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8aaa0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb838f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8abd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8abd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8abd0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb837c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb837c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb837c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c000

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8aa20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8aa20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb838f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c000

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c000 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb838f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb838f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8aa20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8aa20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82240

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7db00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82240 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7db00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82240 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb837c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb837c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb837c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7c6d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75b90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7c6d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75b90 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7c6d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8aa20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8aa20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8aa20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91a20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8bdd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8bdd0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba18e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba18e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba18e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba18e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86810

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86410

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86810 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86410 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86810 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb85be0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb85be0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb85be0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe7950

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b9f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe7950 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b9f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe7950 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85be0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80dc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85be0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c080

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80dc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80dc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c080 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb85d20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88b50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb85d20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb85d20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb894e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb894e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb894e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb894e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb894e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb92290 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7acc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89b60 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7acc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b9f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb894e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b9f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb894e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b9f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85be0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a250

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a250 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89180 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a250 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb894e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb894e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb894e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93720

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93720 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80f00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92290

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92290 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80f00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb91a20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb99390

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb91a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb99390 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb91a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe7600

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe7600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89180 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe7600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe93a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe93a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ebf0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91ed0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91ed0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe7600

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbeb020

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe7600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbeb020 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe7600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80dc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8a250

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8a250 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee1a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80dc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8a250

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8a250 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80dc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81490

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbebec0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbebec0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe95b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe95b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89b60 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe95b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe93a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80dc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe93a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80dc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe93a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbee1a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88b50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e380 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e8b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e8b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdecc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88b50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe93a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe93a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe93a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdecc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbad7f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbad7f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7e8b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7e8b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbad7f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaaee0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbad7f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaaee0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbad7f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdecc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c1c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c1c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdecc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf13b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf13b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89b60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89b60 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e8b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe9050

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e8b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe9050 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e8b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6180 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf13b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdecc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf13b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdecc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf13b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdecc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdecc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89870

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbae6d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89870 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbae6d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89870 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6f90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88b50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6f90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6f90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf13b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba8960

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf13b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba8960 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf13b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba7100

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbac5c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba7100 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbac5c0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba7100 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaf780

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6af0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaf780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6af0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaf780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf1c40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbef490

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf1c40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbef490 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf1c40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac5c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf780

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac5c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac5c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6180

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf780

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6180 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaeee0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaf2f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaeee0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaf2f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaeee0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac000

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb0ce0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb0ce0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac000

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbae010

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbae010 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe8a20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8a460

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe8a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8a460 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe8a20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbedfc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb1580

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbedfc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb1580 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbedfc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbeff30

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbeff30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbeff30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a460

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaabc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a460 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaabc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a460 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc59a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86980

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc59a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86980 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc59a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbab550

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbab550 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbab550 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaa090

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb87330

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaa090 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb87330 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaa090 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbab600

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbab600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbab600 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac000

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac000 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a460

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaa090

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a460 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaa090 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a460 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82c20 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb10a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb10a0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf11e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc82c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe8a20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc82c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe8a20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc82c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc6660

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc6660 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc6660 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb10a0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf11e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb10a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb10a0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaf2f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaabc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaf2f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaabc0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaf2f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb878b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbeff30

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbeff30 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8c00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe5680

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8c00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe5680 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8c00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe6a90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe6a90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe6a90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc8a50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc8a50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbeff30

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc9760

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbeff30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc9760 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbeff30 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbeddb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7840

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbeddb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7840 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbeddb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc68c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7840

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc68c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7840 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc68c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb8a90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc8a50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb8a90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc8a50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb8a90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2170

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2170 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc5780

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe49d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc5780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe49d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc5780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe49d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba7840

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe49d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba7840 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe49d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc5780

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc6c40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc5780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc6c40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc5780 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc8a50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc8a50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc8a50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86980

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc2c50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86980 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc2c50 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86980 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdd6c0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4350

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdd6c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4350 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdd6c0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd5370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd5370 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc8a50

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90210

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc8a50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90210 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc8a50 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbccbc0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd5370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbccbc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd5370 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbccbc0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdd480

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdd480 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdd480 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe49d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe49d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe49d0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdc380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdd480

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdc380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdd480 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdc380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdd480

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdd480 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc4b40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd5370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc42d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce310 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce310 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd5370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc42d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce310

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce010

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce310 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce010 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce310 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdc380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb80b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdc380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdc380 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc3b00

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc42d0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc3b00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc3b00 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd5370

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc4b40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd5370 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe0c80

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdc380

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe0c80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdc380 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe0c80 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 19
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 19 timeout 6
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 19 finished
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81970

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89960

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81970 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89960 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81970 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb94150

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c100

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb94150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c100 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb94150 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c100

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb96800

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c100 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb96800 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c100 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96800

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb94150

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96800 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb94150 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96800 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb73940

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81970

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb73940 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81970 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb73940 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81970

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89960

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81970 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89960 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81970 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcb0e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbecdd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcb0e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbecdd0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcb0e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbdbdb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbecdd0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbdbdb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbecdd0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbdbdb0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbac7e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdd110

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbac7e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdd110 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbac7e0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba4c90

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93bb0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba4c90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93bb0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba4c90 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b280

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92ff0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b280 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92ff0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b280 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb971b0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb971b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb971b0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74490

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9c660

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9c660 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88340 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb80e40

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb80e40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb80e40 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74490

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb74490

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9c660

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9c660 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb74490 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb58ac0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88340

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88340 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb58ac0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcb260

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98c20

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcb260 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98c20 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcb260 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe4ef0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbdee60

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe4ef0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbdee60 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe4ef0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81030

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb898e0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81030 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb898e0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81030 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [Initgroups #251]: Request handler finished [0]:
Success
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #251]: Receiving request data.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_req_initgr_pp]
(0x0400): Ordering NSS responder to update memory cache
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #251]:
Finished. Success.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #251]: Returning [Success]: 0,0,Success
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0000:3:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com] from
reply table
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [Initgroups #251]: Request removed.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[(nil)], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb1e590
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
(0x0100): Got request with the following data
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): command: SSS_PAM_AUTHENTICATE
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): domain: corp.corpcommon.com
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): user: et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): service: sshd
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): tty: ssh
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): ruser:
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): rhost: 146.213.128.135
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): authtok type: 1
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): priv: 1
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): cli_pid: 17946
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): logon name: not set
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [PAM Authenticate #252]: New request. Flags [0000].
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [
et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
immediately.
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
(0x4000): No mapping for: et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb10580

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb628f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb10580 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb628f0 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb10580 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb10580

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb10580 "ltdb_timeout"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 389 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x0200): Found address for server
ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://ilt-gif-ipa01.ipa.preprod.local'
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_7VqPy8]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_7VqPy8]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [17964]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [17964]
(Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[krb5_child_timeout] (0x0040): Timeout for child [17964] reached. In case
KDC is distant or network is slow you may consider increasing value of
krb5_auth_timeout.
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [krb5_auth_done]
(0x0020): child timed out!
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 827
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 389 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 389 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'neutral'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x0200): Found address for server
ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://ilt-gif-ipa01.ipa.preprod.local'
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_9ywqhA]
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_9ywqhA]
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [17998]
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [17998]
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [17998].
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0020): waitpid did not found a child with changed
status.
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [17964].
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0020): child [17964] was terminated by signal [9].
(Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[krb5_child_timeout] (0x0040): Timeout for child [17998] reached. In case
KDC is distant or network is slow you may consider increasing value of
krb5_auth_timeout.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_auth_done]
(0x0020): child timed out!
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 827
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 0 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 0 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 389 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_done] (0x1000): Server resolution failed: [5]:
Input/output error
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[be_mark_dom_offline] (0x1000): Marking subdomain corp.corpcommon.com
offline
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[be_mark_subdom_offline] (0x1000): Marking subdomain corp.corpcommon.com as
inactive
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [18002]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [18002]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [18002].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0020): waitpid did not found a child with changed
status.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [17998].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0020): child [17998] was terminated by signal [9].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[read_pipe_handler] (0x0400): EOF received, client finished
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[parse_krb5_child_response] (0x1000): child response [0][3][41].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 0 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[set_server_common_status] (0x0100): Marking server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 0 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
(0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
et33015 at corp.corpcommon.com].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb64e90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb64f50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb64e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb64f50 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb64e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb63590

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb65b00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb63590 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb65b00 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb63590 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb675f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb33930

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb675f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb33930 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb675f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb675f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d820

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb675f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d820 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb675f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sysdb_cache_auth]
(0x4000): Offline credentials expiration is [0] days.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[check_failed_login_attempts] (0x4000): Failed login attempts [0], allowed
failed login attempts [0], failed login delay [5].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sysdb_cache_auth]
(0x0100): Cached credentials not available.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_cache_creds] (0x0020): Offline authentication failed
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [check_wait_queue]
(0x1000): Wait queue for user [et33015 at corp.corpcommon.com] is empty.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
done.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [PAM Authenticate #252]: Request handler finished [0]:
Success
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [PAM Authenticate #252]: Receiving request data.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [PAM Authenticate #252]: Request
removed.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
(0x1000): DP Request [PAM Authenticate #252]: Sending result [6][
corp.corpcommon.com]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [18002].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0100): child [18002] finished successfully.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.getAccountInfo on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_get_account_info_handler] (0x0200): Got request for
[0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb43fc0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb34040

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb43fc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb34040 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb43fc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb1a170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb483f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb1a170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb483f0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb1a170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb1a170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ed40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ee00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb1a170 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ed40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8fda0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ef30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ee00 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ed40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8fda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ef30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8fda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96100

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ef30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ec80 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb95f40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ef30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96100

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb95f40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95f40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb93350

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95f40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb96100

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92fb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb93350 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95f40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb96100 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90c10 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92fb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90c10 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb95f40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb95f40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb92fb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb95f40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbad320

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbad320 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbad320 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba9db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba9db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbaff50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbaff50 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaff50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbba2e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaff50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaff50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbba2e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8fce0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbaff50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbaff50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba8bf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbba2e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbaff50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba8bf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbab7d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbab7d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbab7d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ef30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ef30 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ef30 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbab7d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbab7d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbab7d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ef30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1a070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ef30 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98db0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ef30 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1a070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdd03ac0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98db0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1a070 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ec80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdd03ac0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1a070 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdd03ac0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb7a70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ec80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdd03ac0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc270d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb7a70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdd03ac0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb7a70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98340

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc270d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc270d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6d20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98340 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc270d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb98340

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1eb90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6d20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc270d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb98340 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6d20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1eb90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb98340 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb7a70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1eb90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6d20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba6d20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb98280

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1eb90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba6d20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0c2f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb98280 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba6d20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb7a70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0c2f0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc25730

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc258b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb7a70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc25730 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc47660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc258b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc25730 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc258b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc47660 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc258b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc47660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0da30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d170 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc258b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc47660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc236d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc24870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc47660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc236d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbb2660

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba2780

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc24870 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc236d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc24870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb9d900

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba2780 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbb2660 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc24870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2780

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbed760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb9d900 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc24870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb9d900

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba64c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbed760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb9d900 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbed760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6080

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba64c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb9d900 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbed760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba64c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc219d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6080 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbed760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba64c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdba2780

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdba6090

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc219d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba64c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdba2780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc219d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbeef00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdba6090 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdba2780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc219d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbeef00 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc219d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [Initgroups #253]: New request. Flags [0000].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
view [Default Trust View] with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_print_server] (0x2000): Searching 10.150.144.113:389
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
[(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 20
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 20 timeout 6
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb37410], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
errmsg set
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 20 finished
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_get_ad_override_done] (0x4000): No override found with filter
[(&(objectClass=ipaUserOverride)(uid=et33015))].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb43cd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb43cd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb57490

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb57490 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb43cd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb628f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb43cd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb628f0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb43cd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[check_if_pac_is_available] (0x4000): No PAC available.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_connect_step] (0x4000): reusing cached connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 21
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 21 timeout 6
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 21 finished
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb685d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68690

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb685d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68690 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb685d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_search_by_name] (0x0400): No such entry
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8d600

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68510

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8d600 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68510 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8d600 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65af0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04170 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8d540

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8d600

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8d540 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8d600 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8d540 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7e870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7e870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7e870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65af0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb483f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb64060

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb483f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb64060 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb483f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04170 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7eda0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ee60

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ee60 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb04170 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb820a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7f030

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb820a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7f030 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb820a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65af0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84eb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83130

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84eb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83130 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84eb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb85c60

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb85c60 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb85c60 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7eac0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82a30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7eac0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82a30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7eac0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb04170

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb37410 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb04170 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85440

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85440 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75bb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb802a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75bb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb802a0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75bb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb37410

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb37410 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65af0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb874d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85250

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb874d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85250 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb874d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb65af0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb65af0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79360

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79360 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb67150

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84450

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb67150 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84450 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb67150 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8cc80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8cc80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8cc80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb85000

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb85000 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb84450

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82a30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb84450 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82a30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb84450 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7d370

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7d370 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79360

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79360 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79360 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7a500

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb874d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7a500 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb874d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7a500 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88a80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75bb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88a80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75bb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88a80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75bb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88a80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75bb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88a80 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75bb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a750

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86190

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a750 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86190 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a750 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf1810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb748e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf1810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb748e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf1810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf1810

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79ba0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf1810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79ba0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf1810 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7bf00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88f50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7bf00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88f50 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7bf00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb88f50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf1c70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb88f50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf1c70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb88f50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf90b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb88f50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf90b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb88f50 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf90b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81b20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb73c50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81b20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb73c50 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81b20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7c310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79880

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7c310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79880 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7c310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b7b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb79880

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb79880 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86190

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf2b30

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86190 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf2b30 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86190 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf7720

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf7720 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7dbf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8adf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7dbf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8adf0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7dbf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf90b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf90b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf61a0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf90b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7baf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7baf0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf7e00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbefe20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf7e00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbefe20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf7e00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf41a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf41a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf61a0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf41a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8b7b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8b7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8b7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf61a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7baf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7baf0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf61a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7baf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf4070

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7baf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf4070 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7baf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf9cf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb748d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf9cf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf9cf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7baf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf4fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7baf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf4fd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7baf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf4fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf7600

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf4fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf7600 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf4fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf57f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c770

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf57f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c770 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf57f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc03520

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc03520 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc03520 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc03520

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf9e00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc03520 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf9e00 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc03520 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf92d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf46e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf92d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf46e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf92d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7c310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb84c10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb84c10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf46e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf92d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf46e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf92d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf46e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf7b60

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8cdb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf7b60 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8cdb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf7b60 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8cdb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc04b00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8cdb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc04b00 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8cdb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf7ca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf16c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf7ca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf16c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf7ca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc04b00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf6560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc04b00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf6560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc04b00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf6560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf7ca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf6560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf7ca0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf6560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8adf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb748d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8adf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8adf0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc03930

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf16c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc03930 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf16c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc03930 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc048c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc03930

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc048c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc03930 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc048c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf57f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb81b20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf57f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb81b20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf57f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf9fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8b7b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf9fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8b7b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf9fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf9fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbffd90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf9fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbffd90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf9fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8adf0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8adf0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfa080

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7c310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfa080 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfa080 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7c310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfa080

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7c310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfa080 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7c310 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfa630

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfe210

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfa630 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfe210 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfa630 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfd8f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc00b90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfd8f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc00b90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfd8f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfd8f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfd8f0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf9e00

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf9e00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf9e00 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc009d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7c310

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc009d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc009d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86e40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfb780

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86e40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfb780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfb780 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86e40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86e40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb86e40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfe7b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfe7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfe7b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83d40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83d40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83d40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02b70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc00b90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02b70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc00b90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02b70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02440

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02440 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02dc0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02dc0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a2a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb75420

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb75420 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01be0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02dc0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02dc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89990 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02dc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75420

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75420 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75420 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02dc0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02dc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02dc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7d5f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02440

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7d5f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02440 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7d5f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02440

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01be0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02440 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02440 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbee320

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbee320 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc06020

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc02b70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc06020 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc02b70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc06020 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02b70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc09300

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02b70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc09300 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02b70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a2a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7dfe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc02440

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc02440 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc02440 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a2a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc09300

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc09300 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89990 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc09300 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbed010

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbed010 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbed010 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfea70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc08550 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfea70 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc07960 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc07960 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0dfd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc07960 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc08550 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc07960 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0dfd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0dfd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89990 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0dfd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb89990

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc09300

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc09300 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb89990 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1e5c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0dfd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1e5c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1e5c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc20760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc09300

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc20760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc09300 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc20760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc20760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc20760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc20760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc20760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1e5c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0dfd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1e5c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1e5c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf39e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbefc40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf39e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbefc40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf39e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc20760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc20760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc20760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0a740

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc08550 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0a740 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbec240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbec240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01530 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbec240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1ced0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc20760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1ced0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc20760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1ced0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc037d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc037d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc08550 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe4a40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0d500

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe4a40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0d500 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe4a40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe4c20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1e020

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe4c20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1e020 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe4c20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe4c20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc08550

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe4c20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc08550 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe4c20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbee160

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfd9b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbee160 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfd9b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbee160 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb79e90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb79e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01530 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb79e90 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbec240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01530 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbec240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01530 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0b000

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbfd9b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0b000 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbfd9b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0b000 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcb650

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbca760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcb650 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbca760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcb650 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbca760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8f000

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbca760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8f000 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbca760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8c770

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc06610

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8c770 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc06610 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8c770 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbca760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbc8e20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbca760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbc8e20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbca760 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0dfd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbca760

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0dfd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbca760 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0dfd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc21400

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe3df0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc21400 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe3df0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc21400 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8bd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc01530 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc01530 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87640

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb7ffb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87640 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb7ffb0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87640 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe4a40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1d6e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe4a40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1d6e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe4a40 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ffb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ffb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01530 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ffb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbf8bd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbec240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbf8bd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbec240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbf8bd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfd9b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc20350

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfd9b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc20350 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfd9b0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87640

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc01530

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87640 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc01530 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87640 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7ffb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8bd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7ffb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7ffb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc06610

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcbca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc06610 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcbca0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc06610 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbc8fc0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbf8bd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbc8fc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbc8fc0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8a4e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb91920

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8a4e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb91920 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8a4e0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0e540

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe4a40

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0e540 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe4a40 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0e540 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcaca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcaca0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcaca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0f8b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcaca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcaca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8f9a0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc170b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8f9a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc170b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8f9a0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcaca0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcaca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcaca0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb90870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb90870 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0f8b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc15fd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc175c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc175c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc15fd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc175c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc175c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb90870

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe26d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe26d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb90870 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbe26d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbe26d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc044f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0f8b0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc044f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc044f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc21570

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc21570 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd0160

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd0160 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd0160 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc19220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc19220 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc19970

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc19970 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc19970 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82620

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82620 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82620 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc19220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc19220 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc19220 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7eda0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc19220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc19220 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc1e330

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd1240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc1e330 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd1240 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc1e330 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb82620

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb82620 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbce560 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb82620 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd04c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82620

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd04c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82620 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd04c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc09cb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82620

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc09cb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82620 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc09cb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd04c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc19220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd04c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc19220 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd04c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd1240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb82620

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd1240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb82620 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd1240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb7eda0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd04c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd04c0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb7eda0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd1240

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd0d70

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd1240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd0d70 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd1240 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc19220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc19220 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb81890

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd3850

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb81890 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd3850 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb81890 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbce560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1b950

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1b950 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbce560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x0400): Executing extended operation
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 22
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
(0x2000): New operation 22 timeout 6
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb8f2f0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[0x7f59bdb8f2f0], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
(null).
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_op_destructor] (0x2000): Operation 22 finished
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [add_v1_user_data]
(0x4000): BER tag is [48]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Found new sequence.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [objectSIDString].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [userPrincipalName].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [adUserAccountControl].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [mail].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalDN].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
(0x4000): Extra attribute [originalMemberOf].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcb590

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcabe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcb590 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcb590 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe3c50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcabe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe3c50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe3c50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83ed0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcabe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83ed0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83ed0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbe3c50

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb68e20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbe3c50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb68e20 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbe3c50 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb68e20

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb83ed0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb68e20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb83ed0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb68e20 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbcabe0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1d040

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbcabe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1d040 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbcabe0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc04560

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc1d040

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc04560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc1d040 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc04560 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb83ed0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbcb590

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb83ed0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbcb590 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb83ed0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbd0220

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbd02e0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbd0220 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbd02e0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbd0220 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb8ece0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc027d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb8ece0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc027d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb8ece0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc0fcb0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8c890

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc0fcb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8c890 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc0fcb0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x4000): Found original AD upn [
Subaranchan.Thanagopal at EVRY.COM].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com] is
not from domain [corp.corpcommon.com].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfd110

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb75420

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb8ea60

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb75420 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb8ea60 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb75420 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfd110

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc07960

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc07960 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdbfd110

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89010

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89010 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdbfd110 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89010

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89010 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86d80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89010

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86d80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89010 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86d80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb628f0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdbffcd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdbffcd0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb628f0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb86d80

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb89010

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb86d80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb89010 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb86d80 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x4000): Added [et33015 at corp.corpcommon.com][name=
et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
(0x0400): Root domain uses fully-qualified names, objects might not be
correctly added to groups with short names.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_s2n_save_objects] (0x2000): Updating memberships for
et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 2)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdc05250

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc095d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdc05250 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
corp.corpcommon.com,cn=sysdb)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc095d0 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdc05250 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
cancel ldb transaction (nesting: 2)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
object](32)[ldb_wait: No such object (32)]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sysdb_update_members_ex] (0x0020): Could not add member [
et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 1)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb850c0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdb99610

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb850c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdb99610 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb850c0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bdb87360

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bdc0a800

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bdb87360 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bdc0a800 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bdb87360 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
(0x4000): releasing operation connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_id_op_destroy] (0x4000): releasing operation connection
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [Initgroups #253]: Request handler finished [0]:
Success
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [Initgroups #253]: Receiving request data.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_initgr_pp]
(0x0400): Ordering NSS responder to update memory cache
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_reply_list_success] (0x0400): DP Request [Initgroups #253]:
Finished. Success.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_reply_std]
(0x1000): DP Request [Initgroups #253]: Returning [Success]: 0,0,Success
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_table_value_destructor] (0x0400): Removing
[0:1:0000:3:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com] from
reply table
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [Initgroups #253]: Request removed.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
ops[(nil)], ldap[0x7f59bcb0f6e0]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sdap_process_result] (0x2000): Trace: end of ldap_result list
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb1e590
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): dbus conn: 0x7f59bcb22f10
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
(0x4000): Dispatching.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sbus_message_handler] (0x2000): Received SBUS method
org.freedesktop.sssd.dataprovider.pamHandler on path
/org/freedesktop/sssd/dataprovider
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
(0x0100): Got request with the following data
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): command: SSS_PAM_PREAUTH
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): domain: corp.corpcommon.com
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): user: et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): service: sshd
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): tty: ssh
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): ruser:
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): rhost: 146.213.128.135
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): authtok type: 0
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): newauthtok type: 0
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): priv: 1
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): cli_pid: 18003
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
(0x0100): logon name: not set
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): DP Request [PAM Preauth #254]: New request. Flags [0000].
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
(0x0400): Number of active DP request: 1
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_send] (0x1000): Wait queue of user [
et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
immediately.
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
(0x4000): No mapping for: et33015 at corp.corpcommon.com
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb0d9d0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0da90

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb0d9d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0da90 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb0d9d0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb43cd0

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb5dd10

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb43cd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb5dd10 "ltdb_timeout"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb43cd0 "ltdb_callback"

(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
(0x1000): Port status of port 0 for server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
seconds
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[get_server_status] (0x1000): Status of server
'ilt-gif-ipa01.ipa.preprod.local' is 'working'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x1000): Saving the first resolved server
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[be_resolve_server_process] (0x0200): Found address for server
ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[ipa_resolve_callback] (0x0400): Constructed uri
'ldap://ilt-gif-ipa01.ipa.preprod.local'
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[unique_filename_destructor] (0x2000): Unlinking
[/var/lib/sss/pubconf/.krb5info_dummy_HX50Jj]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
(0x2000): File already removed:
[/var/lib/sss/pubconf/.krb5info_dummy_HX50Jj]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_resolve_done] (0x2000): Subdomain corp.corpcommon.com is
inactive, will proceed offline
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Setting up signal handler up for pid [18004]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[child_handler_setup] (0x2000): Signal handler set up for pid [18004]
(Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[read_pipe_handler] (0x0400): EOF received, client finished
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0100): Marking port 0 of server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[set_server_common_status] (0x0100): Marking server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[fo_set_port_status] (0x0400): Marking port 0 of duplicate server
'ilt-gif-ipa01.ipa.preprod.local' as 'working'
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
(0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
et33015 at corp.corpcommon.com].
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
start ldb transaction (nesting: 0)
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_callback": 0x7f59bcb5d300

(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Added timed event "ltdb_timeout": 0x7f59bcb0d9d0

(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Running timer event 0x7f59bcb5d300 "ltdb_callback"

(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Destroying timer event 0x7f59bcb0d9d0 "ltdb_timeout"

(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
Ending timer event 0x7f59bcb5d300 "ltdb_callback"

(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
commit ldb transaction (nesting: 0)
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_cache_creds] (0x0080): Delayed authentication is only available
for password authentication (single factor).
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [check_wait_queue]
(0x1000): Wait queue for user [et33015 at corp.corpcommon.com] is empty.
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
done.
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
(0x0400): DP Request [PAM Preauth #254]: Request handler finished [0]:
Success
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
(0x0400): DP Request [PAM Preauth #254]: Receiving request data.
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): DP Request [PAM Preauth #254]: Request
removed.
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[dp_req_destructor] (0x0400): Number of active DP request: 0
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
(0x1000): DP Request [PAM Preauth #254]: Sending result [4][
corp.corpcommon.com]
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x1000): Waiting for child [18004].
(Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
[child_sig_handler] (0x0100): child [18004] finished successfully.




=============================
krb5_child.log
=======================================

(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
[sss_child_krb5_trace_cb] (0x4000): [17411] 1483974230.148904: Getting
initial credentials for Subaranchan.Thanagopal at DOMAIN.COM

(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
[sss_child_krb5_trace_cb] (0x4000): [17411] 1483974230.148944: Sending
request (176 bytes) to DOMAIN.COM (master)

(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328230} during
pre-auth.
(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [k5c_send_data]
(0x0200): Received error code 0
(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [k5c_send_data]
(0x4000): Response sent.
(Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [main] (0x0400):
krb5_child completed successfully
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
krb5_child started.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [unpack_buffer]
(0x1000): total buffer size: [63]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [true] offline [false] UPN [
Subaranchan.Thanagopal at DOMAIN.COM]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL).
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [check_fast_ccache]
(0x0200): FAST TGT is still valid.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
Will perform pre-auth
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.236347: Getting
initial credentials for Subaranchan.Thanagopal\@DOMAIN.COM at IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238353: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238416: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238554: Sending
request (203 bytes) to IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238722: Initiating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.239048: Sending TCP
request to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240026: Received
answer (208 bytes) from stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240054: Terminating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240108: Response was
from master KDC

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240139: Received
error from KDC: -1765328316/Realm not local to KDC

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240164: Following
referral to realm CORP.CORPCOMMON.COM

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240188: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240240: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
\@CORP.CORPCOMMON.COM at X-CACHECONF: from
MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240287: Sending
request (207 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.249619: Resolving
hostname ccddc021.corp.corpcommon.com.

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.253095: Sending
initial UDP request to dgram x.x.x..51:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.257846: Received
answer (223 bytes) from dgram x.x.x..51:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258165: Response was
not from master KDC

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258204: Received
error from KDC: -1765328359/Additional pre-authentication required

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258245: Processing
preauth types: 16, 15, 19, 2

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258275: Selected
etype info: etype aes256-cts, salt
"CORP.CORPCOMMON.COMSubaranchan.Thanagopal", params ""

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258309: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_responder]
(0x4000): Got question [password].
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258360: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258392: Preauth
module pkinit (16) (real) returned: 22/Invalid argument

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258415: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258446: Preauth
module pkinit (14) (real) returned: 22/Invalid argument

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
(0x4000): sss_krb5_prompter name [(null)] banner [(null)] num_prompts [1]
EINVAL.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
(0x0020): Cannot handle password prompts.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
(0x4000): Prompt [0][Password for Subaranchan.Thanagopal\@
DOMAIN.COM at CORP.CORPCOMMON.COM].
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258502: Preauth
module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read
password

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258534: Retrying AS
request with master KDC

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258553: Getting
initial credentials for Subaranchan.Thanagopal\@DOMAIN.COM at IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258583: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258618: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258655: Sending
request (203 bytes) to IPA.PREPROD.LOCAL (master)

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258698: Initiating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258961: Sending TCP
request to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259889: Received
answer (208 bytes) from stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259916: Terminating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259959: Received
error from KDC: -1765328316/Realm not local to KDC

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259982: Following
referral to realm CORP.CORPCOMMON.COM

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259998: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.260028: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
\@CORP.CORPCOMMON.COM at X-CACHECONF: from
MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.260065: Sending
request (207 bytes) to CORP.CORPCOMMON.COM (master)

(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [22} during pre-auth.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_send_data]
(0x0200): Received error code 0
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
[pack_response_packet] (0x2000): response packet size: [12]
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_send_data]
(0x4000): Response sent.
(Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
krb5_child completed successfully
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x0400):
krb5_child started.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
(0x1000): total buffer size: [168]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [true] offline [false] UPN [
Subaranchan.Thanagopal at DOMAIN.COM]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
[KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [switch_creds]
(0x0200): Switch user to [1007629326][1007629326].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1007629326] and is not active and TGT is  valid.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL).
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [check_fast_ccache]
(0x0200): FAST TGT is still valid.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x0400):
Will perform online auth
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.739334: Getting
initial credentials for Subaranchan.Thanagopal\@DOMAIN.COM at IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741310: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741370: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741441: Sending
request (203 bytes) to IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741611: Initiating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741971: Sending TCP
request to stream x.x.x.113:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743259: Received
answer (208 bytes) from stream x.x.x.113:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743288: Terminating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743352: Response was
from master KDC

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743387: Received
error from KDC: -1765328316/Realm not local to KDC

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743413: Following
referral to realm CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743438: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743476: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
\@CORP.CORPCOMMON.COM at X-CACHECONF: from
MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743541: Sending
request (207 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.746015: Resolving
hostname ccddc002.corp.corpcommon.com.

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.746901: Sending
initial UDP request to dgram x.x.x.x:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.752933: Received
answer (223 bytes) from dgram x.x.x.x:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753411: Response was
not from master KDC

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753452: Received
error from KDC: -1765328359/Additional pre-authentication required

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753496: Processing
preauth types: 16, 15, 19, 2

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753527: Selected
etype info: etype aes256-cts, salt
"CORP.CORPCOMMON.COMSubaranchan.Thanagopal", params ""

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753562: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [sss_krb5_responder]
(0x4000): Got question [password].
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753613: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753647: Preauth
module pkinit (16) (real) returned: 22/Invalid argument

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753670: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753688: Preauth
module pkinit (14) (real) returned: 22/Invalid argument

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764129: AS key
obtained for encrypted timestamp: aes256-cts/C793

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764220: Encrypted
timestamp (for 1483974601.226309): plain
301AA011180F32303137303130393135313030315AA1050203037405, encrypted
EC892550B0E9B08F587BE6FD8042444C3C1ECD807E1E432C0A37E65E091281D5A8A33DEB4317C1E86D493D88622D26D259B1A2E7A05C4E02

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764252: Preauth
module encrypted_timestamp (2) (real) returned: 0/Success

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764270: Produced
preauth for next request: 2

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764301: Sending
request (287 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.767168: Resolving
hostname ccddc001.corp.corpcommon.com.

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.767730: Sending
initial UDP request to dgram x.x.x..4:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.774793: Received
answer (110 bytes) from dgram x.x.x..4:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775399: Response was
not from master KDC

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775451: Received
error from KDC: -1765328332/Response too big for UDP, retry with TCP

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775490: Request or
response is too big for UDP; retrying with TCP

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775520: Sending
request (287 bytes) to CORP.CORPCOMMON.COM (tcp only)

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.776943: Resolving
hostname ccddc021.corp.corpcommon.com.

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.777561: Initiating
TCP connection to stream x.x.x..51:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.780937: Sending TCP
request to stream x.x.x..51:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.784705: Received
answer (5088 bytes) from stream x.x.x..51:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.784771: Terminating
TCP connection to stream x.x.x..51:88

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785343: Response was
not from master KDC

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785419: Processing
preauth types: 19

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785460: Selected
etype info: etype aes256-cts, salt
"CORP.CORPCOMMON.COMSubaranchan.Thanagopal", params ""

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785509: Produced
preauth for next request: (empty)

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785545: AS key
determined by preauth: aes256-cts/C793

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785649: Decrypted AS
reply; session key is: aes256-cts/50CB

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785709: FAST
negotiation: unavailable

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_krb5_expire_callback_func] (0x2000): exp_time: [11294803]
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [validate_tgt]
(0x2000): Keytab entry with the realm of the credential not found in
keytab. Using the last entry.
(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785909: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from
MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785942: Resolving
unique ccache of type MEMORY

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785984: Initializing
MEMORY:tcSx3v4 with default princ ET33015 at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786023: Storing
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM in MEMORY:tcSx3v4

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786078: Getting
credentials ET33015 at CORP.CORPCOMMON.COM ->
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL using ccache
MEMORY:tcSx3v4

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786148: Retrieving
ET33015 at CORP.CORPCOMMON.COM ->
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from MEMORY:tcSx3v4
with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786204: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
from MEMORY:tcSx3v4 with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786252: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM from MEMORY:tcSx3v4 with result:
0/Success

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786284: Starting
with TGT for client realm: ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786344: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
from MEMORY:tcSx3v4 with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786382: Requesting
TGT krbtgt/IPA.PREPROD.LOCAL at CORP.CORPCOMMON.COM using TGT krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786438: Generated
subkey for TGS request: aes256-cts/1352

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786514: etypes
requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac,
camellia128-cts, camellia256-cts

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786639: Encoding
request body and padata into FAST request

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786867: Sending
request (5211 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.789174: Resolving
hostname ccddc024.corp.corpcommon.com.

(Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.789789: Sending
initial UDP request to dgram .16:88

(Mon Jan  9 16:10:02 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974602.790950: Resolving
hostname ccddc002.corp.corpcommon.com.

(Mon Jan  9 16:10:02 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974602.791675: Sending
initial UDP request to dgram x.x.x.x:88

(Mon Jan  9 16:10:03 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974603.792859: Resolving
hostname ccddc201.corp.corpcommon.com.

(Mon Jan  9 16:10:03 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974603.796613: Sending
initial UDP request to dgram x.x.x..11:88

(Mon Jan  9 16:10:04 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974604.797765: Resolving
hostname ccddc022.corp.corpcommon.com.

(Mon Jan  9 16:10:04 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974604.798471: Sending
initial UDP request to dgram x.x.x..17:88

(Mon Jan  9 16:10:05 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974605.799595: Resolving
hostname ccddc003.corp.corpcommon.com.

(Mon Jan  9 16:10:05 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974605.803449: Sending
initial UDP request to dgram x.x.x..31:88

(Mon Jan  9 16:10:06 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974606.804602: Resolving
hostname ccddc021.corp.corpcommon.com.

(Mon Jan  9 16:10:06 2017) [[sssd[krb5_child[17964]]]]
[sss_child_krb5_trace_cb] (0x4000): [17964] 1483974606.805442: Sending
initial UDP request to dgram x.x.x..51:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x0400):
krb5_child started.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
(0x1000): total buffer size: [168]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [true] offline [false] UPN [
Subaranchan.Thanagopal at DOMAIN.COM]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
[KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [switch_creds]
(0x0200): Switch user to [1007629326][1007629326].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1007629326] and is not active and TGT is  valid.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [k5c_setup_fast]
(0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
[host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[find_principal_in_keytab] (0x4000): Trying to find principal
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [match_principal]
(0x1000): Principal matched to the sample
(host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL).
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [check_fast_ccache]
(0x0200): FAST TGT is still valid.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x0400):
Will perform online auth
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.742321: Getting
initial credentials for Subaranchan.Thanagopal\@DOMAIN.COM at IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744290: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744358: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF:
from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744423: Sending
request (203 bytes) to IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744581: Initiating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744974: Sending TCP
request to stream x.x.x.113:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746081: Received
answer (208 bytes) from stream x.x.x.113:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746123: Terminating
TCP connection to stream x.x.x.113:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746205: Response was
from master KDC

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746239: Received
error from KDC: -1765328316/Realm not local to KDC

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746264: Following
referral to realm CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746289: FAST armor
ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746346: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
\@CORP.CORPCOMMON.COM at X-CACHECONF: from
MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL with result:
-1765328243/Matching credential not found

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746390: Sending
request (207 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.748462: Resolving
hostname ccddc200.corp.corpcommon.com.

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.753090: Sending
initial UDP request to dgram x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771016: Received
answer (223 bytes) from dgram x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771533: Response was
not from master KDC

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771577: Received
error from KDC: -1765328359/Additional pre-authentication required

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771619: Processing
preauth types: 16, 15, 19, 2

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771651: Selected
etype info: etype aes256-cts, salt
"CORP.CORPCOMMON.COMSubaranchan.Thanagopal", params ""

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771689: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [sss_krb5_responder]
(0x4000): Got question [password].
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771762: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771789: Preauth
module pkinit (16) (real) returned: 22/Invalid argument

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771811: PKINIT
client has no configured identity; giving up

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771829: Preauth
module pkinit (14) (real) returned: 22/Invalid argument

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782205: AS key
obtained for encrypted timestamp: aes256-cts/C793

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782285: Encrypted
timestamp (for 1483974607.237644): plain
301AA011180F32303137303130393135313030375AA105020303A04C, encrypted
A009BC11A6AF843F60332B924D6E0D8DAB36974EC2D4394FAD2C33003FA3D2539D810752138398333354AED295BD23DA5DA4E68B37596D9A

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782316: Preauth
module encrypted_timestamp (2) (real) returned: 0/Success

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782334: Produced
preauth for next request: 2

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782359: Sending
request (287 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.784728: Resolving
hostname ccddc022.corp.corpcommon.com.

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.785209: Sending
initial UDP request to dgram x.x.x..17:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790102: Received
answer (110 bytes) from dgram x.x.x..17:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790458: Response was
not from master KDC

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790497: Received
error from KDC: -1765328332/Response too big for UDP, retry with TCP

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790529: Request or
response is too big for UDP; retrying with TCP

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790544: Sending
request (287 bytes) to CORP.CORPCOMMON.COM (tcp only)

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.791641: Resolving
hostname ccddc200.corp.corpcommon.com.

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.792082: Initiating
TCP connection to stream x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.805537: Sending TCP
request to stream x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821342: Received
answer (5088 bytes) from stream x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821398: Terminating
TCP connection to stream x.x.x..10:88

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821943: Response was
not from master KDC

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821997: Processing
preauth types: 19

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822024: Selected
etype info: etype aes256-cts, salt
"CORP.CORPCOMMON.COMSubaranchan.Thanagopal", params ""

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822045: Produced
preauth for next request: (empty)

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822066: AS key
determined by preauth: aes256-cts/C793

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822135: Decrypted AS
reply; session key is: aes256-cts/E6E5

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822173: FAST
negotiation: unavailable

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_krb5_expire_callback_func] (0x2000): exp_time: [11294797]
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [validate_tgt]
(0x2000): Keytab entry with the realm of the credential not found in
keytab. Using the last entry.
(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822299: Retrieving
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from
MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822319: Resolving
unique ccache of type MEMORY

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822343: Initializing
MEMORY:WYBu1at with default princ ET33015 at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822364: Storing
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM in MEMORY:WYBu1at

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822390: Getting
credentials ET33015 at CORP.CORPCOMMON.COM ->
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL using ccache
MEMORY:WYBu1at

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822431: Retrieving
ET33015 at CORP.CORPCOMMON.COM ->
host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from MEMORY:WYBu1at
with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822476: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
from MEMORY:WYBu1at with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822508: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM from MEMORY:WYBu1at with result:
0/Success

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822529: Starting
with TGT for client realm: ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822569: Retrieving
ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
from MEMORY:WYBu1at with result: -1765328243/Matching credential not found

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822592: Requesting
TGT krbtgt/IPA.PREPROD.LOCAL at CORP.CORPCOMMON.COM using TGT krbtgt/
CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822622: Generated
subkey for TGS request: aes256-cts/6802

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822670: etypes
requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac,
camellia128-cts, camellia256-cts

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822762: Encoding
request body and padata into FAST request

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822862: Sending
request (5211 bytes) to CORP.CORPCOMMON.COM

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.824965: Resolving
hostname ccddc001.corp.corpcommon.com.

(Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.825451: Sending
initial UDP request to dgram x.x.x..4:88

(Mon Jan  9 16:10:08 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974608.826583: Resolving
hostname ccddc024.corp.corpcommon.com.

(Mon Jan  9 16:10:08 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974608.827340: Sending
initial UDP request to dgram x.x.x..16:88

(Mon Jan  9 16:10:09 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974609.828480: Resolving
hostname ccddc201.corp.corpcommon.com.

(Mon Jan  9 16:10:09 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974609.829332: Sending
initial UDP request to dgram x.x.x..11:88

(Mon Jan  9 16:10:10 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974610.830472: Resolving
hostname ccddc022.corp.corpcommon.com.

(Mon Jan  9 16:10:10 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974610.831252: Sending
initial UDP request to dgram x.x.x..17:88

(Mon Jan  9 16:10:11 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974611.832382: Resolving
hostname ccddc023.corp.corpcommon.com.

(Mon Jan  9 16:10:11 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974611.836596: Sending
initial UDP request to dgram x.x.x..50:88

(Mon Jan  9 16:10:12 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974612.837772: Resolving
hostname ccddc200.corp.corpcommon.com.

(Mon Jan  9 16:10:12 2017) [[sssd[krb5_child[17998]]]]
[sss_child_krb5_trace_cb] (0x4000): [17998] 1483974612.838549: Sending
initial UDP request to dgram x.x.x..10:88

(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
krb5_child started.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
(0x1000): total buffer size: [168]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [
Subaranchan.Thanagopal at DOMAIN.COM]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
(0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
[KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [switch_creds]
(0x0200): Switch user to [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [switch_creds]
(0x0200): Switch user to [0][0].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[KEYRING:persistent:1007629326] and is not active and TGT is  valid.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
(0x0200): Already user [1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
Will perform offline auth
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[create_empty_ccache] (0x1000): Existing ccache still valid, reusing
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_send_data]
(0x0200): Received error code 0
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
[pack_response_packet] (0x2000): response packet size: [53]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_send_data]
(0x4000): Response sent.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
krb5_child completed successfully
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
krb5_child started.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [unpack_buffer]
(0x1000): total buffer size: [63]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [unpack_buffer]
(0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
enterprise principal [false] offline [true] UPN [
Subaranchan.Thanagopal at DOMAIN.COM]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x2000):
Running as [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
(0x0200): Trying to become user [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
(0x0200): Already user [1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [k5c_setup]
(0x2000): Running as [1007629326][1007629326].
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
from environment.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
[set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
environment.
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
Will perform pre-auth
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [tgt_req_child]
(0x1000): Attempting to get a TGT
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [get_and_save_tgt]
(0x0400): Attempting kinit for realm [DOMAIN.COM]
(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
[sss_child_krb5_trace_cb] (0x4000): [18004] 1483974613.991835: Getting
initial credentials for Subaranchan.Thanagopal at DOMAIN.COM

(Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
[sss_child_krb5_trace_cb] (0x4000): [18004] 1483974613.993849: Sending
request (176 bytes) to DOMAIN.COM

(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
[sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9850: Retrying AS
request with master KDC

(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
[sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9891: Getting
initial credentials for Subaranchan.Thanagopal at DOMAIN.COM

(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
[sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9943: Sending
request (176 bytes) to DOMAIN.COM (master)

(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [get_and_save_tgt]
(0x0400): krb5_get_init_creds_password returned [-1765328230} during
pre-auth.
(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [k5c_send_data]
(0x0200): Received error code 0
(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
[pack_response_packet] (0x2000): response packet size: [4]
(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [k5c_send_data]
(0x4000): Response sent.
(Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
krb5_child completed successfully


On Mon, Jan 9, 2017 at 11:21 AM, rajat gupta <rajat.linux at gmail.com> wrote:

> Hi,
>
> Error message is changed today. but same some are able to login but most
> of the user are not. Please find the below logs form ipa2 server.
>
> /var/log/secure
>
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=x.x.x.x.x user=et33015
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth): received
> for user et33015: 6 (Permission denied)
> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18940]: error: PAM: Authentication
> failure for et33015 from x.x.x.x.x
>
> =================================
>
> sssd_nss.log
>
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[18940].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240a7d0][23]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240a7d0][23]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240a7d0][23]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240a7d0][23]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [et33015] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f2ef0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc8323f67a0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f2ef0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc8323f67a0 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f2ef0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f67a0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc83240a680
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f67a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc83240a680 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f67a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240a7d0][23]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[18942].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [et33015] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc832402d80
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc832401560
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc832402d80 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc832401560 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc832402d80 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f39a0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc83240da50
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f39a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc83240da50 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f39a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [et33015] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f63e0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc832402d80
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f63e0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc832402d80 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f63e0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f39a0
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc83240da50
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f39a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc83240da50 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f39a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7fc8323f4780
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
> on path /org/freedesktop/sssd/nss/memcache
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
> Not a sysbus message, quit
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_update_initgr_memcache]
> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7fc8323f4780
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
> on path /org/freedesktop/sssd/nss/memcache
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
> Not a sysbus message, quit
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_update_initgr_memcache]
> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7fc8323f4780
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
> on path /org/freedesktop/sssd/nss/memcache
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
> Not a sysbus message, quit
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
> (0x1000): Updating inigroups memory cache of [e600336 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_update_initgr_memcache]
> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[16825].
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [e600336].
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'e600336' matched without domain, user is e600336
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [e600336] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> e600336 at corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [e600336 at corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323f6260
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc832406870
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323f6260 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc832406870 "ltdb_timeout"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323f6260 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323ef9f0
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc8323fbd90
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323ef9f0 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc8323fbd90 "ltdb_timeout"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323ef9f0 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [e600336 at corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_recv] (0x0200): Client
> disconnected!
> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_close_fn] (0x2000):
> Terminated client [0x7fc83240aaf0][25]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_recv] (0x0200): Client
> disconnected!
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_close_fn] (0x2000):
> Terminated client [0x7fc8323fa270][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[18951].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
> Client connected!
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [et33015] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323fbd90
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc832401560
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323fbd90 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc832401560 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323fbd90 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc83240b690
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc83240d9b0
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc83240b690 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc83240d9b0 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc83240b690 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
> Requesting info for [et33015] from [corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc8323fbd90
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc8323fab40
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc8323fbd90 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc8323fab40 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc8323fbd90 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7fc83240b690
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7fc83240d9b0
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer event
> 0x7fc83240b690 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
> event 0x7fc83240d9b0 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
> 0x7fc83240b690 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
> a LOCAL view, continuing with provided values.
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached
> entry is valid, returning..
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7fc832406bc0][24]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7fc8323f4780
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
> on path /org/freedesktop/sssd/nss/memcache
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_get_sender_id_send] (0x2000):
> Not a sysbus message, quit
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_update_initgr_memcache]
> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
>
>
> ==============================================
> sssd_pam.log
>
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[18942].
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
> Client connected to privileged pipe!
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Received client version [3].
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Offered version [3].
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100):
> entering pam_cmd_preauth
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18942
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_check_timeout]
> (0x4000): User [et33015] not found in PAM cache.
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
> Creating request for [corp.corpcommon.com][0x3][BE_
> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf824a0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf9a520
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf824a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf9a520 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf824a0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf7cbd0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf85090
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf7cbd0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf85090 "ltdb_timeout"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf7cbd0 "ltdb_callback"
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
> User's primary name is et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
> [et33015] added to PAM initgroup cache
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18942
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> received: [0 (Success)][corp.corpcommon.com]
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> called with result [0]: Success.
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 44
> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:46 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
> [et33015] removed from PAM initgroup cache
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
> entering pam_cmd_authenticate
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_AUTHENTICATE
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 1
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18942
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_check_timeout]
> (0x4000): User [et33015] not found in PAM cache.
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
> Creating request for [corp.corpcommon.com][0x3][BE_
> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf8fe00
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf849b0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf8fe00 "ltdb_callback"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf849b0 "ltdb_timeout"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf8fe00 "ltdb_callback"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf8fc40
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf90d60
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf8fc40 "ltdb_callback"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf90d60 "ltdb_timeout"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf8fc40 "ltdb_callback"
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
> User's primary name is et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
> [et33015] added to PAM initgroup cache
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_AUTHENTICATE
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 1
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18942
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:52 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
> [et33015] removed from PAM initgroup cache
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[16825].
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
> Client connected to privileged pipe!
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Received client version [3].
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Offered version [3].
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100):
> entering pam_cmd_close_session
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): name 'e600336' matched without domain, user is e600336
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_CLOSE_SESSION
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> e600336
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 146.213.0.134
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 16825
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: e600336
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> e600336 at corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_check_timeout]
> (0x4000): User [e600336] not found in PAM cache.
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
> Creating request for [corp.corpcommon.com][0x3][BE_
> REQ_INITGROUPS][1][name=e600336 at corp.corpcommon.com:-]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf96250
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf96250
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [e600336 at corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf8c680
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf9a280
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf8c680 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf9a280 "ltdb_timeout"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf8c680 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf975f0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf9b8d0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf975f0 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf9b8d0 "ltdb_timeout"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf975f0 "ltdb_callback"
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
> Returning info for user [e600336 at corp.corpcommon.com@corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
> User's primary name is e600336 at corp.corpcommon.com
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
> [e600336] added to PAM initgroup cache
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_CLOSE_SESSION
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> e600336 at corp.corpcommon.com
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> 146.213.0.134
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 16825
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: e600336
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> received: [0 (Success)][corp.corpcommon.com]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> called with result [0]: Success.
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_recv] (0x0200): Client
> disconnected!
> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_close_fn] (0x2000):
> Terminated client [0x7f0becf906d0][22]
> (Mon Jan  9 11:02:58 2017) [sssd[pam]] [pam_initgr_cache_remove] (0x2000):
> [e600336] removed from PAM initgroup cache
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> received: [6 (Permission denied)][corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> called with result [6]: Permission denied.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 85
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_recv] (0x0200): Client
> disconnected!
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_close_fn] (0x2000):
> Terminated client [0x7f0becf7e800][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
> creds: euid[0] egid[0] pid[18951].
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x0020):
> SELINUX_getpeercon failed [-1][Unknown error -1].
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
> Client connected to privileged pipe!
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Received client version [3].
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
> Offered version [3].
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][21]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100):
> entering pam_cmd_preauth
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): name 'et33015' matched without domain, user is et33015
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
> (0x0200): using default domain [corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18951
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
> Checking negative cache for [NCE/USER/corp.corpcommon.com/
> et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_check_timeout]
> (0x4000): User [et33015] not found in PAM cache.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
> Creating request for [corp.corpcommon.com][0x3][BE_
> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
> corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf861b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
> Requesting info for [et33015 at corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf8fc40
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf8fe00
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf8fc40 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf8fe00 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf8fc40 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_callback": 0x7f0becf84200
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
> "ltdb_timeout": 0x7f0becf85090
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer event
> 0x7f0becf84200 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
> event 0x7f0becf85090 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
> 0x7f0becf84200 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
> User's primary name is et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
> [et33015] added to PAM initgroup cache
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): Sending
> request with the following data:
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): command:
> SSS_PAM_PREAUTH
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
> corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
> et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): service:
> sshd
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
> not set
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
> x.x.x.x.x
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
> type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
> newauthtok type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): cli_pid:
> 18951
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
> name: et33015
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
> pam_dp_send_req returned 0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@corp.
> corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
> 0x7f0becf7c310
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
> conn: 0x7f0becf7f8b0
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
> Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
> received: [4 (System error)][corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
> called with result [4]: System error.
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
> timer re-set for client [0x7f0becf906d0][21]
>
> ===========================
>
> sssd_ipa.preprod.local.log
>
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8f5ffb0 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8fcf1f0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8fceee0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8fcf1f0 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8fceee0 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8fcf1f0 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8ff9450
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8fa9970
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8ff9450 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8fa9970 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8ff9450 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8fc0700
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8f5e890
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8fc0700 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8f5e890 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8fc0700 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [Initgroups #1073]: Request handler finished [0]:
> Success
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [Initgroups #1073]: Receiving request data.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #1073]:
> Finished. Success.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_std] (0x1000): DP Request [Initgroups #1073]: Returning
> [Success]: 0,0,Success
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_table_value_destructor] (0x0400): Removing [0:1:0000:3:1::corp.
> corpcommon.com:name=et33015 at corp.corpcommon.com] from reply table
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [Initgroups #1073]: Request
> removed.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f45b8ea5830], connected[1],
> ops[(nil)], ldap[0x7f45b8ee1930]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f45b8ef2930
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f45b8f0e2b0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): command: SSS_PAM_PREAUTH
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): domain: corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): user: et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): ruser:
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): rhost: x.x.x.x.x
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): cli_pid: 18951
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [PAM Preauth #1074]: New request. Flags [0000].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> et33015 at corp.corpcommon.com] is empty, running request [0x7f45b8ef6730]
> immediately.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
> (0x4000): No mapping for: et33015 at corp.corpcommon.com
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8ef5860
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8ee42e0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8ef5860 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8ee42e0 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8ef5860 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8f26f60
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8f18ae0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8f26f60 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8f18ae0 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8f26f60 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ilt-gif-ipa01.ipa.
> preprod.local'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.
> krb5info_dummy_CFqm2h]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
> (0x2000): File already removed: [/var/lib/sss/pubconf/.
> krb5info_dummy_CFqm2h]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_resolve_done] (0x2000): Subdomain corp.corpcommon.com is
> inactive, will proceed offline
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [18952]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [18952]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [read_pipe_handler] (0x0400): EOF received, client finished
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [set_server_common_status] (0x0100): Marking server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
> (0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
> et33015 at corp.corpcommon.com].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f45b8ef56b0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f45b8f18860
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f45b8ef56b0 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f45b8f18860 "ltdb_timeout"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f45b8ef56b0 "ltdb_callback"
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_cache_creds] (0x0080): Delayed authentication is only available
> for password authentication (single factor).
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [check_wait_queue] (0x1000): Wait queue for user [
> et33015 at corp.corpcommon.com] is empty.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f45b8ef6730]
> done.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Preauth #1074]: Request handler finished [0]:
> Success
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Preauth #1074]: Receiving request data.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #1074]: Request
> removed.
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Preauth #1074]: Sending result [4][
> corp.corpcommon.com]
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18952].
> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [18952] finished successfully.
>
>
>
> On Mon, Jan 9, 2017 at 9:48 AM, rajat gupta <rajat.linux at gmail.com> wrote:
>
>> few user are able to login. ipa ad-trust setup.
>>
>> ==========================
>> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
>> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
>> POSSIBLE BREAK-IN ATTEMPT!
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
>> x.x.x.x
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request:
>> invalid user et33015 [preauth]
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
>> the underlying authentication module for illegal user et33015 from x.x.x.x
>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed
>> keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270
>> ssh2
>> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>> user et33015 from 146.213.128.135 port 51270 ssh2
>> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
>> [preauth]
>> ============================
>>
>> ====================
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_server_status] (0x1000): Status of server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [get_port_status] (0x1000): Port status of port 0 for server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
>> Input/output error
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
>> [Input/output error])
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Going offline!
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_mark_offline] (0x2000): Initialize check_if_online_ptask.
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was
>> created
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
>> task 72 seconds from now [1483696200]
>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>>
>> =================
>>
>> cat /etc/sssd/sssd.conf
>> [domain/ipa.preprod.local]
>>
>> cache_credentials = True
>> krb5_store_password_if_offline = True
>> ipa_domain = ipa.preprod.local
>> id_provider = ipa
>> auth_provider = ipa
>> access_provider = ipa
>> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
>> chpass_provider = ipa
>> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
>> ldap_tls_cacert = /etc/ipa/ca.crt
>> debug_level = 9
>>
>>
>> [sssd]
>> default_domain_suffix = corp.corpcommon.com
>> services = nss, sudo, pam, ssh
>> debug_level = 9
>>
>>
>> domains = ipa.preprod.local
>> [nss]
>> override_homedir = /home/%u
>> debug_level = 9
>>
>>
>>
>> [pam]
>> debug_level = 9
>>
>>
>> [sudo]
>>
>> [autofs]
>>
>> [ssh]
>> debug_level = 9
>>
>>
>> [pac]
>>
>> [ifp]
>> ===============
>>
>> i am able to getent and  kinit for all of the AD user. but most of the
>> user are not able to login via ssh /ad-password
>>
>> getent passwd  et33015
>> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th Sub:/home/et33015:
>>
>> and
>>
>> kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
>>
>>
>>
>
>
> --
>
> *Rajat Gupta *
>



-- 

*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/0ea23e52/attachment.htm>

From jamesaharrisonuk at yahoo.co.uk  Mon Jan  9 15:18:29 2017
From: jamesaharrisonuk at yahoo.co.uk (James Harrison)
Date: Mon, 9 Jan 2017 15:18:29 +0000 (UTC)
Subject: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd
 version 1.13.4-1ubuntu1.1
In-Reply-To: <20170109130931.GF24255@10.4.128.1>
References: <1588224621.467679.1483623416628.ref@mail.yahoo.com>
	<1588224621.467679.1483623416628@mail.yahoo.com>
	<1302294420.1935936.1483722924050@mail.yahoo.com>
	<20170107153359.GA29848@10.4.128.1>
	<265350268.2066535.1483965848725@mail.yahoo.com>
	<20170109130931.GF24255@10.4.128.1>
Message-ID: <716767681.2300239.1483975110100@mail.yahoo.com>

Hi All,I have attached three files from running sudo -i on the same machine enrolled into Free IPA. They have the output from various versions of sudo. tail -f sudo_debug, syslog, auth.log and sssd/*.log from /var/log to show chronological order of events.

The attached files are: sudo-1.8.19-1.txt???? --- from Debian
sudo-1.8.16-0ubuntu1.2.txt?? --- Current released Xenial sudo
sudo1.8.12-1ubuntu3.txt --- Previous sudo from "wily" https://launchpad.net/ubuntu/wily/amd64/sudo/1.8.12-1ubuntu3

The machine's /etc/sudo.conf has:Debug sudo /var/log/sudo_debug all at debug
Debug sudoers.so /var/log/sudo_debug all at debug
Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so

Hope this helps.
Regards,James Harrison

      From: Lukas Slebodnik <lslebodn at redhat.com>
 To: James Harrison <jamesaharrisonuk at yahoo.co.uk> 
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>; pbrezina at redhat.com
 Sent: Monday, 9 January 2017, 13:09
 Subject: Re: [Freeipa-users] FreeIPA sudo not working on ububtu xenial sssd version 1.13.4-1ubuntu1.1
   
On (09/01/17 12:44), James Harrison wrote:
>All,debian 1.8.19-1 doesnt work, but Ubuntu 1.8.12-1ubuntu3 does.
>
Could you provide sudo logs with 1.8.19-1
https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO

sssd log files will be helpfull as well.


LS


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/f57198d3/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sudo1.8.12-1ubuntu3.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/f57198d3/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sudo-1.8.16-0ubuntu1.2.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/f57198d3/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sudo-1.8.19-1.txt
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/f57198d3/attachment-0002.txt>

From rajat.linux at gmail.com  Mon Jan  9 15:26:54 2017
From: rajat.linux at gmail.com (rajat gupta)
Date: Mon, 9 Jan 2017 16:26:54 +0100
Subject: [Freeipa-users] sshd[22490]: Failed password for invalid user
In-Reply-To: <CAA=996GdO_cqUyzn2vp4N-4na53ajTYmi79LO1t_4Lfmz1iW3w@mail.gmail.com>
References: <CAA=996FBwy_h-VMSb=Up=DPJqwb7D_2b9Y-d-now+Q9KAACRDg@mail.gmail.com>
	<CAA=996GeqDoEFWTqGuPw_xPE97k7TvJW0S3aQeMTMfmiCi-nPA@mail.gmail.com>
	<CAA=996GdO_cqUyzn2vp4N-4na53ajTYmi79LO1t_4Lfmz1iW3w@mail.gmail.com>
Message-ID: <CAA=996HgkzYzYT1ZBzwy0Vnr1xkLb46pQheTJEzbFCpLDvHnUQ@mail.gmail.com>

Hi again.

You can  get the logs on  below url as well.

https://www.dropbox.com/s/wcimvqxgqg7ugxc/sssd_ipa.preprod.local.log?dl=0
https://www.dropbox.com/s/tod9gx9w47b8nvi/krb5_child.log?dl=0

On Mon, Jan 9, 2017 at 4:19 PM, rajat gupta <rajat.linux at gmail.com> wrote:

> These logs are related to sssd_ipadomain.log log. Please find the updated
> logs below.
>
> =======================
> sssd_ipa.preprod.local.log
> =======================
>
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb43cd0 "ltdb_callback"
>
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo rules
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [be_ptask_done]
> (0x0400): Task [SUDO Full Refresh]: finished successfully
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
> [be_ptask_schedule] (0x0400): Task [SUDO Full Refresh]: scheduling task
> 21600 seconds from last execution time [1483995891]
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[(nil)], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:04:51 2017) [sssd[be[ipa.preprod.local]]] [delayed_online_authentication_callback]
> (0x0200): Backend is online, starting delayed online authentication.
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb1e590
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [dp_get_account_info_handler] (0x0200): Got request for
> [0x1][BE_REQ_USER][1][name=et33015 at corp.corpcommon.com]
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [Account #248]: New request. Flags [0x0001].
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
> view [Default Trust View] with filter [(&(objectClass=
> ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_print_server] (0x2000): Searching 10.150.144.113:389
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 11
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 11 timeout 6
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb44790], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 11 finished
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_done] (0x4000): No override found with filter
> [(&(objectClass=ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 12
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 12 timeout 6
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb58640], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:50 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb58640], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 12 finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb748d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb375c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb375c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb818a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb818a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb818a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb818a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75120 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68630
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68630 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83210
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74750
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb74810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74750 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb74810 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74750 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83210
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb68630
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83210
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83210 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7eae0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7eae0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb68630
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7eae0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7eae0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e8d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7c830
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e8d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7c830 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e8d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7c830
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7c830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7c830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83210
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83210 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb85670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7b4d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb85670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7b4d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb85670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb68630
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb87ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb87ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb68630 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83210
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87ca0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83210 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87ca0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb866d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e8d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb866d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e8d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb866d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7f490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7f490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7f490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7d200
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7d200 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb866d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88f00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb866d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88f00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb866d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e1f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84ef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e1f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84ef0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e1f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7f400
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84ef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7f400 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84ef0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7f400 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb871e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7b670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb871e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7b670 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb871e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb861d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7c260
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb861d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7c260 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb861d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb861d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88a30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb861d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88a30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb861d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ac20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8a740
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ac20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8a740 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ac20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb846d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e1f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb846d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb846d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb846d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e1f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb846d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb846d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8bca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8bca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80f20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ebe0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80f20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ebe0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80f20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84ef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80f20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84ef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80f20 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84ef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86c50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b8a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86c50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b8a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86c50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e1f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e1f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ffb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ffb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8cc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8f250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8cc80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8f250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8cc80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ed50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91690
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ed50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91690 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ed50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fd00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ed50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fd00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ed50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fd00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c7a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c7a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fd10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fd10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb990d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb990d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb880a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7d810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb880a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7d810 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb880a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91a00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92970
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91a00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92970 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91a00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8eee0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92090
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8eee0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92090 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8eee0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8cbc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8cc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8cbc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8cc80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8cbc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb872c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb872c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c6e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb872c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb900d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb822d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb900d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb822d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb900d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb942c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb900d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb942c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb900d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb942c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90b20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92fe0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90b20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92fe0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90b20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb942c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb942c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96120 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb942c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb965f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb965f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb972a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90b20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb972a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90b20 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb972a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9cd80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9cd80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb822d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb822d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96120 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb822d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92600
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91a00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91a00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacc40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83e00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacc40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83e00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacc40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94fd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb911c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb911c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96cc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96cc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96cc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb822d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb822d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb822d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb99bf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb99bf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94fd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba31c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba31c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94fd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba31c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba31c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94fd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb94fd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb94fd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84270
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84270 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84270 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb843b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb843b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d370 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb843b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb843b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb843b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb843b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba31c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb983c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba31c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb983c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba31c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba31c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb983c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba31c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb983c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba31c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92fe0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96cc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96cc0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83340 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93550
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9e5d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93550 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9e5d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93550 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9b910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9b9d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9b910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9b9d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9b910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93690
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5650
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93690 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5650 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93690 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d680
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93690
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d680 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93690 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d680 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9e1c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ddc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9e1c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ddc0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9e1c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0a30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba4e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0a30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba4e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0a30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0a30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba4e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0a30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba4e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0a30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb87600
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb87600 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9ebd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0810 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9a900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9a900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9a900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0fc70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0fc70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ace0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ace0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba18c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba18c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba1f00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba1f00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba1f00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83340 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75330 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0fc70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb982f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb982f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0fc70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc16170
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0fc70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc16170 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0fc70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc16170 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9a900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb905a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba18c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb905a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba18c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb905a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba18c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0ef40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba18c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0ef40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba18c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba1350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc120a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba1350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc120a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba1350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb948a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9ace0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc11660
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9ace0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc11660 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9ace0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8de50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba46f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8de50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba46f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8de50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8de50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8de50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8de50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9a900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb99200
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc150d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb99200 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb99200 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb99200
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb99200 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb99200 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb948a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9a900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb948a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9a900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb948a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb948a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc05900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc05900 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc14b10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ace0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc14b10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ace0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc14b10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc150d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc150d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc150d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc150d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb948a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb948a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb755f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb948a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc13cf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc13cf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2aa0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb948a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb948a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba08d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba08d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba08d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb755f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb755f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfbdd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfbdd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfbdd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc150d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc150d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc150d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf9410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf9e40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf9410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf9e40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf9410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb976d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbac9a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbac9a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfada0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaaa90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfada0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaaa90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfada0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0f890
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc128e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc128e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacbf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacbf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacbf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb904b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb976d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfbd50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfbd50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9a6d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaa430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9a6d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9a6d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb976d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf9e40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf9e40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0f890
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9ff90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb37d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9ff90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb37d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9ff90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb904b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfbd50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfbd50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfbd50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb976d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb976d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb904b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb904b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaa430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb8600
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb976d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb8600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb976d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb8600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac9a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb959d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac9a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac9a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9600
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba10c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba10c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb959d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb959d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d3b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb959d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d3b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb959d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d3b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0f890
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0f890 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0f890
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaa430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaa430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0f890 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac9a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac9a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0e6b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac9a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0e6b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9600
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb8960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb8960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9600 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf8d90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ff90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ff90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba10c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe1d80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba10c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe1d80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba10c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe1f70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe1f70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe1f70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba69f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba69f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba69f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe1f70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe1f70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf5180
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe3330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf5180 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe3330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf5180 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0bb10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0bb10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0bb10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0e6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8d90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8d90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0e6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe3620
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d9b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe3620 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d9b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe3620 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6010
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0bb10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0bb10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0bb10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ff90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ff90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0bb10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf4400
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf4400 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0bb10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8d9b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe3620
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8d9b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe3620 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8d9b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d0e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbe2a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d0e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbe2a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d0e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaf370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaf370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7500 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaf370 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc010f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0f5c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbe2a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0f5c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbe2a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0f5c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0f5c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0f5c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc010f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0f5c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc010f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d0e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d0e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc010f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6010
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7cb30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7cb30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7cb30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d9b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7cb30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d9b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7cb30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe66a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee240 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe66a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee240 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7500
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0f5c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0f5c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7500 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 13
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 13 timeout 6
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdbacaf0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdbacaf0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 13 finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9e470
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9e470 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d820 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9e470 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73f40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73f40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9e470
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73f40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9e470
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc11140
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9e470 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc11140 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9e470 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9e470
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc11140
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc11140 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d820 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc11140 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9e470
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9e470 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [dhub at corp.corpcommon.com][name=dhub at corp.corpcommon.com,
> cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f080 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e9d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87ef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ea90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e9d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87ef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe2110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91d50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ea90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87ef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe2110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96d30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7db0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91d50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe2110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96d30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0c010
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7db0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96d30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0c010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f080 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0c010 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7c6b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbab1e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7c6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbab1e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7c6b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88eb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88eb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8aa90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc10240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8aa90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc10240 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8aa90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc10240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc10240 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0b740
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc10240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc10240 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0da30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ccf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ccf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0da30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0b740
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8aa90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8aa90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0b740
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc10240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc10240 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0b740 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89a70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf370
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89a70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf370 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89a70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc10240
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ccf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc10240 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ccf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc10240 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01820
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8e9e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8e9e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01820 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9b830
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe2f30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9b830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe2f30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9b830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc113a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88b00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc113a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88b00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc113a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [Account #248]: Request handler finished [0]: Success
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [Account #248]: Receiving request data.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_list_success] (0x0400): DP Request [Account #248]: Finished.
> Success.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_std] (0x1000): DP Request [Account #248]: Returning
> [Success]: 0,0,Success
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::corp.
> corpcommon.com:name=et33015 at corp.corpcommon.com] from reply table
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [Account #248]: Request removed.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[(nil)], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_get_account_info_handler] (0x0200): Got request for
> [0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d5b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb65770
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb77d10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb77dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb65770 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb77d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0b60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb77dd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb77d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e310
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb780b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0b60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e310 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95ea0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb787f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb780b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e310 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95ea0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95ea0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7b280
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb787f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7b280 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7b280 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95460
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb787f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb78d10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95460
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb787f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb78d10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79ac0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb780b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79ac0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb780b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95460
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb787f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb780b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacaf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95d50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb787f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95460 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb780b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba93e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95d50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb780b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95d50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbad390
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba93e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb780b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95d50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacaf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ef30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbad390 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95d50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc479f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbad320
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc479f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ef30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbad320 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc479f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78d10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbad320
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacaf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ef30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbad320 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc479f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbad320
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc479f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ef30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbad320 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc479f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78d10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf780
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacaf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ef30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78d10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaf780
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb35a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacaf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaf780 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc134d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb35a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaf780 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb35a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc163d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc134d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78dd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb35a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc134d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbae970
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc163d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb35a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc134d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc163d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98ad0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbae970 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc134d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc163d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbae970
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb77f00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98ad0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc163d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbae970 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98ad0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbab220
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb77f00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbae970 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98ad0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb77f00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbab220 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98ad0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb77f00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbab220
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc26580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb77f00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbab220 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1a490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb23a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc26580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbab220 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1a490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc26580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ac20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb23a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1a490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc26580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb23a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba38d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ac20 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc26580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb23a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1ac20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1b2a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba38d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb23a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1ac20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba38d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb77c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1b2a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1ac20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba38d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1b2a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba27e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb77c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba38d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1b2a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb23a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb7400
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba27e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1b2a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb23a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba27e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb7be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb7400 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb23a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba27e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb7400
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc270f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb7be0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba27e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb7400 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb7be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdd039f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc270f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb7400 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb7be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc270f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6d60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdd039f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb7be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc270f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdd039f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1f040
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6d60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc270f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdd039f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6d60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc28020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1f040 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdd039f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6d60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1f040
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc24480
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc28020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6d60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1f040 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc28020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc24da0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc24480 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1f040 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2680
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1e760
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc24da0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2680 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0bc50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1e760 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2680 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0bd10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0040
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0bc50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0bd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0bc50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdd03910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0040 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0bd10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0bc50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc28020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2680
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdd03910 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0bc50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdd03910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2680 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdd03910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1f960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba3ec0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d340 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdd03910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0d340
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0caf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba3ec0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1f960 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0d340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc28020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0ec00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0caf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0d340 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdd03910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba4110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0ec00 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc28020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdd03910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0ec00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbec7c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba4110 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdd03910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0ec00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba4110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1e760
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbec7c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0ec00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba4110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbec7c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba58f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1e760 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba4110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbec7c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1e760
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1d380
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba58f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbec7c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1e760 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba58f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d200
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1d380 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1e760 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba58f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee620
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc34730
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d200 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba58f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee620 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc34730 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee620 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [Initgroups #249]: New request. Flags [0000].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
> view [Default Trust View] with filter [(&(objectClass=
> ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_print_server] (0x2000): Searching 10.150.144.113:389
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 14
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 14 timeout 6
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb58ac0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 14 finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_done] (0x4000): No override found with filter
> [(&(objectClass=ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb0ab10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb34040
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb0ab10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb34040 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb0ab10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74fe0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb64060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb64060 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb76aa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb199f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb76aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb76aa0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [check_if_pac_is_available] (0x4000): No PAC available.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 15
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 15 timeout 6
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 15 finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5d720
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5d7e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5d720 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5d7e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5d720 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5db00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5dcd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5db00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5dcd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5db00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb199f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb199f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb199f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5cd30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb67f10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb67f10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb483f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb67b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb483f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb67b90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb483f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb67f10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb67f10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92610
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb792a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92610 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb792a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92610 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5cd30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb67f10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb67f10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb67f10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92610
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92610 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79810 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92610 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90520 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90520 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc25cb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc258a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc25cb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc258a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc25cb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68d60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68d60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb65f50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb65f50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc28980
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb927b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc28980 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb927b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc28980 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2f360
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2f360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79580 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2f360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2f360
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2f360 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc31b00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb927b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc31b00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb927b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc31b00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb65f50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb65f50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc32fe0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb199f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc32fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc32fe0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65f50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2a2b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65f50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2a2b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65f50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5cd30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc29350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc29350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5cd30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc28810
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5e3b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc28810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5e3b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc28810 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2c150
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2acd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2c150 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2acd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2c150 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2c150
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2acd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2c150 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2acd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2c150 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2acd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb199f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2acd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb199f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2acd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc29fc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc33250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc29fc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc33250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc29fc0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc33250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2bdb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc33250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2bdb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc33250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2ba50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2ba50 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93be0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc33250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc33250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc33250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc32d40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc32d40 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc29350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc29350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb833b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2bdb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb833b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2bdb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb833b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2bdb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2bdb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2bdb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2bdb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2bdb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2bdb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65f50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc29350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65f50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc29350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65f50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2eb40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2eb40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2eb40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc27520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc27520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc27520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc27520
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc27520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc27520 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc29350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc31a90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc29350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc31a90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc29350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2eb40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2eb40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2eb40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86f60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86f60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86f60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc28c90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc28c90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82ec0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82ec0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82ec0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb658f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82350 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5dc30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86640
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5dc30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86640 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5dc30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb658f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8f4c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8f4c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb658f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86640
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86640 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86640 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb849c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb849c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb849c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83de0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2f880
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83de0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2f880 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83de0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f440
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f440 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f440 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84940
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84940 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2a4c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc29dd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2a4c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc29dd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2a4c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb888a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb888a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb888a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91250 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a8d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93be0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a8d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93be0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a8d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89230
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91250
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89230 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91250 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89230 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b5d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b5d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b5d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc2cef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90660
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc2cef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90660 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc2cef0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89ae0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89ae0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89ae0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb884b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb946a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88960
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88960 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8dc30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb946a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8dc30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb946a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8dc30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d330
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d330 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb884b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb884b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb66170
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb66170 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb66170
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb66170 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc29350
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc29350 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbeef40
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbeef40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbeef40 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ab30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ab30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ab30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a860
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc28c90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a860 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc28c90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a860 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94ae0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94ae0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94ae0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ccf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb78490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ccf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb78490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ccf0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb862f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb862f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb862f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6020 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6020
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6020 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9f4f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9f4f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbd8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9f4f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf08d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf08d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2060 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbd8f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc85a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f4f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc85a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f4f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc85a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2060 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9f4f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9f4f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b8c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb971c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb971c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba01e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5d50
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9b4a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5d50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9b4a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5d50 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb971c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf04f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb971c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf04f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb971c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5b90 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9b650
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b3a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9b650 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b3a0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9b650 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d930
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d930 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d930 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba01e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba01e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5b90
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5b90 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb972f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b8c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb972f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b8c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb972f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0860
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0860 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d6e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d6e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0860
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0860 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d6e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96110 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb972f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb972f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb972f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96110
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96110 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95390
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95390 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95e80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95e80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95e80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95390
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95390 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96ec0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb972f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb972f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96ec0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96ec0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95390
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95390 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95390 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb954c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbae120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbae120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbae120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbadc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97b10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97b10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1e30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbadc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb878b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0860
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0860 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0860 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb00e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb00e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb00e0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbadc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbadc80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbadc80 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaf060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbadc80
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaf060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbadc80 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaf060 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb00e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb00e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb954c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0bb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0bb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1910 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf060
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf060 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb25d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb25d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4420 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb25d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce7d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce7d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba0430 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce7d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbae120
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbae120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1e30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbae120 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc31080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1910
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc31080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1910 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc31080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba0430
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba0430 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1e30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1e30 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc31080
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9ae70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc31080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9ae70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc31080 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97540 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97540
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1670 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97540 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb25d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb25d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb1670
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb1670 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd0ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd0ca0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd0ca0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb649f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc48b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc48b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc48b0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd3900
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd3900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd3900 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79e70 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd0ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb999f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb649f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb8850
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb8850 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb649f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd4e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd0ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd4e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd4e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd0ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd4e60
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb999f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd4e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb999f0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd4e60 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e70
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd0ca0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd0ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e70 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 16
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 16 timeout 6
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb8fe60], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb8fe60], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 16 finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb659d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0f30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb659d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb659d0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86ab0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0f30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86ab0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86ab0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0f30
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0f30 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86ab0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ecb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86ab0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86ab0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ecb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96490 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96490
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86bf0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86bf0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96490 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb78bd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc7e10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb78bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc7e10 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb78bd0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf5d20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ecb0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf5d20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf5d20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb887a0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b980
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb887a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b980 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb887a0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbca00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc2d860
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbca00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc2d860 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbca00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbbca00
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7f1d0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbbca00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7f1d0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbbca00 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9dcd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9dcd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8e280
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8e280 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94360
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4420 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d5b0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79fa0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79fa0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94360
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9dcd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9dcd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94360 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb8da0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb8da0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4420
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2bc0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2bc0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4420 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94c10
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79790
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94c10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79790 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94c10 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b2c0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91790
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b2c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91790 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b2c0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9e830
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf3df0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9e830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf3df0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9e830 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [Initgroups #249]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [Initgroups #249]: Receiving request data.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #249]:
> Finished. Success.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_std] (0x1000): DP Request [Initgroups #249]: Returning
> [Success]: 0,0,Success
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_table_value_destructor] (0x0400): Removing [0:1:0000:3:1::corp.
> corpcommon.com:name=et33015 at corp.corpcommon.com] from reply table
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [Initgroups #249]: Request removed.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[(nil)], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb1e590
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): command: SSS_PAM_PREAUTH
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): domain: corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): user: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): ruser:
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): rhost: 146.213.128.135
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): cli_pid: 17946
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [PAM Preauth #250]: New request. Flags [0000].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
> immediately.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
> (0x4000): No mapping for: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb43cd0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb43cd0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb10580
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb65ef0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb10580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb65ef0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb10580 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 389 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [17947]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [17947]
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [17947].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [17947] finished successfully.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [read_pipe_handler] (0x0400): EOF received, client finished
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [parse_krb5_child_response] (0x1000): child response [0][11][0].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [set_server_common_status] (0x0100): Marking server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 389 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
> (0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
> et33015 at corp.corpcommon.com].
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb35d20
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb654e0
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb35d20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb654e0 "ltdb_timeout"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb35d20 "ltdb_callback"
>
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [check_wait_queue] (0x1000): Wait queue for user [
> et33015 at corp.corpcommon.com] is empty.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
> done.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Preauth #250]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Preauth #250]: Receiving request data.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #250]: Request
> removed.
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:09:51 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Preauth #250]: Sending result [0][
> corp.corpcommon.com]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_get_account_info_handler] (0x0200): Got request for
> [0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb627b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d9d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb627b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d9d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb627b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb05e30
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb05e30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb05e30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb56720
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb13e60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb56720 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb13e60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb56720 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fd60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ee80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fd60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f2d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ebd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ee80 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fd60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f2d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb960c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ee80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ebd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f2d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f2d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ee80 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f2d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb960c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fca0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f2d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb960c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90bd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fca0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb960c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90bd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9d70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90bd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9d70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fca0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9d70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9d70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9d70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbad370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8960
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92f70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9d70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbad370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fca0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbad370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbad370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbbdb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbad370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8960
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbbdb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbad370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47850
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ebd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47850
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ebd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0020
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0020 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ebd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc16400
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc16400 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ebd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc47850
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc47850 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ebd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc15230
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc47850
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92f70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc15230 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc47850 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc15230 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47850
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb971d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ee80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb971d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47850 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb971d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a150
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a150 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1a150
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1a150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ee80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1a150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb971d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1a150
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1a150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc25080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1a150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb971d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc25080 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc25080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc27740
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb27a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb971d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc25080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc26ad0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc27740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc25080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc27740
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc26ad0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc27740 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc26ad0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6bb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbacb40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc27740 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc26ad0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6bb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc26ad0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6bb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc27740
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6bb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc27740 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6bb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbac9f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc27740 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba79f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbac9f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba79f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba79f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbbbda0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbacb40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba79f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbbbda0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba79f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0cd90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb27a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc27670
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0cd90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb27a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc27670 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc27670 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0cd90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1ecb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1ecb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d440
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0cd90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0cd90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbed290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1ecb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0cd90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbacb40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d440
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbed290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0cd90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbed290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbacb40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d440
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5e40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbed290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d440 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0cd90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbed290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d440 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0cd90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbed290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0cd90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [Initgroups #251]: New request. Flags [0000].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
> view [Default Trust View] with filter [(&(objectClass=
> ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_print_server] (0x2000): Searching 10.150.144.113:389
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 17
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 17 timeout 6
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb58ac0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 17 finished
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_done] (0x4000): No override found with filter
> [(&(objectClass=ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb0ab10
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb64050
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb0ab10 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb64050 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb0ab10 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d5b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb13e60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d5b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d5b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb13e60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [check_if_pac_is_available] (0x4000): No PAC available.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 18
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 18 timeout 6
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb35830], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb35830], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 18 finished
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb67430
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb674f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb67430 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb674f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb67430 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04e20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04ee0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04e20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04ee0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04e20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba5580
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba5640
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba5580 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba5640 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba5580 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb66230
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb76430
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb66230 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb76430 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb66230 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb76430
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb76430 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb76430 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb69440
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ed50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb69440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ed50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ee80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ef40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ef40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ee80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb914d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb914d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb914d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb914d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fc90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb766c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fc90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fc90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb674b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb76ad0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb674b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb76ad0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb674b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93550
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ed50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93550 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ed50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ed50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ed50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba3a70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb674b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba3a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb674b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba3a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9a9c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9a9c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb917e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90cb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb766c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90cb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90cb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb66ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba37e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb66ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba37e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb66ce0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb66ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb66ce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92520
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba3e80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92520 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba3e80 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92520 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb93af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb735d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb735d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb93af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb917e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93af0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92930
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb94ea0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92930 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb94ea0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92930 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb954c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb954c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94050
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94050 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95380 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94050 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9cba0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9c7a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9cba0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9c7a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9cba0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92de0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97f70
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92de0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97f70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92de0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb917e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92de0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92de0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9cba0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9c7a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9cba0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9c7a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9cba0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb966c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73e90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb966c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73e90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb966c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb917e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73e90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73e90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb917e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb985a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb766c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb985a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb985a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9a3d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92930
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9a3d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92930 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9a3d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9a3d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb97760
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9a3d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb97760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9a3d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96550
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96550 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96550 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9cfe0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9cfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9cfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9a7a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9a7a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7fb00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba29a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d260
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba29a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba29a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7fb00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91590
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91590 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8d260
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91590
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8d260 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91590 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8d260 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75ae0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba29a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75ae0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba29a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75ae0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97d50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7fb00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7fb00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97d50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7cb20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7cb20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba29a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba29a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91590
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d260
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91590 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91590 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97d50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7cb20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7cb20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7cb20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ef50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d260
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ef50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d260 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ef50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91590
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91590 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91590 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ef50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95530
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ef50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95530 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ef50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91aa0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7b0f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91aa0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7b0f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91aa0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb97d50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb97d50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7aa40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb766c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7aa40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb766c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7aa40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7b950
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb691b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7b950 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb691b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7b950 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8aaa0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8aaa0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8aaa0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb838f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8abd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8abd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8abd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb837c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb837c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb837c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c000
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8aa20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8aa20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb838f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c000
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c000 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb838f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb838f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8aa20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8aa20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82240
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7db00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82240 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7db00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82240 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb837c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb837c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb837c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7c6d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75b90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7c6d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75b90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7c6d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8aa20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8aa20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8aa20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91a20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8bdd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8bdd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba18e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba18e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba18e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba18e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86810
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86410
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86810 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86810 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb85be0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb85be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7acc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb85be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe7950
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b9f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe7950 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b9f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe7950 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85be0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80dc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85be0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c080
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80dc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80dc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c080 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb85d20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88b50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb85d20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb85d20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb894e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb894e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb894e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb894e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb894e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb92290 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7acc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89b60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7acc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b9f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb894e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b9f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb894e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b9f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85be0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a250
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a250 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89180 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a250 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb894e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb894e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb894e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80f00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93720
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93720 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80f00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92290
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92290 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80f00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb91a20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb99390
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb91a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb99390 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb91a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe7600
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe7600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89180 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe7600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe93a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe93a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ebf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ebf0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ebf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91ed0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91ed0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe7600
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbeb020
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe7600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbeb020 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe7600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80dc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8a250
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8a250 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee1a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80dc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8a250
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8a250 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81490
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbebec0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbebec0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe95b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe95b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89b60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe95b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe93a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80dc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe93a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80dc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe93a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbee1a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbee1a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88b50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e380 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e8b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e8b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdecc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88b50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe93a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe93a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe93a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdecc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbad7f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbad7f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7e8b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7e8b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbad7f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaaee0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbad7f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaaee0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbad7f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdecc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c1c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c1c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdecc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf13b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf13b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89b60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e8b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe9050
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e8b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe9050 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e8b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6180 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf13b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdecc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf13b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdecc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf13b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdecc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdecc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89870
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbae6d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89870 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbae6d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89870 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6f90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88b50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6f90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88b50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6f90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf13b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba8960
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf13b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba8960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf13b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba7100
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbac5c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba7100 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbac5c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba7100 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaf780
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6af0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaf780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6af0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaf780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf1c40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbef490
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf1c40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbef490 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf1c40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac5c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf780
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6180
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf780
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf780 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6180 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaeee0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaf2f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaeee0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaf2f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaeee0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac000
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb0ce0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb0ce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac000
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbae010
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbae010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe8a20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8a460
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe8a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8a460 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe8a20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbedfc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb1580
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbedfc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb1580 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbedfc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbeff30
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbeff30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbeff30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a460
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaabc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a460 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaabc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a460 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc59a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86980
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc59a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86980 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc59a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbab550
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbab550 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbab550 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaa090
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb87330
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaa090 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb87330 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaa090 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbab600
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbab600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82c20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbab600 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac000
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac000 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a460
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaa090
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a460 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaa090 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a460 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb10a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb10a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf11e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc82c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe8a20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc82c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe8a20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc82c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc6660
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc6660 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc6660 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb10a0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf11e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb10a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf11e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb10a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaf2f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaabc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaf2f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaabc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaf2f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb878b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb878b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbeff30
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbeff30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8c00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe5680
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8c00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe5680 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8c00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe6a90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe6a90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe6a90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc8a50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc8a50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbeff30
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc9760
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbeff30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc9760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbeff30 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbeddb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7840
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbeddb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7840 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbeddb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc68c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7840
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc68c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7840 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc68c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb8a90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc8a50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb8a90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc8a50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb8a90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2170
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc5780
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe49d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc5780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe49d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc5780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe49d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba7840
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe49d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba7840 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe49d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc5780
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc6c40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc5780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc6c40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc5780 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc8a50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc8a50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc8a50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86980
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc2c50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86980 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc2c50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86980 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdd6c0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4350
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdd6c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4350 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdd6c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd5370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd5370 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc8a50
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90210
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc8a50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90210 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc8a50 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbccbc0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd5370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbccbc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd5370 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbccbc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdd480
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdd480 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdd480 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe49d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe49d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe49d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdc380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdd480
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdc380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdd480 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdc380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdd480
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdd480 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc4b40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd5370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc42d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce310 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce310 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd5370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc42d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce310
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce010
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce310 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce310 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdc380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb80b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdc380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb80b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdc380 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc3b00
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc42d0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc3b00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc42d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc3b00 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd5370
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc4b40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc4b40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd5370 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe0c80
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdc380
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe0c80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdc380 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe0c80 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 19
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 19 timeout 6
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb84760], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 19 finished
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81970
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89960
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81970 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81970 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb94150
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c100
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb94150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c100 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb94150 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c100
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb96800
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c100 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb96800 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c100 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96800
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb94150
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96800 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb94150 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96800 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb73940
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81970
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb73940 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81970 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb73940 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81970
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89960
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81970 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81970 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcb0e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbecdd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcb0e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbecdd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcb0e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbdbdb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbecdd0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbdbdb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbecdd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbdbdb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbac7e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdd110
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbac7e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdd110 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbac7e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba4c90
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93bb0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba4c90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93bb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba4c90 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b280
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92ff0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b280 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92ff0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b280 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb971b0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb971b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb971b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74490
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9c660
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9c660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb58ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88340 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb80e40
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb80e40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb80e40 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74490
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb74490
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9c660
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9c660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb74490 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb58ac0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88340
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb58ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcb260
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98c20
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcb260 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98c20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcb260 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe4ef0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbdee60
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe4ef0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbdee60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe4ef0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81030
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb898e0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81030 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb898e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81030 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [Initgroups #251]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [Initgroups #251]: Receiving request data.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #251]:
> Finished. Success.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_std] (0x1000): DP Request [Initgroups #251]: Returning
> [Success]: 0,0,Success
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_table_value_destructor] (0x0400): Removing [0:1:0000:3:1::corp.
> corpcommon.com:name=et33015 at corp.corpcommon.com] from reply table
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [Initgroups #251]: Request removed.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[(nil)], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb1e590
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): command: SSS_PAM_AUTHENTICATE
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): domain: corp.corpcommon.com
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): user: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): ruser:
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): rhost: 146.213.128.135
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): authtok type: 1
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): cli_pid: 17946
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [PAM Authenticate #252]: New request. Flags [0000].
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
> immediately.
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
> (0x4000): No mapping for: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb10580
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb10580 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb628f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb10580 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb10580
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb10580 "ltdb_timeout"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 389 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [resolve_srv_send] (0x0200): The status of SRV lookup is resolved
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ilt-gif-ipa01.ipa.
> preprod.local'
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.
> krb5info_dummy_7VqPy8]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
> (0x2000): File already removed: [/var/lib/sss/pubconf/.
> krb5info_dummy_7VqPy8]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [17964]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [17964]
> (Mon Jan  9 16:10:01 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_child_timeout] (0x0040): Timeout for child [17964] reached. In case
> KDC is distant or network is slow you may consider increasing value of
> krb5_auth_timeout.
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [krb5_auth_done]
> (0x0020): child timed out!
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 827
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 389 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 389 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 389 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'neutral'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ilt-gif-ipa01.ipa.
> preprod.local'
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.
> krb5info_dummy_9ywqhA]
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
> (0x2000): File already removed: [/var/lib/sss/pubconf/.
> krb5info_dummy_9ywqhA]
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [17998]
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [17998]
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [17998].
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0020): waitpid did not found a child with changed
> status.
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [17964].
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0020): child [17964] was terminated by signal [9].
> (Mon Jan  9 16:10:07 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_child_timeout] (0x0040): Timeout for child [17998] reached. In case
> KDC is distant or network is slow you may consider increasing value of
> krb5_auth_timeout.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_auth_done]
> (0x0020): child timed out!
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 827
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'not working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 389 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'not working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
> Input/output error
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [be_mark_dom_offline] (0x1000): Marking subdomain corp.corpcommon.com
> offline
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [be_mark_subdom_offline] (0x1000): Marking subdomain corp.corpcommon.com
> as inactive
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [18002]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [18002]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18002].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0020): waitpid did not found a child with changed
> status.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [17998].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0020): child [17998] was terminated by signal [9].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [read_pipe_handler] (0x0400): EOF received, client finished
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [parse_krb5_child_response] (0x1000): child response [0][3][41].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [set_server_common_status] (0x0100): Marking server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
> (0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
> et33015 at corp.corpcommon.com].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb64e90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb64f50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb64e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb64f50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb64e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb63590
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb65b00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb63590 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb65b00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb63590 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb675f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb33930
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb675f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb33930 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb675f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb675f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d820
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb675f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d820 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb675f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_cache_auth] (0x4000): Offline credentials expiration is [0] days.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [check_failed_login_attempts] (0x4000): Failed login attempts [0], allowed
> failed login attempts [0], failed login delay [5].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_cache_auth] (0x0100): Cached credentials not available.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_cache_creds] (0x0020): Offline authentication failed
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [check_wait_queue] (0x1000): Wait queue for user [
> et33015 at corp.corpcommon.com] is empty.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
> done.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Authenticate #252]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Authenticate #252]: Receiving request data.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #252]: Request
> removed.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Authenticate #252]: Sending result [6][
> corp.corpcommon.com]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18002].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [18002] finished successfully.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_get_account_info_handler] (0x0200): Got request for
> [0x3][BE_REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb43fc0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb34040
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb43fc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb34040 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb43fc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb1a170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb483f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb1a170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb483f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb1a170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb1a170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ed40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ee00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb1a170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ed40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8fda0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ef30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ee00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ed40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8fda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8fda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96100
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ef30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ec80 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb95f40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ef30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96100
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb95f40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95f40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb93350
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95f40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb96100
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92fb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb93350 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95f40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb96100 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90c10 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92fb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90c10 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb95f40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb95f40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb92fb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb95f40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbad320
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb92fb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbad320 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbad320 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba9db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba9db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbaff50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbaff50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaff50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbba2e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaff50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaff50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbba2e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8fce0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbaff50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8fce0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbaff50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba8bf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbba2e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbaff50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbba2e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba8bf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbab7d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbab7d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbab7d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ef30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98db0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ef30 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ef30 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbab7d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbab7d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbab7d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ef30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1a070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ef30 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98db0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1a070 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ef30 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1a070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdd03ac0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98db0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1a070 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ec80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdd03ac0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1a070 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdd03ac0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb7a70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ec80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdd03ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc270d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb7a70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdd03ac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb7a70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98340
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc270d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc270d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6d20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98340 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc270d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb98340
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1eb90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6d20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc270d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb98340 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6d20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1eb90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb98340 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb7a70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1eb90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6d20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba6d20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb98280
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1eb90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba6d20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0c2f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb98280 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba6d20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb7a70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0c2f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc25730
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc258b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbb2660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb7a70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc25730 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc47660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc258b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc25730 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc258b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc47660 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc258b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc47660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0da30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc258b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc47660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc236d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc24870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0da30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc47660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc236d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbb2660
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba2780
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc24870 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc236d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc24870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb9d900
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba2780 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbb2660 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc24870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2780
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbed760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb9d900 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc24870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb9d900
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba64c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbed760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb9d900 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbed760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6080
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba64c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb9d900 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbed760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba64c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc219d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6080 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbed760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba64c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdba2780
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdba6090
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc219d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba64c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdba2780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc219d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbeef00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdba6090 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdba2780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc219d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbeef00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc219d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [Initgroups #253]: New request. Flags [0000].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in
> view [Default Trust View] with filter [(&(objectClass=
> ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_print_server] (0x2000): Searching 10.150.144.113:389
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(objectClass=ipaUserOverride)(uid=et33015))][cn=Default Trust
> View,cn=views,cn=accounts,dc=ipa,dc=preprod,dc=local].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 20
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 20 timeout 6
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb37410], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 20 finished
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_get_ad_override_done] (0x4000): No override found with filter
> [(&(objectClass=ipaUserOverride)(uid=et33015))].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb43cd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb43cd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb57490
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb57490 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb43cd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb43cd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb628f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb43cd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [check_if_pac_is_available] (0x4000): No PAC available.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 21
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 21 timeout 6
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bcb353d0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 21 finished
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb685d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68690
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb685d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68690 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb685d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_search_by_name] (0x0400): No such entry
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8d600
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68510
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8d600 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68510 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8d600 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65af0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8d540
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8d600
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8d540 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8d600 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8d540 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7e870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7e870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7e870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65af0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb483f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb64060
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb483f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb64060 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb483f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7eda0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ee60
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ee60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb04170 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb820a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7f030
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb820a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7f030 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb820a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65af0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84eb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83130
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84eb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83130 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84eb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb85c60
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb85c60 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb85c60 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7eac0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82a30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7eac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82a30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7eac0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb04170
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb37410 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb04170 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85440
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75bb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb802a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb802a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb37410
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb37410 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65af0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb874d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85250
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb874d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85250 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb874d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb65af0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb65af0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79360
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79360 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb67150
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84450
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb67150 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84450 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb67150 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8cc80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8cc80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8cc80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb85000
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb85000 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb84450
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82a30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb84450 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82a30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb84450 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7d370
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7d370 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79360
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79360 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79360 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7a500
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb874d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7a500 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb874d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7a500 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88a80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75bb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88a80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75bb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88a80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75bb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88a80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88a80 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75bb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a750
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86190
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a750 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86190 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a750 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf1810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb748e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf1810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb748e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf1810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf1810
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79ba0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf1810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79ba0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf1810 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7bf00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88f50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7bf00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88f50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7bf00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb88f50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf1c70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb88f50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf1c70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb88f50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf90b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb88f50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf90b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb88f50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf90b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81b20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb73c50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81b20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb73c50 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81b20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7c310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79880
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7c310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79880 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7c310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b7b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb79880
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb79880 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86190
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf2b30
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86190 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf2b30 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86190 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf7720
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf7720 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7dbf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8adf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7dbf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8adf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7dbf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf90b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf90b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf61a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf90b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7baf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7baf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf7e00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbefe20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf7e00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbefe20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf7e00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf41a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf41a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf61a0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf41a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8b7b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8b7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8b7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf61a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7baf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7baf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf61a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7baf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf4070
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7baf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf4070 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7baf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf9cf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb748d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf9cf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf9cf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7baf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf4fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7baf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf4fd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7baf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf4fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf7600
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf4fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf7600 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf4fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf57f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c770
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf57f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c770 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf57f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc03520
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc03520 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc03520 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc03520
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf9e00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc03520 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf9e00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc03520 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf92d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf46e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf92d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf46e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf92d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7c310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb84c10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb84c10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf46e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf92d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf46e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf92d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf46e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf7b60
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8cdb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf7b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8cdb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf7b60 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8cdb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc04b00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8cdb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc04b00 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8cdb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf7ca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf16c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf7ca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf16c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf7ca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc04b00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf6560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc04b00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf6560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc04b00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf6560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf7ca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf6560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf7ca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf6560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8adf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb748d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8adf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb748d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8adf0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc03930
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf16c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc03930 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf16c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc03930 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc048c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc03930
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc048c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc03930 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc048c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf57f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb81b20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf57f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb81b20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf57f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf9fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8b7b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf9fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8b7b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf9fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf9fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbffd90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf9fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbffd90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf9fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8adf0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8adf0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfa080
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7c310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfa080 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfa080 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7c310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfa080
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7c310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfa080 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7c310 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfa630
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfe210
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfa630 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfe210 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfa630 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfd8f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc00b90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc00b90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfd8f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfd8f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfd8f0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf9e00
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf9e00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf9e00 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc009d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7c310
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc009d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7c310 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc009d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86e40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfb780
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86e40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfb780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfb780 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86e40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86e40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb86e40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb86e40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfe7b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfe7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfe7b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83d40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83d40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83d40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02b70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc00b90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02b70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc00b90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02b70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02440
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02dc0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02dc0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a2a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb75420
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb75420 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01be0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02dc0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89990 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75420
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75420 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfea70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75420 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02dc0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02dc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7d5f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02440
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7d5f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02440 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7d5f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02440
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01be0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02440 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01be0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02440 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbee320
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbee320 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7dfe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc06020
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc02b70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc06020 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc02b70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc06020 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02b70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc09300
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02b70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc09300 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02b70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a2a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7dfe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7dfe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc02440
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc02440 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc02440 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a2a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a2a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc09300
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc09300 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89990 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc09300 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbed010
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbed010 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbed010 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfea70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc08550 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfea70 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc07960 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a740 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc07960 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0dfd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc07960 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc08550 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc07960 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0dfd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0dfd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89990 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0dfd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb89990
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc09300
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc09300 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb89990 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1e5c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0dfd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1e5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1e5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc20760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc09300
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc20760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc09300 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc20760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc20760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc20760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc20760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc20760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1e5c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0dfd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1e5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0dfd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1e5c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf39e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbefc40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf39e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbefc40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf39e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc20760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc20760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc20760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0a740
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc08550 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0a740 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbec240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbec240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01530 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbec240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1ced0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc20760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1ced0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc20760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1ced0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc037d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc037d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc08550 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe4a40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0d500
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe4a40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0d500 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe4a40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe4c20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1e020
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe4c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1e020 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe4c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe4c20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc08550
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe4c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc08550 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe4c20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbee160
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfd9b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbee160 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfd9b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbee160 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb79e90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb79e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01530 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb79e90 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbec240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01530 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbec240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01530 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0b000
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbfd9b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0b000 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbfd9b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0b000 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcb650
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbca760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcb650 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbca760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcb650 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbca760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8f000
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbca760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8f000 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbca760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8c770
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc06610
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8c770 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc06610 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8c770 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbca760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbc8e20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbca760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbc8e20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbca760 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0dfd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbca760
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0dfd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbca760 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0dfd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc21400
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe3df0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc21400 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe3df0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc21400 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8bd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc01530 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc01530 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87640
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb7ffb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87640 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb7ffb0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87640 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe4a40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1d6e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe4a40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1d6e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe4a40 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ffb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ffb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01530 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ffb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbf8bd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbec240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbf8bd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbec240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbf8bd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfd9b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc20350
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfd9b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc20350 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfd9b0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87640
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc01530
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87640 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc01530 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87640 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7ffb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8bd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7ffb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7ffb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc06610
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcbca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc06610 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcbca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc06610 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbc8fc0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbf8bd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbc8fc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbf8bd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbc8fc0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8a4e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb91920
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8a4e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb91920 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8a4e0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0e540
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe4a40
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0e540 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe4a40 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0e540 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcaca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcaca0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcaca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0f8b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcaca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcaca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8f9a0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc170b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8f9a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc170b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8f9a0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcaca0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcaca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcaca0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb90870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb90870 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0f8b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc15fd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc15fd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc175c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc175c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc15fd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc175c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc175c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb90870
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe26d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe26d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb90870 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbe26d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbe26d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc044f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0f8b0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc044f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0f8b0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc044f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc21570
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc21570 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd0160
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd0160 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd0160 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc19220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc19220 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc19970
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc19970 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc19970 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82620
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82620 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82620 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc19220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc19220 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc19220 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7eda0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc19220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc19220 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc1e330
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd1240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc1e330 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd1240 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc1e330 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb82620
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb82620 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbce560 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb82620 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd04c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82620
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd04c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82620 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd04c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc09cb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82620
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc09cb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82620 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc09cb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd04c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc19220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd04c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc19220 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd04c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd1240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb82620
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd1240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb82620 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd1240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb7eda0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd04c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd04c0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb7eda0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd1240
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd0d70
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd1240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd0d70 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd1240 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc19220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc19220 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb81890
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd3850
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb81890 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd3850 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb81890 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbce560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1b950
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1b950 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbce560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x0400): Executing extended operation
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_send] (0x2000): ldap_extended_operation sent, msgid = 22
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_op_add]
> (0x2000): New operation 22 timeout 6
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb8f2f0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[0x7f59bdb8f2f0], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_message] (0x4000): Message type: [LDAP_RES_EXTENDED]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_exop_done] (0x0400): ldap_extended_operation result: Success(0),
> (null).
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_op_destructor] (0x2000): Operation 22 finished
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [add_v1_user_data] (0x4000): BER tag is [48]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Found new sequence.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [objectSIDString].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [userPrincipalName].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [adUserAccountControl].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [mail].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalDN].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_extra_attrs]
> (0x4000): Extra attribute [originalMemberOf].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcb590
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcabe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcb590 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcb590 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe3c50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcabe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe3c50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe3c50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83ed0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcabe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83ed0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcabe0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83ed0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbe3c50
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb68e20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbe3c50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb68e20 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbe3c50 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb68e20
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb83ed0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb68e20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb83ed0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb68e20 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbcabe0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1d040
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbcabe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1d040 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbcabe0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc04560
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc1d040
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc04560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc1d040 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc04560 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb83ed0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbcb590
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb83ed0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbcb590 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb83ed0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbd0220
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbd02e0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbd0220 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbd02e0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbd0220 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb8ece0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc027d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb8ece0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc027d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb8ece0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc0fcb0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8c890
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc0fcb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8c890 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc0fcb0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x4000): Found original AD upn [
> Subaranchan.Thanagopal at EVRY.COM].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [is_email_from_domain] (0x4000): Email [Subaranchan.Thanagopal at evry.com]
> is not from domain [corp.corpcommon.com].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfd110
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb75420
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb8ea60
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb75420 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb8ea60 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb75420 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfd110
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc07960
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc07960 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdbfd110
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89010
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdbfd110 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89010
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86d80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89010
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86d80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86d80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb628f0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdbffcd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdbffcd0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb628f0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb86d80
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb89010
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb86d80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb89010 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb86d80 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x4000): Added [et33015 at corp.corpcommon.com][name=
> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
> (0x0400): Root domain uses fully-qualified names, objects might not be
> correctly added to groups with short names.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_s2n_save_objects] (0x2000): Updating memberships for
> et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdc05250
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc095d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdc05250 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=corp.
> corpcommon.com,cn=sysdb)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc095d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdc05250 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> cancel ldb transaction (nesting: 2)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
> object](32)[ldb_wait: No such object (32)]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sysdb_update_members_ex] (0x0020): Could not add member [
> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 1)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb850c0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdb99610
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb850c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdb99610 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb850c0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bdb87360
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bdc0a800
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bdb87360 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bdc0a800 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bdb87360 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sdap_id_op_done]
> (0x4000): releasing operation connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [Initgroups #253]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [Initgroups #253]: Receiving request data.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #253]:
> Finished. Success.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_reply_std] (0x1000): DP Request [Initgroups #253]: Returning
> [Success]: 0,0,Success
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_table_value_destructor] (0x0400): Removing [0:1:0000:3:1::corp.
> corpcommon.com:name=et33015 at corp.corpcommon.com] from reply table
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [Initgroups #253]: Request removed.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: sh[0x7f59bcae50e0], connected[1],
> ops[(nil)], ldap[0x7f59bcb0f6e0]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb1e590
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): dbus conn: 0x7f59bcb22f10
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
> (0x4000): Dispatching.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.pamHandler
> on path /org/freedesktop/sssd/dataprovider
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
> (0x0100): Got request with the following data
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): command: SSS_PAM_PREAUTH
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): domain: corp.corpcommon.com
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): user: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): service: sshd
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): tty: ssh
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): ruser:
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): rhost: 146.213.128.135
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): authtok type: 0
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): newauthtok type: 0
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): priv: 1
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): cli_pid: 18003
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
> (0x0100): logon name: not set
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): DP Request [PAM Preauth #254]: New request. Flags [0000].
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
> (0x0400): Number of active DP request: 1
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_send] (0x1000): Wait queue of user [
> et33015 at corp.corpcommon.com] is empty, running request [0x7f59bcb348d0]
> immediately.
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
> (0x4000): No mapping for: et33015 at corp.corpcommon.com
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb0d9d0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0da90
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb0d9d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0da90 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb0d9d0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb43cd0
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb5dd10
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb43cd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb5dd10 "ltdb_timeout"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb43cd0 "ltdb_callback"
>
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [get_port_status]
> (0x1000): Port status of port 0 for server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
> seconds
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [get_server_status] (0x1000): Status of server 'ilt-gif-ipa01.ipa.preprod.local'
> is 'working'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x1000): Saving the first resolved server
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [ipa_resolve_callback] (0x0400): Constructed uri 'ldap://ilt-gif-ipa01.ipa.
> preprod.local'
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/pubconf/.
> krb5info_dummy_HX50Jj]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
> (0x2000): File already removed: [/var/lib/sss/pubconf/.
> krb5info_dummy_HX50Jj]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_resolve_done] (0x2000): Subdomain corp.corpcommon.com is
> inactive, will proceed offline
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Setting up signal handler up for pid [18004]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [child_handler_setup] (0x2000): Signal handler set up for pid [18004]
> (Mon Jan  9 16:10:13 2017) [sssd[be[ipa.preprod.local]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [read_pipe_handler] (0x0400): EOF received, client finished
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [set_server_common_status] (0x0100): Marking server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server
> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [krb5_mod_ccname]
> (0x4000): Save ccname [KEYRING:persistent:1007629326] for user [
> et33015 at corp.corpcommon.com].
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> start ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_callback": 0x7f59bcb5d300
>
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Added timed event "ltdb_timeout": 0x7f59bcb0d9d0
>
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Running timer event 0x7f59bcb5d300 "ltdb_callback"
>
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Destroying timer event 0x7f59bcb0d9d0 "ltdb_timeout"
>
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> Ending timer event 0x7f59bcb5d300 "ltdb_callback"
>
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
> commit ldb transaction (nesting: 0)
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_cache_creds] (0x0080): Delayed authentication is only available
> for password authentication (single factor).
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [check_wait_queue] (0x1000): Wait queue for user [
> et33015 at corp.corpcommon.com] is empty.
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f59bcb348d0]
> done.
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
> (0x0400): DP Request [PAM Preauth #254]: Request handler finished [0]:
> Success
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
> (0x0400): DP Request [PAM Preauth #254]: Receiving request data.
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #254]: Request
> removed.
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [dp_req_destructor] (0x0400): Number of active DP request: 0
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
> (0x1000): DP Request [PAM Preauth #254]: Sending result [4][
> corp.corpcommon.com]
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x1000): Waiting for child [18004].
> (Mon Jan  9 16:10:14 2017) [sssd[be[ipa.preprod.local]]]
> [child_sig_handler] (0x0100): child [18004] finished successfully.
>
>
>
>
> =============================
> krb5_child.log
> =======================================
>
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17411] 1483974230.148904: Getting
> initial credentials for Subaranchan.Thanagopal at DOMAIN.COM
>
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17411] 1483974230.148944: Sending
> request (176 bytes) to DOMAIN.COM (master)
>
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> pre-auth.
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Mon Jan  9 16:03:50 2017) [[sssd[krb5_child[17411]]]] [main] (0x0400):
> krb5_child completed successfully
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
> krb5_child started.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [unpack_buffer]
> (0x1000): total buffer size: [63]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [unpack_buffer]
> (0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
> enterprise principal [true] offline [false] UPN [Subaranchan.Thanagopal@
> DOMAIN.COM]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [find_principal_in_keytab] (0x4000): Trying to find principal
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [match_principal]
> (0x1000): Principal matched to the sample (host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL).
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [check_fast_ccache]
> (0x0200): FAST TGT is still valid.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x2000):
> Running as [1007629326][1007629326].
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_setup]
> (0x2000): Running as [1007629326][1007629326].
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
> Will perform pre-auth
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.236347: Getting
> initial credentials for Subaranchan.Thanagopal\@
> DOMAIN.COM at IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238353: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238416: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.
> LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238554: Sending
> request (203 bytes) to IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.238722: Initiating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.239048: Sending TCP
> request to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240026: Received
> answer (208 bytes) from stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240054: Terminating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240108: Response was
> from master KDC
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240139: Received
> error from KDC: -1765328316/Realm not local to KDC
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240164: Following
> referral to realm CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240188: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240240: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
> \@CORP.CORPCOMMON.COM at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.240287: Sending
> request (207 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.249619: Resolving
> hostname ccddc021.corp.corpcommon.com.
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.253095: Sending
> initial UDP request to dgram x.x.x..51:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.257846: Received
> answer (223 bytes) from dgram x.x.x..51:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258165: Response was
> not from master KDC
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258204: Received
> error from KDC: -1765328359/Additional pre-authentication required
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258245: Processing
> preauth types: 16, 15, 19, 2
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258275: Selected
> etype info: etype aes256-cts, salt "CORP.CORPCOMMON.COMSubaranchan.Thanagopal",
> params ""
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258309: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_krb5_responder] (0x4000): Got question [password].
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258360: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258392: Preauth
> module pkinit (16) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258415: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258446: Preauth
> module pkinit (14) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
> (0x4000): sss_krb5_prompter name [(null)] banner [(null)] num_prompts [1]
> EINVAL.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
> (0x0020): Cannot handle password prompts.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [sss_krb5_prompter]
> (0x4000): Prompt [0][Password for Subaranchan.Thanagopal\@DOMAIN
> .COM at CORP.CORPCOMMON.COM].
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258502: Preauth
> module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read
> password
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258534: Retrying AS
> request with master KDC
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258553: Getting
> initial credentials for Subaranchan.Thanagopal\@
> DOMAIN.COM at IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258583: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258618: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.
> LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258655: Sending
> request (203 bytes) to IPA.PREPROD.LOCAL (master)
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258698: Initiating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.258961: Sending TCP
> request to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259889: Received
> answer (208 bytes) from stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259916: Terminating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259959: Received
> error from KDC: -1765328316/Realm not local to KDC
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259982: Following
> referral to realm CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.259998: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.260028: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
> \@CORP.CORPCOMMON.COM at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17947] 1483974591.260065: Sending
> request (207 bytes) to CORP.CORPCOMMON.COM (master)
>
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [22} during pre-auth.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]]
> [pack_response_packet] (0x2000): response packet size: [12]
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Mon Jan  9 16:09:51 2017) [[sssd[krb5_child[17947]]]] [main] (0x0400):
> krb5_child completed successfully
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x0400):
> krb5_child started.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
> (0x1000): total buffer size: [168]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
> enterprise principal [true] offline [false] UPN [Subaranchan.Thanagopal@
> DOMAIN.COM]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
> [KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [switch_creds]
> (0x0200): Switch user to [1007629326][1007629326].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1007629326]
> and is not active and TGT is  valid.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [k5c_precreate_ccache] (0x4000): Recreating ccache
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [find_principal_in_keytab] (0x4000): Trying to find principal
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [match_principal]
> (0x1000): Principal matched to the sample (host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL).
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [check_fast_ccache]
> (0x0200): FAST TGT is still valid.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x2000):
> Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [k5c_setup]
> (0x2000): Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [main] (0x0400):
> Will perform online auth
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.739334: Getting
> initial credentials for Subaranchan.Thanagopal\@
> DOMAIN.COM at IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741310: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741370: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.
> LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741441: Sending
> request (203 bytes) to IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741611: Initiating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.741971: Sending TCP
> request to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743259: Received
> answer (208 bytes) from stream x.x.x.113:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743288: Terminating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743352: Response was
> from master KDC
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743387: Received
> error from KDC: -1765328316/Realm not local to KDC
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743413: Following
> referral to realm CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743438: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743476: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
> \@CORP.CORPCOMMON.COM at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.743541: Sending
> request (207 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.746015: Resolving
> hostname ccddc002.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.746901: Sending
> initial UDP request to dgram x.x.x.x:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.752933: Received
> answer (223 bytes) from dgram x.x.x.x:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753411: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753452: Received
> error from KDC: -1765328359/Additional pre-authentication required
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753496: Processing
> preauth types: 16, 15, 19, 2
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753527: Selected
> etype info: etype aes256-cts, salt "CORP.CORPCOMMON.COMSubaranchan.Thanagopal",
> params ""
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753562: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_krb5_responder] (0x4000): Got question [password].
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753613: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753647: Preauth
> module pkinit (16) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753670: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.753688: Preauth
> module pkinit (14) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764129: AS key
> obtained for encrypted timestamp: aes256-cts/C793
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764220: Encrypted
> timestamp (for 1483974601.226309): plain 301AA011180F32303137303130393135313030315AA1050203037405,
> encrypted EC892550B0E9B08F587BE6FD8042444C3C1ECD807E1E432C0A37E65E0912
> 81D5A8A33DEB4317C1E86D493D88622D26D259B1A2E7A05C4E02
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764252: Preauth
> module encrypted_timestamp (2) (real) returned: 0/Success
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764270: Produced
> preauth for next request: 2
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.764301: Sending
> request (287 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.767168: Resolving
> hostname ccddc001.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.767730: Sending
> initial UDP request to dgram x.x.x..4:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.774793: Received
> answer (110 bytes) from dgram x.x.x..4:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775399: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775451: Received
> error from KDC: -1765328332/Response too big for UDP, retry with TCP
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775490: Request or
> response is too big for UDP; retrying with TCP
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.775520: Sending
> request (287 bytes) to CORP.CORPCOMMON.COM (tcp only)
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.776943: Resolving
> hostname ccddc021.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.777561: Initiating
> TCP connection to stream x.x.x..51:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.780937: Sending TCP
> request to stream x.x.x..51:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.784705: Received
> answer (5088 bytes) from stream x.x.x..51:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.784771: Terminating
> TCP connection to stream x.x.x..51:88
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785343: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785419: Processing
> preauth types: 19
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785460: Selected
> etype info: etype aes256-cts, salt "CORP.CORPCOMMON.COMSubaranchan.Thanagopal",
> params ""
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785509: Produced
> preauth for next request: (empty)
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785545: AS key
> determined by preauth: aes256-cts/C793
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785649: Decrypted AS
> reply; session key is: aes256-cts/50CB
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785709: FAST
> negotiation: unavailable
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_krb5_expire_callback_func] (0x2000): exp_time: [11294803]
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]] [validate_tgt]
> (0x2000): Keytab entry with the realm of the credential not found in
> keytab. Using the last entry.
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785909: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from
> MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785942: Resolving
> unique ccache of type MEMORY
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.785984: Initializing
> MEMORY:tcSx3v4 with default princ ET33015 at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786023: Storing
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/CORP.CORPCOMMON.COM@
> CORP.CORPCOMMON.COM in MEMORY:tcSx3v4
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786078: Getting
> credentials ET33015 at CORP.CORPCOMMON.COM -> host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL using ccache MEMORY:tcSx3v4
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786148: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL from MEMORY:tcSx3v4 with result:
> -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786204: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
> from MEMORY:tcSx3v4 with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786252: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/CORP.CORPCOMMON.COM@
> CORP.CORPCOMMON.COM from MEMORY:tcSx3v4 with result: 0/Success
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786284: Starting
> with TGT for client realm: ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
> CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786344: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
> from MEMORY:tcSx3v4 with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786382: Requesting
> TGT krbtgt/IPA.PREPROD.LOCAL at CORP.CORPCOMMON.COM using TGT krbtgt/
> CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786438: Generated
> subkey for TGS request: aes256-cts/1352
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786514: etypes
> requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac,
> camellia128-cts, camellia256-cts
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786639: Encoding
> request body and padata into FAST request
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.786867: Sending
> request (5211 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.789174: Resolving
> hostname ccddc024.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:01 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974601.789789: Sending
> initial UDP request to dgram .16:88
>
> (Mon Jan  9 16:10:02 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974602.790950: Resolving
> hostname ccddc002.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:02 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974602.791675: Sending
> initial UDP request to dgram x.x.x.x:88
>
> (Mon Jan  9 16:10:03 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974603.792859: Resolving
> hostname ccddc201.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:03 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974603.796613: Sending
> initial UDP request to dgram x.x.x..11:88
>
> (Mon Jan  9 16:10:04 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974604.797765: Resolving
> hostname ccddc022.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:04 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974604.798471: Sending
> initial UDP request to dgram x.x.x..17:88
>
> (Mon Jan  9 16:10:05 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974605.799595: Resolving
> hostname ccddc003.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:05 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974605.803449: Sending
> initial UDP request to dgram x.x.x..31:88
>
> (Mon Jan  9 16:10:06 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974606.804602: Resolving
> hostname ccddc021.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:06 2017) [[sssd[krb5_child[17964]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17964] 1483974606.805442: Sending
> initial UDP request to dgram x.x.x..51:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x0400):
> krb5_child started.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
> (0x1000): total buffer size: [168]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
> enterprise principal [true] offline [false] UPN [Subaranchan.Thanagopal@
> DOMAIN.COM]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
> [KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [switch_creds]
> (0x0200): Switch user to [1007629326][1007629326].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1007629326]
> and is not active and TGT is  valid.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [k5c_precreate_ccache] (0x4000): Recreating ccache
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [find_principal_in_keytab] (0x4000): Trying to find principal
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL in keytab.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [match_principal]
> (0x1000): Principal matched to the sample (host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL).
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [check_fast_ccache]
> (0x0200): FAST TGT is still valid.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x2000):
> Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [k5c_setup]
> (0x2000): Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [main] (0x0400):
> Will perform online auth
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [IPA.PREPROD.LOCAL]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.742321: Getting
> initial credentials for Subaranchan.Thanagopal\@
> DOMAIN.COM at IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744290: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744358: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/IPA.PREPROD.
> LOCAL\@IPA.PREPROD.LOCAL at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744423: Sending
> request (203 bytes) to IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744581: Initiating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.744974: Sending TCP
> request to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746081: Received
> answer (208 bytes) from stream x.x.x.113:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746123: Terminating
> TCP connection to stream x.x.x.113:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746205: Response was
> from master KDC
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746239: Received
> error from KDC: -1765328316/Realm not local to KDC
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746264: Following
> referral to realm CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746289: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746346: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/CORP.CORPCOMMON.COM
> \@CORP.CORPCOMMON.COM at X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_IPA.PREPROD.LOCAL
> with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.746390: Sending
> request (207 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.748462: Resolving
> hostname ccddc200.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.753090: Sending
> initial UDP request to dgram x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771016: Received
> answer (223 bytes) from dgram x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771533: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771577: Received
> error from KDC: -1765328359/Additional pre-authentication required
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771619: Processing
> preauth types: 16, 15, 19, 2
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771651: Selected
> etype info: etype aes256-cts, salt "CORP.CORPCOMMON.COMSubaranchan.Thanagopal",
> params ""
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771689: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_krb5_responder] (0x4000): Got question [password].
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771762: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771789: Preauth
> module pkinit (16) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771811: PKINIT
> client has no configured identity; giving up
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.771829: Preauth
> module pkinit (14) (real) returned: 22/Invalid argument
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782205: AS key
> obtained for encrypted timestamp: aes256-cts/C793
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782285: Encrypted
> timestamp (for 1483974607.237644): plain 301AA011180F32303137303130393135313030375AA105020303A04C,
> encrypted A009BC11A6AF843F60332B924D6E0D8DAB36974EC2D4394FAD2C33003FA3
> D2539D810752138398333354AED295BD23DA5DA4E68B37596D9A
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782316: Preauth
> module encrypted_timestamp (2) (real) returned: 0/Success
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782334: Produced
> preauth for next request: 2
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.782359: Sending
> request (287 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.784728: Resolving
> hostname ccddc022.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.785209: Sending
> initial UDP request to dgram x.x.x..17:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790102: Received
> answer (110 bytes) from dgram x.x.x..17:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790458: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790497: Received
> error from KDC: -1765328332/Response too big for UDP, retry with TCP
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790529: Request or
> response is too big for UDP; retrying with TCP
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.790544: Sending
> request (287 bytes) to CORP.CORPCOMMON.COM (tcp only)
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.791641: Resolving
> hostname ccddc200.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.792082: Initiating
> TCP connection to stream x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.805537: Sending TCP
> request to stream x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821342: Received
> answer (5088 bytes) from stream x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821398: Terminating
> TCP connection to stream x.x.x..10:88
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821943: Response was
> not from master KDC
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.821997: Processing
> preauth types: 19
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822024: Selected
> etype info: etype aes256-cts, salt "CORP.CORPCOMMON.COMSubaranchan.Thanagopal",
> params ""
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822045: Produced
> preauth for next request: (empty)
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822066: AS key
> determined by preauth: aes256-cts/C793
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822135: Decrypted AS
> reply; session key is: aes256-cts/E6E5
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822173: FAST
> negotiation: unavailable
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_krb5_expire_callback_func] (0x2000): exp_time: [11294797]
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]] [validate_tgt]
> (0x2000): Keytab entry with the realm of the credential not found in
> keytab. Using the last entry.
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822299: Retrieving
> host/ilt-gif-ipa02.ipa.preprod.local at IPA.PREPROD.LOCAL from
> MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822319: Resolving
> unique ccache of type MEMORY
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822343: Initializing
> MEMORY:WYBu1at with default princ ET33015 at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822364: Storing
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/CORP.CORPCOMMON.COM@
> CORP.CORPCOMMON.COM in MEMORY:WYBu1at
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822390: Getting
> credentials ET33015 at CORP.CORPCOMMON.COM -> host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL using ccache MEMORY:WYBu1at
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822431: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> host/ilt-gif-ipa02.ipa.
> preprod.local at IPA.PREPROD.LOCAL from MEMORY:WYBu1at with result:
> -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822476: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
> from MEMORY:WYBu1at with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822508: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/CORP.CORPCOMMON.COM@
> CORP.CORPCOMMON.COM from MEMORY:WYBu1at with result: 0/Success
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822529: Starting
> with TGT for client realm: ET33015 at CORP.CORPCOMMON.COM -> krbtgt/
> CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822569: Retrieving
> ET33015 at CORP.CORPCOMMON.COM -> krbtgt/IPA.PREPROD.LOCAL at IPA.PREPROD.LOCAL
> from MEMORY:WYBu1at with result: -1765328243/Matching credential not found
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822592: Requesting
> TGT krbtgt/IPA.PREPROD.LOCAL at CORP.CORPCOMMON.COM using TGT krbtgt/
> CORP.CORPCOMMON.COM at CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822622: Generated
> subkey for TGS request: aes256-cts/6802
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822670: etypes
> requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac,
> camellia128-cts, camellia256-cts
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822762: Encoding
> request body and padata into FAST request
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.822862: Sending
> request (5211 bytes) to CORP.CORPCOMMON.COM
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.824965: Resolving
> hostname ccddc001.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:07 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974607.825451: Sending
> initial UDP request to dgram x.x.x..4:88
>
> (Mon Jan  9 16:10:08 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974608.826583: Resolving
> hostname ccddc024.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:08 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974608.827340: Sending
> initial UDP request to dgram x.x.x..16:88
>
> (Mon Jan  9 16:10:09 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974609.828480: Resolving
> hostname ccddc201.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:09 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974609.829332: Sending
> initial UDP request to dgram x.x.x..11:88
>
> (Mon Jan  9 16:10:10 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974610.830472: Resolving
> hostname ccddc022.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:10 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974610.831252: Sending
> initial UDP request to dgram x.x.x..17:88
>
> (Mon Jan  9 16:10:11 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974611.832382: Resolving
> hostname ccddc023.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:11 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974611.836596: Sending
> initial UDP request to dgram x.x.x..50:88
>
> (Mon Jan  9 16:10:12 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974612.837772: Resolving
> hostname ccddc200.corp.corpcommon.com.
>
> (Mon Jan  9 16:10:12 2017) [[sssd[krb5_child[17998]]]]
> [sss_child_krb5_trace_cb] (0x4000): [17998] 1483974612.838549: Sending
> initial UDP request to dgram x.x.x..10:88
>
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
> krb5_child started.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
> (0x1000): total buffer size: [168]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007629326] gid [1007629326] validate [true]
> enterprise principal [false] offline [true] UPN [Subaranchan.Thanagopal@
> DOMAIN.COM]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007629326] old_ccname:
> [KEYRING:persistent:1007629326] keytab: [/etc/krb5.keytab]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [switch_creds]
> (0x0200): Switch user to [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1007629326]
> and is not active and TGT is  valid.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x2000):
> Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [become_user]
> (0x0200): Already user [1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_setup]
> (0x2000): Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
> Will perform offline auth
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]]
> [pack_response_packet] (0x2000): response packet size: [53]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18002]]]] [main] (0x0400):
> krb5_child completed successfully
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
> krb5_child started.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [unpack_buffer]
> (0x1000): total buffer size: [63]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [unpack_buffer]
> (0x0100): cmd [249] uid [1007629326] gid [1007629326] validate [true]
> enterprise principal [false] offline [true] UPN [Subaranchan.Thanagopal@
> DOMAIN.COM]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x2000):
> Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
> (0x0200): Trying to become user [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [become_user]
> (0x0200): Already user [1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [k5c_setup]
> (0x2000): Running as [1007629326][1007629326].
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME]
> from environment.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
> Will perform pre-auth
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [DOMAIN.COM]
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
> [sss_child_krb5_trace_cb] (0x4000): [18004] 1483974613.991835: Getting
> initial credentials for Subaranchan.Thanagopal at DOMAIN.COM
>
> (Mon Jan  9 16:10:13 2017) [[sssd[krb5_child[18004]]]]
> [sss_child_krb5_trace_cb] (0x4000): [18004] 1483974613.993849: Sending
> request (176 bytes) to DOMAIN.COM
>
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
> [sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9850: Retrying AS
> request with master KDC
>
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
> [sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9891: Getting
> initial credentials for Subaranchan.Thanagopal at DOMAIN.COM
>
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
> [sss_child_krb5_trace_cb] (0x4000): [18004] 1483974614.9943: Sending
> request (176 bytes) to DOMAIN.COM (master)
>
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> pre-auth.
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Mon Jan  9 16:10:14 2017) [[sssd[krb5_child[18004]]]] [main] (0x0400):
> krb5_child completed successfully
>
>
> On Mon, Jan 9, 2017 at 11:21 AM, rajat gupta <rajat.linux at gmail.com>
> wrote:
>
>> Hi,
>>
>> Error message is changed today. but same some are able to login but most
>> of the user are not. Please find the below logs form ipa2 server.
>>
>> /var/log/secure
>>
>> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth):
>> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
>> rhost=x.x.x.x.x user=et33015
>> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18942]: pam_sss(sshd:auth): received
>> for user et33015: 6 (Permission denied)
>> Jan  9 11:02:59 ilt-gif-ipa02 sshd[18940]: error: PAM: Authentication
>> failure for et33015 from x.x.x.x.x
>>
>> =================================
>>
>> sssd_nss.log
>>
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[18940].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240a7d0][23]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240a7d0][23]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240a7d0][23]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240a7d0][23]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [et33015] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f2ef0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc8323f67a0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f2ef0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc8323f67a0 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f2ef0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f67a0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc83240a680
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f67a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc83240a680 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f67a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240a7d0][23]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[18942].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [et33015] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc832402d80
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc832401560
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc832402d80 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc832401560 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc832402d80 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f39a0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc83240da50
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f39a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc83240da50 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f39a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [et33015] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f63e0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc832402d80
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f63e0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc832402d80 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f63e0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f39a0
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc83240da50
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f39a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc83240da50 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f39a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7fc8323f4780
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
>> on path /org/freedesktop/sssd/nss/memcache
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
>> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com
>> @corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[nss]] [nss_update_initgr_memcache]
>> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7fc8323f4780
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
>> on path /org/freedesktop/sssd/nss/memcache
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
>> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com
>> @corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[nss]] [nss_update_initgr_memcache]
>> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7fc8323f4780
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
>> on path /org/freedesktop/sssd/nss/memcache
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
>> (0x1000): Updating inigroups memory cache of [e600336 at corp.corpcommon.com
>> @corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_update_initgr_memcache]
>> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[16825].
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [e600336].
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'e600336' matched without domain, user is e600336
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [e600336] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> e600336 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [e600336 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323f6260
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc832406870
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323f6260 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc832406870 "ltdb_timeout"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323f6260 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323ef9f0
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc8323fbd90
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323ef9f0 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc8323fbd90 "ltdb_timeout"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323ef9f0 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [e600336 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_recv] (0x0200): Client
>> disconnected!
>> (Mon Jan  9 11:02:53 2017) [sssd[nss]] [client_close_fn] (0x2000):
>> Terminated client [0x7fc83240aaf0][25]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_recv] (0x0200): Client
>> disconnected!
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [client_close_fn] (0x2000):
>> Terminated client [0x7fc8323fa270][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[18951].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [accept_fd_handler] (0x0400):
>> Client connected!
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Received client version [1].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200):
>> Offered version [1].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [et33015] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323fbd90
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc832401560
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323fbd90 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc832401560 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323fbd90 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc83240b690
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc83240d9b0
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc83240b690 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc83240d9b0 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc83240b690 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400):
>> Running command [17][SSS_NSS_GETPWNAM] with input [et33015].
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100):
>> Requesting info for [et33015] from [corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0100): Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc8323fbd90
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc8323fab40
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc8323fbd90 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc8323fab40 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc8323fbd90 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7fc83240b690
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7fc83240d9b0
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Running timer
>> event 0x7fc83240b690 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer
>> event 0x7fc83240d9b0 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event
>> 0x7fc83240b690 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not
>> a LOCAL view, continuing with provided values.
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [check_cache] (0x0400): Cached
>> entry is valid, returning..
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_cmd_getpwnam_search]
>> (0x0400): Returning info for user [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7fc832406bc0][24]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7fc8323f4780
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_message_handler] (0x2000):
>> Received SBUS method org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups
>> on path /org/freedesktop/sssd/nss/memcache
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [sbus_get_sender_id_send]
>> (0x2000): Not a sysbus message, quit
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_memorycache_update_initgroups]
>> (0x1000): Updating inigroups memory cache of [et33015 at corp.corpcommon.com
>> @corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[nss]] [nss_update_initgr_memcache]
>> (0x0040): Unknown domain (corp.corpcommon.com) requested by provider
>>
>>
>> ==============================================
>> sssd_pam.log
>>
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[18942].
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
>> Client connected to privileged pipe!
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Received client version [3].
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Offered version [3].
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100):
>> entering pam_cmd_preauth
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_PREAUTH
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18942
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_check_timeout]
>> (0x4000): User [et33015] not found in PAM cache.
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
>> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
>> Creating request for [corp.corpcommon.com][0x3][BE_
>> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_internal_get_send]
>> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
>> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
>> Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf824a0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf9a520
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf824a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf9a520 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf824a0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf7cbd0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf85090
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf7cbd0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf85090 "ltdb_timeout"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf7cbd0 "ltdb_callback"
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
>> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
>> User's primary name is et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
>> [et33015] added to PAM initgroup cache
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
>> Sending request with the following data:
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_PREAUTH
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18942
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
>> pam_dp_send_req returned 0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
>> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
>> received: [0 (Success)][corp.corpcommon.com]
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
>> called with result [0]: Success.
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 44
>> (Mon Jan  9 11:02:41 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:46 2017) [sssd[pam]] [pam_initgr_cache_remove]
>> (0x2000): [et33015] removed from PAM initgroup cache
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100):
>> entering pam_cmd_authenticate
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_AUTHENTICATE
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 1
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18942
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_check_timeout]
>> (0x4000): User [et33015] not found in PAM cache.
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
>> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
>> Creating request for [corp.corpcommon.com][0x3][BE_
>> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_internal_get_send]
>> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
>> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
>> Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf8fe00
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf849b0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf8fe00 "ltdb_callback"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf849b0 "ltdb_timeout"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf8fe00 "ltdb_callback"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf8fc40
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf90d60
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf8fc40 "ltdb_callback"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf90d60 "ltdb_timeout"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf8fc40 "ltdb_callback"
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
>> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
>> User's primary name is et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
>> [et33015] added to PAM initgroup cache
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
>> Sending request with the following data:
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_AUTHENTICATE
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 1
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18942
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
>> pam_dp_send_req returned 0
>> (Mon Jan  9 11:02:47 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
>> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:52 2017) [sssd[pam]] [pam_initgr_cache_remove]
>> (0x2000): [et33015] removed from PAM initgroup cache
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[16825].
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
>> Client connected to privileged pipe!
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Received client version [3].
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Offered version [3].
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_cmd_close_session] (0x0100):
>> entering pam_cmd_close_session
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): name 'e600336' matched without domain, user is e600336
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_CLOSE_SESSION
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> e600336
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> 146.213.0.134
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 16825
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: e600336
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> e600336 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_check_timeout]
>> (0x4000): User [e600336] not found in PAM cache.
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
>> Issuing request for [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
>> Creating request for [corp.corpcommon.com][0x3][BE_
>> REQ_INITGROUPS][1][name=e600336 at corp.corpcommon.com:-]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf96250
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_internal_get_send]
>> (0x0400): Entering request [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf96250
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
>> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
>> Requesting info for [e600336 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf8c680
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf9a280
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf8c680 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf9a280 "ltdb_timeout"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf8c680 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf975f0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf9b8d0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf975f0 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf9b8d0 "ltdb_timeout"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf975f0 "ltdb_callback"
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
>> Returning info for user [e600336 at corp.corpcommon.com@corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
>> User's primary name is e600336 at corp.corpcommon.com
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
>> [e600336] added to PAM initgroup cache
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
>> Sending request with the following data:
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_CLOSE_SESSION
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> e600336 at corp.corpcommon.com
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> 146.213.0.134
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 16825
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: e600336
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
>> pam_dp_send_req returned 0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
>> Deleting request: [0x7f0bec426c30:3:e600336 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
>> received: [0 (Success)][corp.corpcommon.com]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
>> called with result [0]: Success.
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_recv] (0x0200): Client
>> disconnected!
>> (Mon Jan  9 11:02:53 2017) [sssd[pam]] [client_close_fn] (0x2000):
>> Terminated client [0x7f0becf906d0][22]
>> (Mon Jan  9 11:02:58 2017) [sssd[pam]] [pam_initgr_cache_remove]
>> (0x2000): [e600336] removed from PAM initgroup cache
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
>> received: [6 (Permission denied)][corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
>> called with result [6]: Permission denied.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 85
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_recv] (0x0200): Client
>> disconnected!
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [client_close_fn] (0x2000):
>> Terminated client [0x7f0becf7e800][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x4000): Client
>> creds: euid[0] egid[0] pid[18951].
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [get_client_cred] (0x0020):
>> SELINUX_getpeercon failed [-1][Unknown error -1].
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [accept_fd_handler] (0x0400):
>> Client connected to privileged pipe!
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Received client version [3].
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200):
>> Offered version [3].
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][21]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100):
>> entering pam_cmd_preauth
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): name 'et33015' matched without domain, user is et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_parse_name_for_domains]
>> (0x0200): using default domain [corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_PREAUTH
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18951
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000):
>> Checking negative cache for [NCE/USER/corp.corpcommon.com/
>> et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_check_timeout]
>> (0x4000): User [et33015] not found in PAM cache.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400):
>> Issuing request for [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_account_msg] (0x0400):
>> Creating request for [corp.corpcommon.com][0x3][BE_
>> REQ_INITGROUPS][1][name=et33015 at corp.corpcommon.com:-]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_internal_get_send]
>> (0x0400): Entering request [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf861b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got
>> reply from Data Provider - DP error code: 0 errno: 0 error message: Success
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0100):
>> Requesting info for [et33015 at corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf8fc40
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf8fe00
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf8fc40 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf8fe00 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf8fc40 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_callback": 0x7f0becf84200
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Added timed event
>> "ltdb_timeout": 0x7f0becf85090
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Running timer
>> event 0x7f0becf84200 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer
>> event 0x7f0becf85090 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [ldb] (0x4000): Ending timer event
>> 0x7f0becf84200 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_check_user_search] (0x0400):
>> Returning info for user [et33015 at corp.corpcommon.com@corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pd_set_primary_name] (0x0400):
>> User's primary name is et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000):
>> [et33015] added to PAM initgroup cache
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_send_req] (0x0100):
>> Sending request with the following data:
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> command: SSS_PAM_PREAUTH
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): domain:
>> corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): user:
>> et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> service: sshd
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser:
>> not set
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost:
>> x.x.x.x.x
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): authtok
>> type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> newauthtok type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100):
>> cli_pid: 18951
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_print_data] (0x0100): logon
>> name: et33015
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_add_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100):
>> pam_dp_send_req returned 0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400):
>> Deleting request: [0x7f0bec426c30:3:et33015 at corp.corpcommon.com@
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000):
>> 0x7f0becf7c310
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus
>> conn: 0x7f0becf7f8b0
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [sbus_dispatch] (0x4000):
>> Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200):
>> received: [4 (System error)][corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply
>> called with result [4]: System error.
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 36
>> (Mon Jan  9 11:02:59 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle
>> timer re-set for client [0x7f0becf906d0][21]
>>
>> ===========================
>>
>> sssd_ipa.preprod.local.log
>>
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8f5ffb0 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
>> (0x0400): Root domain uses fully-qualified names, objects might not be
>> correctly added to groups with short names.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
>> (0x4000): Added [et33015 at corp.corpcommon.com][name=
>> et33015 at corp.corpcommon.com,cn=groups,cn=corp.corpcommon.com,cn=sysdb].
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [get_groups_dns]
>> (0x0400): Root domain uses fully-qualified names, objects might not be
>> correctly added to groups with short names.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [ipa_s2n_save_objects] (0x2000): Updating memberships for
>> et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> start ldb transaction (nesting: 1)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> start ldb transaction (nesting: 2)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8fcf1f0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8fceee0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8fcf1f0 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Entry not found (name=et33015 at corp.corpcommon.com,cn=groups,cn=
>> corp.corpcommon.com,cn=sysdb)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8fceee0 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8fcf1f0 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> cancel ldb transaction (nesting: 2)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such
>> object](32)[ldb_wait: No such object (32)]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sysdb_mod_group_member] (0x0400): Error: 2 (No such file or directory)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sysdb_update_members_ex] (0x0020): Could not add member [
>> et33015 at corp.corpcommon.com] to group [name=et33015 at corp.corpcommon.com
>> ,cn=groups,cn=corp.corpcommon.com,cn=sysdb]. Skipping.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> commit ldb transaction (nesting: 1)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> commit ldb transaction (nesting: 0)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8ff9450
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8fa9970
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8ff9450 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8fa9970 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8ff9450 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8fc0700
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8f5e890
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8fc0700 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8f5e890 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8fc0700 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_id_op_done] (0x4000): releasing operation connection
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_id_op_destroy] (0x4000): releasing operation connection
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
>> (0x0400): DP Request [Initgroups #1073]: Request handler finished [0]:
>> Success
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
>> (0x0400): DP Request [Initgroups #1073]: Receiving request data.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_initgr_pp] (0x0400): Ordering NSS responder to update memory cache
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_reply_list_success] (0x0400): DP Request [Initgroups #1073]:
>> Finished. Success.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_reply_std] (0x1000): DP Request [Initgroups #1073]: Returning
>> [Success]: 0,0,Success
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_table_value_destructor] (0x0400): Removing
>> [0:1:0000:3:1::corp.corpcommon.com:name=et33015 at corp.corpcommon.com]
>> from reply table
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_destructor] (0x0400): DP Request [Initgroups #1073]: Request
>> removed.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_destructor] (0x0400): Number of active DP request: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_process_result] (0x2000): Trace: sh[0x7f45b8ea5830], connected[1],
>> ops[(nil)], ldap[0x7f45b8ee1930]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sdap_process_result] (0x2000): Trace: end of ldap_result list
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
>> (0x4000): dbus conn: 0x7f45b8ef2930
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
>> (0x4000): Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
>> (0x4000): dbus conn: 0x7f45b8f0e2b0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [sbus_dispatch]
>> (0x4000): Dispatching.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sbus_message_handler] (0x2000): Received SBUS method
>> org.freedesktop.sssd.dataprovider.pamHandler on path
>> /org/freedesktop/sssd/dataprovider
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_handler]
>> (0x0100): Got request with the following data
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): command: SSS_PAM_PREAUTH
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): domain: corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): user: et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): service: sshd
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): tty: ssh
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): ruser:
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): rhost: x.x.x.x.x
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): authtok type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): newauthtok type: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): priv: 1
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): cli_pid: 18951
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [pam_print_data]
>> (0x0100): logon name: not set
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
>> (0x0400): DP Request [PAM Preauth #1074]: New request. Flags [0000].
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_attach_req]
>> (0x0400): Number of active DP request: 1
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [krb5_auth_queue_send] (0x1000): Wait queue of user [
>> et33015 at corp.corpcommon.com] is empty, running request [0x7f45b8ef6730]
>> immediately.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [krb5_setup]
>> (0x4000): No mapping for: et33015 at corp.corpcommon.com
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8ef5860
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8ee42e0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8ef5860 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8ee42e0 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8ef5860 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8f26f60
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8f18ae0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8f26f60 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8f18ae0 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8f26f60 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [get_server_status] (0x1000): Status of server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [get_port_status] (0x1000): Port status of port 0 for server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6
>> seconds
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [get_server_status] (0x1000): Status of server
>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [be_resolve_server_process] (0x1000): Saving the first resolved server
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [be_resolve_server_process] (0x0200): Found address for server
>> ilt-gif-ipa01.ipa.preprod.local: [10.150.144.113] TTL 1200
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [ipa_resolve_callback] (0x0400): Constructed uri
>> 'ldap://ilt-gif-ipa01.ipa.preprod.local'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [unique_filename_destructor] (0x2000): Unlinking
>> [/var/lib/sss/pubconf/.krb5info_dummy_CFqm2h]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [unlink_dbg]
>> (0x2000): File already removed: [/var/lib/sss/pubconf/.krb5inf
>> o_dummy_CFqm2h]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [krb5_auth_resolve_done] (0x2000): Subdomain corp.corpcommon.com is
>> inactive, will proceed offline
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [child_handler_setup] (0x2000): Setting up signal handler up for pid [18952]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [child_handler_setup] (0x2000): Signal handler set up for pid [18952]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [write_pipe_handler] (0x0400): All data has been sent!
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [read_pipe_handler] (0x0400): EOF received, client finished
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [_be_fo_set_port_status] (0x8000): Setting status: PORT_WORKING. Called
>> from: src/providers/krb5/krb5_auth.c: krb5_auth_done: 1036
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_set_port_status] (0x0100): Marking port 0 of server
>> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [set_server_common_status] (0x0100): Marking server
>> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [fo_set_port_status] (0x0400): Marking port 0 of duplicate server
>> 'ilt-gif-ipa01.ipa.preprod.local' as 'working'
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [krb5_mod_ccname] (0x4000): Save ccname [KEYRING:persistent:1007629326]
>> for user [et33015 at corp.corpcommon.com].
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> start ldb transaction (nesting: 0)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_callback": 0x7f45b8ef56b0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Added timed event "ltdb_timeout": 0x7f45b8f18860
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Running timer event 0x7f45b8ef56b0 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Destroying timer event 0x7f45b8f18860 "ltdb_timeout"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> Ending timer event 0x7f45b8ef56b0 "ltdb_callback"
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [ldb] (0x4000):
>> commit ldb transaction (nesting: 0)
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [krb5_auth_cache_creds] (0x0080): Delayed authentication is only available
>> for password authentication (single factor).
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [check_wait_queue] (0x1000): Wait queue for user [
>> et33015 at corp.corpcommon.com] is empty.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x7f45b8ef6730]
>> done.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_req_done]
>> (0x0400): DP Request [PAM Preauth #1074]: Request handler finished [0]:
>> Success
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [_dp_req_recv]
>> (0x0400): DP Request [PAM Preauth #1074]: Receiving request data.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_destructor] (0x0400): DP Request [PAM Preauth #1074]: Request
>> removed.
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [dp_req_destructor] (0x0400): Number of active DP request: 0
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]] [dp_pam_reply]
>> (0x1000): DP Request [PAM Preauth #1074]: Sending result [4][
>> corp.corpcommon.com]
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [child_sig_handler] (0x1000): Waiting for child [18952].
>> (Mon Jan  9 11:02:59 2017) [sssd[be[ipa.preprod.local]]]
>> [child_sig_handler] (0x0100): child [18952] finished successfully.
>>
>>
>>
>> On Mon, Jan 9, 2017 at 9:48 AM, rajat gupta <rajat.linux at gmail.com>
>> wrote:
>>
>>> few user are able to login. ipa ad-trust setup.
>>>
>>> ==========================
>>> Jan  6 10:48:36 ilt-gif-ipa02 sshd[22490]: reverse mapping checking
>>> getaddrinfo for ilp-noatun.man.cosng.net [146.213.128.135] failed -
>>> POSSIBLE BREAK-IN ATTEMPT!
>>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Invalid user et33015 from
>>> x.x.x.x
>>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: input_userauth_request:
>>> invalid user et33015 [preauth]
>>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: error: PAM: User not known to
>>> the underlying authentication module for illegal user et33015 from x.x.x.x
>>> Jan  6 10:48:48 ilt-gif-ipa02 sshd[22490]: Failed
>>> keyboard-interactive/pam for invalid user et33015 from x.x.x.x port 51270
>>> ssh2
>>> Jan  6 10:48:56 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>>> user et33015 from 146.213.128.135 port 51270 ssh2
>>> Jan  6 10:49:00 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>>> user et33015 from 146.213.128.135 port 51270 ssh2
>>> Jan  6 10:49:02 ilt-gif-ipa02 sshd[22490]: Failed password for invalid
>>> user et33015 from 146.213.128.135 port 51270 ssh2
>>> Jan  6 10:49:32 ilt-gif-ipa02 sshd[22490]: Connection closed by x.x.x.x
>>> [preauth]
>>> ============================
>>>
>>> ====================
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [get_server_status] (0x1000): Status of server
>>> 'ilt-gif-ipa01.ipa.preprod.local' is 'working'
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [get_port_status] (0x1000): Port status of port 0 for server
>>> 'ilt-gif-ipa01.ipa.preprod.local' is 'not working'
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [fo_resolve_service_send] (0x0020): No available servers for service 'IPA'
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_resolve_server_done] (0x1000): Server resolution failed: [5]:
>>> Input/output error
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
>>> [Input/output error])
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_mark_offline] (0x2000): Going offline!
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_mark_offline] (0x2000): Initialize check_if_online_ptask.
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)] was
>>> created
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]: scheduling
>>> task 72 seconds from now [1483696200]
>>> (Fri Jan  6 10:48:48 2017) [sssd[be[ipa.preprod.local]]]
>>> [be_run_offline_cb] (0x0080): Going offline. Running callbacks
>>>
>>> =================
>>>
>>> cat /etc/sssd/sssd.conf
>>> [domain/ipa.preprod.local]
>>>
>>> cache_credentials = True
>>> krb5_store_password_if_offline = True
>>> ipa_domain = ipa.preprod.local
>>> id_provider = ipa
>>> auth_provider = ipa
>>> access_provider = ipa
>>> ipa_hostname = ilt-gif-ipa02.ipa.preprod.local
>>> chpass_provider = ipa
>>> ipa_server = _srv_, ilt-gif-ipa01.ipa.preprod.local
>>> ldap_tls_cacert = /etc/ipa/ca.crt
>>> debug_level = 9
>>>
>>>
>>> [sssd]
>>> default_domain_suffix = corp.corpcommon.com
>>> services = nss, sudo, pam, ssh
>>> debug_level = 9
>>>
>>>
>>> domains = ipa.preprod.local
>>> [nss]
>>> override_homedir = /home/%u
>>> debug_level = 9
>>>
>>>
>>>
>>> [pam]
>>> debug_level = 9
>>>
>>>
>>> [sudo]
>>>
>>> [autofs]
>>>
>>> [ssh]
>>> debug_level = 9
>>>
>>>
>>> [pac]
>>>
>>> [ifp]
>>> ===============
>>>
>>> i am able to getent and  kinit for all of the AD user. but most of the
>>> user are not able to login via ssh /ad-password
>>>
>>> getent passwd  et33015
>>> et33015 at corp.corpcommon.com:*:1007629326:1007629326:Th
>>> Sub:/home/et33015:
>>>
>>> and
>>>
>>> kinit et33015 at CORP.CORPCOMMON.COM <http://corp.corpcommon.com/>
>>>
>>>
>>>
>>
>>
>> --
>>
>> *Rajat Gupta *
>>
>
>
>
> --
>
> *Rajat Gupta *
>



-- 

*Rajat Gupta *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/54651752/attachment.htm>

From rstory at tislabs.com  Mon Jan  9 15:38:13 2017
From: rstory at tislabs.com (Robert Story)
Date: Mon, 9 Jan 2017 10:38:13 -0500
Subject: [Freeipa-users] Getting error "Permission denied (publickey,
 gssapi-with-mic, password)"  when running below ssh command
In-Reply-To: <20170109095505.GI528@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <CY4PR18MB0920273F50F0B786B4BAC4B0D2620@CY4PR18MB0920.namprd18.prod.outlook.com>
	<20170109095505.GI528@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <20170109103813.55eb1078@ispx.vb.futz.org>

On Mon, 9 Jan 2017 10:55:05 +0100 Sumit wrote:
SB> There are older reports that a similar audit message was triggered by
SB> wrong SELinux labels on $HOME/.ssh and the files within. Although none
SB> of the typical files in this directory are needed by GSSAPI
SB> authentication it might worth to check. Does authentication work if you
SB> temporally disable SELinux by calling 'setenforce 0' as root on the
SB> command line?

Or instead of disabling, fix the labels

  restorecon -rv ~/.ssh

With -v restorecon will report if it changed any labels.

or check for actual denials

  grep avc /var/log/audit/audit.log | grep ssh



Robert

-- 
Senior Software Engineer @ Parsons
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/f283c798/attachment.sig>

From th at casalogic.dk  Mon Jan  9 16:13:20 2017
From: th at casalogic.dk (Troels Hansen)
Date: Mon, 9 Jan 2017 17:13:20 +0100 (CET)
Subject: [Freeipa-users] SLAPD stops answering
In-Reply-To: <C8BB8FB8-6649-4D3C-9412-C6A118716B4F@jisc.ac.uk>
References: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
	<C8BB8FB8-6649-4D3C-9412-C6A118716B4F@jisc.ac.uk>
Message-ID: <2118461968.1601019.1483978400881.JavaMail.zimbra@casalogic.dk>



----- On Jan 9, 2017, at 3:37 PM, Adam Bishop Adam.Bishop at jisc.ac.uk wrote:

> If you attach strace to the slapd process, do you see repeated (failing) calls
> to getpeername()?
> 


Actually, just tried attaching a running dirsrv (which responds to requests): This also spawns lots of failing calls to getpeername:

getpeername(10, 0x7ffe7c586ea0, [112])  = -1 ENOTCONN (Transport endpoint is not connected)
clock_gettime(CLOCK_MONOTONIC, {2443617, 480040038}) = 0
poll([{fd=60, events=POLLIN}, {fd=9, events=POLLIN}, {fd=10, events=POLLIN}, {fd=11, events=POLLIN}, {fd=112, events=POLLIN}, {fd=72, events=POLLIN}, {fd=122, events=POLLIN}, {fd=117, events=POLLIN}, {fd=116, events=POLLIN}, {fd=71, events=POLLIN}, {fd=118, events=POLLIN}, {fd=68, events=POLLIN}, {fd=88, events=POLLIN}, {fd=86, events=POLLIN}, {fd=85, events=POLLIN}, {fd=84, events=POLLIN}, {fd=83, events=POLLIN}, {fd=82, events=POLLIN}, {fd=81, events=POLLIN}, {fd=78, events=POLLIN}, {fd=77, events=POLLIN}, {fd=73, events=POLLIN}, {fd=70, events=POLLIN}, {fd=67, events=POLLIN}], 24, 250) = 0 (Timeout)
getpeername(10, 0x7ffe7c586ea0, [112])  = -1 ENOTCONN (Transport endpoint is not connected)
clock_gettime(CLOCK_MONOTONIC, {2443617, 735666659}) = 0
poll([{fd=60, events=POLLIN}, {fd=9, events=POLLIN}, {fd=10, events=POLLIN}, {fd=11, events=POLLIN}, {fd=112, events=POLLIN}, {fd=72, events=POLLIN}, {fd=122, events=POLLIN}, {fd=117, events=POLLIN}, {fd=116, events=POLLIN}, {fd=71, events=POLLIN}, {fd=118, events=POLLIN}, {fd=68, events=POLLIN}, {fd=88, events=POLLIN}, {fd=86, events=POLLIN}, {fd=85, events=POLLIN}, {fd=84, events=POLLIN}, {fd=83, events=POLLIN}, {fd=82, events=POLLIN}, {fd=81, events=POLLIN}, {fd=78, events=POLLIN}, {fd=77, events=POLLIN}, {fd=73, events=POLLIN}, {fd=70, events=POLLIN}, {fd=67, events=POLLIN}], 24, 250) = 0 (Timeout)
getpeername(10, 0x7ffe7c586ea0, [112])  = -1 ENOTCONN (Transport endpoint is not connected)
clock_gettime(CLOCK_MONOTONIC, {2443617, 986870733}) = 0 



From th at casalogic.dk  Mon Jan  9 16:16:24 2017
From: th at casalogic.dk (Troels Hansen)
Date: Mon, 9 Jan 2017 17:16:24 +0100 (CET)
Subject: [Freeipa-users] SLAPD stops answering
In-Reply-To: <58739620.6000704@redhat.com>
References: <1988361181.1597711.1483967218116.JavaMail.zimbra@casalogic.dk>
	<58739620.6000704@redhat.com>
Message-ID: <430434910.1601045.1483978584681.JavaMail.zimbra@casalogic.dk>

Yes, packages installed and will generate dump next time it happens. 

Yes, the failing RetroCL message is the same changenumber. Repeated about 2-4 times/sec. 

----- On Jan 9, 2017, at 2:54 PM, Ludwig Krispenz <lkrispen at redhat.com> wrote: 

> Hi,

> there seem to be to issues here, maybe related: a hanging slapd process and the
> retro CL errors.

> If the slapd process is not responding can we get a pstack or gdb backtrace (
> http://www.port389.org/docs/389ds/FAQ/faq.html#debug_crashes ) of the process ?
> About the Retro CL messages, is it always the same changenumber which is
> reported ?

> On 01/09/2017 02:06 PM, Troels Hansen wrote:

>> Hi, we have a IPA installation, which obviously needs upgrading.
>> Its a single server running RHEL7.1 running IPA 4.1

>> However, it have been running smooth untill now:

>> Rebooting makes everything running again, but only for a few days.

>> It looks like everything fails around 0:17:47 and comes up again just before 8,
>> when the server is rebooted.

>> Jan 6 00:19:46 fbbidm01 winbindd[2965]: failed to bind to server
>> ldapi://%2fvar%2frun%2fslapd-DOMAIN.LAN.socket with dn="[Anonymous bind]"
>> Error: Local error
>> Jan 6 00:19:46 fbbidm01 winbindd[2965]: (unknown)
>> Jan 6 00:20:29 fbbidm01 winbindd[2965]: [2017/01/06 00:20:29.758332, 0]
>> ipa_sam.c:4128(bind_callback_cleanup)

>> Looking at the SLAPD logs also reveals it stopped answering:

>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=62 SRCH
>> base="cn=radius_aura_admin,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0
>> filter="(objectClass=*)" attrs="cn"
>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=62 RESULT err=0 tag=101 nentries=1
>> etime=0
>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=63 SRCH
>> base="cn=radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0
>> filter="(objectClass=*)" attrs="cn"
>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=63 RESULT err=0 tag=101 nentries=1
>> etime=0
>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=64 SRCH
>> base="cn=system_radius_users,cn=groups,cn=accounts,dc=domain,dc=lan" scope=0
>> filter="(objectClass=*)" attrs="cn"
>> [06/Jan/2017:00:17:47 +0100] conn=40702 op=64 RESULT err=0 tag=101 nentries=1
>> etime=0
>> [06/Jan/2017:00:17:48 +0100] conn=40702 op=65 SRCH
>> base="cn=accounts,dc=domain,dc=lan" scope=2 filter="(uid=sys_prov_aura)"
>> attrs=ALL
>> [06/Jan/2017:00:17:48 +0100] conn=40702 op=65 RESULT err=0 tag=101 nentries=1
>> etime=0
>> [06/Jan/2017:00:17:48 +0100] conn=40702 op=66 BIND
>> dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan" method=128
>> version=3
>> [06/Jan/2017:00:17:48 +0100] conn=40702 op=66 RESULT err=0 tag=97 nentries=0
>> etime=0 dn="uid=sys_prov_aura,cn=users,cn=accounts,dc=domain,dc=lan"
>> [06/Jan/2017:00:17:51 +0100] conn=40703 fd=158 slot=158 connection from
>> 10.250.8.66 to 10.250.8.58
>> [06/Jan/2017:00:17:53 +0100] conn=40704 fd=159 slot=159 SSL connection from
>> 10.250.8.37 to 10.250.8.58
>> [06/Jan/2017:00:18:02 +0100] conn=40705 fd=160 slot=160 SSL connection from
>> 10.250.8.57 to 10.250.8.58
>> [06/Jan/2017:00:18:02 +0100] conn=40706 fd=161 slot=161 SSL connection from
>> 10.250.20.102 to 10.250.8.58
>> [06/Jan/2017:00:18:03 +0100] conn=40707 fd=162 slot=162 SSL connection from
>> 10.250.20.102 to 10.250.8.58
>> [06/Jan/2017:00:18:58 +0100] conn=40708 fd=163 slot=163 connection from
>> 10.250.8.66 to 10.250.8.58
>> [06/Jan/2017:00:19:03 +0100] conn=40709 fd=164 slot=164 connection from local to
>> /var/run/slapd-DOMAIN.LAN.socket
>> [06/Jan/2017:00:19:35 +0100] conn=40710 fd=165 slot=165 connection from
>> 10.250.8.58 to 10.250.8.58
>> [06/Jan/2017:00:19:35 +0100] conn=40711 fd=166 slot=166 connection from
>> 10.150.27.7 to 10.250.8.58
>> [06/Jan/2017:00:19:43 +0100] conn=40712 fd=167 slot=167 SSL connection from
>> 10.250.20.102 to 10.250.8.58
>> [06/Jan/2017:00:19:46 +0100] conn=40713 fd=168 slot=168 connection from local to
>> /var/run/slapd-DOMAIN.LAN.socket

>> It looks like it just stops answering at 00:17:48

>> The slapd error log reveals nothing:

>> [06/Jan/2017:00:17:34 +0100] DSRetroclPlugin - replog: an error occured while
>> adding change number 3875312, dn = changenumber=3875312,cn=changelog: Already
>> exists.
>> [06/Jan/2017:00:17:34 +0100] retrocl-plugin - retrocl_postob: operation failure
>> [68]
>> [06/Jan/2017:07:57:21 +0100] - slapd shutting down - signaling operation threads
>> - op stack size 0 max work q size 735 max work q stack size 23
>> [06/Jan/2017:07:57:21 +0100] - slapd shutting down - waiting for 30 threads to
>> terminate
>> [06/Jan/2017:07:58:02 +0100] SSL Initialization - Configured SSL version range:
>> min: TLS1.0, max: TLS1.2

>> However, see a gazillion of these lines in the error log:

>> DSRetroclPlugin - replog: an error occured while adding change number 3875312,
>> dn = changenumber=3875312,cn=changelog: Already exists.

>> Anyone with some thoughts about this, other that "Just upgrade".

>> --

>> Med venlig hilsen

>> Troels Hansen

>> Systemkonsulent

>> Casalogic A/S

>> T (+45) 70 20 10 63

>> M (+45) 22 43 71 57

>> Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og
>> meget mere.

> --
> Red Hat GmbH, http://www.de.redhat.com/ , Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric
> Shander

> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 

Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 

T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/d1777325/attachment.htm>

From pvoborni at redhat.com  Mon Jan  9 16:57:36 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Mon, 9 Jan 2017 17:57:36 +0100
Subject: [Freeipa-users] FreeIpa client can't execute any command
In-Reply-To: <CACpE_qES-E=OH-c04MALp7qGL7JLoZf6Lm8F+R=SZ-We+Z1GVg@mail.gmail.com>
References: <CACpE_qES-E=OH-c04MALp7qGL7JLoZf6Lm8F+R=SZ-We+Z1GVg@mail.gmail.com>
Message-ID: <39d4b01d-5567-8e59-66a8-e3c799c62a5c@redhat.com>

On 01/09/2017 02:56 PM, ?????? ?????? wrote:
> Hello everyone!
> 
> I'm new to FreeIpa, so if my question is very simple just point me to the 
> documentation.
> 
> I've installed FreeIpa on host demo3.xxx.com <http://demo3.xxx.com>.
> Then registred some other host demo5.xxx.com <http://demo5.xxx.com>. I've used 
> ipa add host command.
> Then installed ipa-client and ipa-admin-tools demo5.
> Checked that they worked and were able to execute commands like kinit and ipa 
> host-find.
> 
> On the host demo3 I've restarted service ipa (service ipa restart).
> Now I'm able to execute  ipa host-find on demo3, but not able to execute this 
> command on demo3.
> I've done kinit by 'someadmin'.
> All ipa commands not working:
> 
> 
> [root at demo5 ~]# ipa -v -d
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:someadmin at XXX.COM 
> <mailto:ipa_session_cookie%3Asomeadmin at XXX.COM>
> ipa: DEBUG: Process finished, return code=1
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=keyctl_search: Required key not available
> 
> ipa: DEBUG: failed to find session_cookie in persistent storage for principal 
> 'someadmin at XXX.COM <mailto:someadmin at XXX.COM>'
> ipa: INFO: trying https://demo3.xxx.com/ipa/json
> ipa: DEBUG: Created connection context.rpcclient_41215888
> ipa: INFO: Forwarding 'schema' to json server 'https://demo3.xxx.com/ipa/json'
> ipa: DEBUG: Destroyed connection context.rpcclient_41215888
> ipa: ERROR: Service 'HTTP at demo3.xxx.com <mailto:HTTP at demo3.xxx.com>' not found 
> in Kerberos database
> 
> 
> It looks like my client is not connected to my server.
> Any ideas how to debug this situation?
> 
> P.S. Hosts - Centos 7. DNS on demo3.
> 
> Regards,
> Andrey
> 


Does following sequence work the same way on both demo3 and demo5?

 $ kdestroy -A
 $ kinit someadmin
 $ kvno HTTP/demo3.xxx.com

Does `ipactl status` show that all services are running fine?

-- 
Petr Vobornik



From hedrick at rutgers.edu  Mon Jan  9 16:52:15 2017
From: hedrick at rutgers.edu (Charles Hedrick)
Date: Mon, 9 Jan 2017 16:52:15 +0000
Subject: [Freeipa-users] documentation or example of using S42U for NFS
Message-ID: <5BCA6356-7A58-4867-BC6A-E0701F84FC1C@rutgers.edu>

Various documentation suggests that it is possible for Gssproxy to get tickets for users who need to use NFS. This is a possible way to handle things like cron jobs.

However while a gssproxy.conf example is given, there?s no sign of what needs to be done in freeipa to authorize it. I tried following instructions for LDAP access, but it doesn?t work. NFS seems to use a different, two-stage method for getting credentials, so that?s not a surprise. There are, not surprisingly, no useful error messages even with logging turned all the way up.




From jgiger at verizon.com  Mon Jan  9 17:39:04 2017
From: jgiger at verizon.com (Giger, Justean)
Date: Mon, 9 Jan 2017 12:39:04 -0500
Subject: [Freeipa-users] disable inactive accounts and delete old
	accounts
In-Reply-To: <D4950F81.6645E%jgiger@one.verizon.com>
References: <D4950F81.6645E%jgiger@one.verizon.com>
Message-ID: <D4990A63.66E3C%jgiger@one.verizon.com>

I should add that I do not have the "disable last success" option enabled for the IPA server
Justean

From: Justean Giger <jgiger at one.verizon.com<mailto:jgiger at one.verizon.com>>
Date: Friday, January 6, 2017 at 9:10 AM
To: "freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>" <freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>>
Subject: disable inactive accounts and delete old accounts

I am trying to use the krblastsuccessfulauth attribute to detect accounts that have been inactive for >90 days as per this post: https://www.redhat.com/archives/freeipa-users/2015-March/msg00052.html
I need to be able to disable these accounts at 90 days then delete them after 180 days.
However, I find most of my users do not have the krblastsuccessfulauth attribute populated. This is not because their accounts have never been used as I see they do have valid passwords which expire in the future so they had to login at least once (not necessarily with Kerberos though). Is there another attribute we can/should use for this?

Justean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/6c4051e2/attachment.htm>

From Adam.Bishop at jisc.ac.uk  Mon Jan  9 18:06:19 2017
From: Adam.Bishop at jisc.ac.uk (Adam Bishop)
Date: Mon, 9 Jan 2017 18:06:19 +0000
Subject: [Freeipa-users] DirSrv hanging
In-Reply-To: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>
References: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>
Message-ID: <67F33439-B7BC-490B-9C09-4D1AC00FF89B@jisc.ac.uk>

On 7 Jan 2017, at 05:19, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> I have a standalone FreeIPA instance that is becoming unresponsive every few hours. While in this state it will accept connections, but will not do anything with them (i.e. if you connect an ldaps client to 636, you see SYN->SYNACK->ACK->ClientHello, but a ServerHello is not returned). This system is running FreeIPA 4.4.0 currently, but this also occurred on 4.2.x. Time is synchronised correctly and this is a fairly new installation so all the PKI expiry dates are well into the future.

Better stacktrace follows - looks like the database is deadlocked?

0x00007f0729552dfd in poll () at ../sysdeps/unix/syscall-template.S:81
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)

Thread 47 (Thread 0x7f0719382700 (LWP 26132)):
#0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x00007f072bcea149 in DS_Sleep (ticks=ticks at entry=100) at ldap/servers/slapd/util.c:1072
        mSecs = <optimized out>
        tm = {tv_sec = 0, tv_usec = 74630}
#2  0x00007f071e20c7e7 in deadlock_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4296
        rval = <optimized out>
        priv = 0x7f072df4a660
        li = <optimized out>
        interval = <optimized out>
#3  0x00007f0729e8e96b in _pt_root (arg=0x7f072dfae960) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072dfae960
        detached = 1
        id = 139668464609024
        tid = 26132
#4  0x00007f072982edc5 in start_thread (arg=0x7f0719382700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0719382700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668464609024, -8975886148032001126, 0, 139668464609728, 139668464609024, 1, 9034517080458922906, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#5  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 46 (Thread 0x7f0718b81700 (LWP 26133)):
#0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x00007f0722fb5bad in __os_sleep (usecs=<optimized out>, secs=<optimized out>, env=0x7f072e0efbf0) at ../../src/os/os_yield.c:90
        t = {tv_sec = 0, tv_usec = 218571}
        ret = <optimized out>
#2  __os_yield (env=env at entry=0x7f072e0efbf0, secs=<optimized out>, secs at entry=1, usecs=<optimized out>, usecs at entry=0) at ../../src/os/os_yield.c:48
No locals.
#3  0x00007f0722fb12b3 in __memp_sync_int (env=env at entry=0x7f072e0efbf0, dbmfp=dbmfp at entry=0x0, trickle_max=trickle_max at entry=0, flags=flags at entry=4, wrote_totalp=wrote_totalp at entry=0x0, interruptedp=interruptedp at entry=0x0) at ../../src/mp/mp_sync.c:483
        bhp = <optimized out>
        bharray = 0x7f07100008c0
        dbmp = 0x7f072e1a55e0
        hp = <optimized out>
        c_mp = <optimized out>
        mp = 0x7f0719383138
        mfp = <optimized out>
        mutex = <optimized out>
        last_mf_offset = 0
        ar_cnt = 1110
        ar_max = <optimized out>
        i = 0
        n_cache = <optimized out>
        remaining = 2
        wrote_total = 1108
        wrote_cnt = 1108
        dirty = <optimized out>
        filecnt = 0
        maxopenfd = 0
        required_write = <optimized out>
        ret = 0
        t_ret = <optimized out>
#4  0x00007f0722fc1752 in __txn_checkpoint (env=env at entry=0x7f072e0efbf0, kbytes=kbytes at entry=0, minutes=minutes at entry=0, flags=flags at entry=0) at ../../src/txn/txn_chkpt.c:242
        dblp = <optimized out>
        ckp_lsn = {file = 226, offset = 156394}
        last_ckp = {file = 0, offset = 0}
        msg_lsn = {file = 226, offset = 158769}
        mgr = <optimized out>
        region = 0x7f071a2dcea8
        lp = 0x7f071a1b9328
        renv = <optimized out>
        infop = <optimized out>
        last_ckp_time = <optimized out>
        now = 0
        bytes = 374817
        id = 1450728411
        logflags = <optimized out>
        mbytes = 12
        op = <optimized out>
        ret = 0
#5  0x00007f0722fc1b74 in __txn_checkpoint_pp (dbenv=<optimized out>, kbytes=0, minutes=0, flags=0) at ../../src/txn/txn_chkpt.c:81
        __rep_check = 0
        __t_ret = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#6  0x00007f071e2109c7 in checkpoint_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4525
        time_of_last_checkpoint_completion = 1483980976
        interval = <optimized out>
        rval = <optimized out>
        priv = <optimized out>
        li = <optimized out>
        debug_checkpointing = 0
        checkpoint_interval = 60
        home_dir = <optimized out>
        list = 0x0
        listp = <optimized out>
        penv = 0x7f072e0f5a40
        time_of_last_comapctdb_completion = 1483980010
        compactdb_interval = 2592000
        txn = {back_txn_txn = 0x0}
#7  0x00007f0729e8e96b in _pt_root (arg=0x7f072dfb55b0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072dfb55b0
        detached = 1
        id = 139668456216320
        tid = 26133
#8  0x00007f072982edc5 in start_thread (arg=0x7f0718b81700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0718b81700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668456216320, -8975886148032001126, 0, 139668456217024, 139668456216320, 1, 9034518179433679770, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#9  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 45 (Thread 0x7f0718380700 (LWP 26134)):
#0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x00007f072bcea149 in DS_Sleep (ticks=ticks at entry=250) at ldap/servers/slapd/util.c:1072
        mSecs = <optimized out>
        tm = {tv_sec = 0, tv_usec = 133889}
#2  0x00007f071e20ca5f in trickle_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4722
        interval = 250
        rval = <optimized out>
        priv = 0x7f072df4a660
        li = <optimized out>
        debug_checkpointing = 0
#3  0x00007f0729e8e96b in _pt_root (arg=0x7f072e1b8540) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e1b8540
        detached = 1
        id = 139668447823616
        tid = 26134
#4  0x00007f072982edc5 in start_thread (arg=0x7f0718380700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0718380700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668447823616, -8975886148032001126, 0, 139668447824320, 139668447823616, 1, 9034519323505593242, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#5  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 44 (Thread 0x7f0717b7f700 (LWP 26135)):
#0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
No locals.
#1  0x00007f072bcea149 in DS_Sleep (ticks=<optimized out>) at ldap/servers/slapd/util.c:1072
        mSecs = <optimized out>
        tm = {tv_sec = 0, tv_usec = 866632}
#2  0x00007f071e260684 in perfctrs_wait (milliseconds=milliseconds at entry=1000, priv=<optimized out>, db_env=<optimized out>) at ldap/servers/slapd/back-ldbm/perfctrs.c:100
        interval = <optimized out>
#3  0x00007f071e2076d7 in perf_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3796
        priv = 0x7f072df4a660
        li = <optimized out>
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e0f60c0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e0f60c0
        detached = 1
        id = 139668439430912
        tid = 26135
#5  0x00007f072982edc5 in start_thread (arg=0x7f0717b7f700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0717b7f700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668439430912, -8975886148032001126, 0, 139668439431616, 139668439430912, 1, 9034520422480350106, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 43 (Thread 0x7f0717175700 (LWP 26136)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e584bd0, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
        rv = <optimized out>
        thred = 0x7f072e5701e0
#2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e584bd0, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
        prit = <optimized out>
#3  0x00007f07211556fe in cos_cache_wait_on_change (arg=<optimized out>) at ldap/servers/plugins/cos/cos_cache.c:407
No locals.
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e5701e0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e5701e0
        detached = 1
        id = 139668428904192
        tid = 26136
#5  0x00007f072982edc5 in start_thread (arg=0x7f0717175700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0717175700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668428904192, -8975886148032001126, 0, 139668428904896, 139668428904192, 1, 9034521243892845466, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 42 (Thread 0x7f0716974700 (LWP 26137)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e4fba70, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
        rv = <optimized out>
        thred = 0x7f072e576670
#2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e4fba70, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
        prit = <optimized out>
#3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e5813a0) at ldap/servers/plugins/roles/roles_cache.c:404
        roles_def = 0x7f072e5813a0
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e576670) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e576670
        detached = 1
        id = 139668420511488
        tid = 26137
#5  0x00007f072982edc5 in start_thread (arg=0x7f0716974700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0716974700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668420511488, -8975886148032001126, 0, 139668420512192, 139668420511488, 1, 9034522345015085978, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 41 (Thread 0x7f0716173700 (LWP 26138)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e520c30, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
        rv = <optimized out>
        thred = 0x7f072e4f7540
#2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e520c30, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
        prit = <optimized out>
#3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e0f0540) at ldap/servers/plugins/roles/roles_cache.c:404
        roles_def = 0x7f072e0f0540
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e4f7540) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e4f7540
        detached = 1
        id = 139668412118784
        tid = 26138
#5  0x00007f072982edc5 in start_thread (arg=0x7f0716173700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0716173700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668412118784, -8975886148032001126, 0, 139668412119488, 139668412118784, 1, 9034523443989842842, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 40 (Thread 0x7f0715972700 (LWP 26139)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e5739f0, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
        rv = <optimized out>
        thred = 0x7f072e0e9ba0
#2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e5739f0, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
        prit = <optimized out>
#3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e4fb050) at ldap/servers/plugins/roles/roles_cache.c:404
        roles_def = 0x7f072e4fb050
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e0e9ba0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e0e9ba0
        detached = 1
        id = 139668403726080
        tid = 26139
#5  0x00007f072982edc5 in start_thread (arg=0x7f0715972700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0715972700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668403726080, -8975886148032001126, 0, 139668403726784, 139668403726080, 1, 9034524545112083354, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 39 (Thread 0x7f0715171700 (LWP 26140)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
No locals.
#1  0x00007f0729e88c87 in pt_TimedWait (cv=cv at entry=0x7f072e0f0798, ml=0x7f072e558850, timeout=timeout at entry=30000) at ../../../nspr/pr/src/pthreads/ptsynch.c:264
        rv = <optimized out>
        now = {tv_sec = 1483983280, tv_usec = 674497}
        tmo = {tv_sec = 1483983310, tv_nsec = 674497000}
        ticks = <optimized out>
#2  0x00007f0729e8916e in PR_WaitCondVar (cvar=0x7f072e0f0790, timeout=timeout at entry=30000) at ../../../nspr/pr/src/pthreads/ptsynch.c:398
        rv = <optimized out>
        thred = 0x7f072e56bed0
#3  0x00007f072c194a13 in housecleaning (cur_time=<optimized out>) at ldap/servers/slapd/house.c:48
        interval = 30000
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e56bed0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e56bed0
        detached = 0
        id = 139668395333376
        tid = 26140
#5  0x00007f072982edc5 in start_thread (arg=0x7f0715171700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0715171700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668395333376, -8975886148032001126, 0, 139668395334080, 139668395333376, 1, 9034525644086840218, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 38 (Thread 0x7f0714970700 (LWP 26141)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
No locals.
#1  0x00007f0729e88c87 in pt_TimedWait (cv=cv at entry=0x7f072e0bfbd8, ml=0x7f072e0d84f0, timeout=timeout at entry=10000) at ../../../nspr/pr/src/pthreads/ptsynch.c:264
        rv = <optimized out>
        now = {tv_sec = 1483983281, tv_usec = 273257}
        tmo = {tv_sec = 1483983291, tv_nsec = 273257000}
        ticks = <optimized out>
#2  0x00007f0729e8916e in PR_WaitCondVar (cvar=0x7f072e0bfbd0, timeout=10000) at ../../../nspr/pr/src/pthreads/ptsynch.c:398
        rv = <optimized out>
        thred = 0x7f072e578fb0
#3  0x00007f072bc79d38 in eq_loop (arg=<optimized out>) at ldap/servers/slapd/eventq.c:326
        timeout = <optimized out>
        until = <optimized out>
#4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e578fb0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e578fb0
        detached = 0
        id = 139668386940672
        tid = 26141
#5  0x00007f072982edc5 in start_thread (arg=0x7f0714970700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0714970700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668386940672, -8975886148032001126, 0, 139668386941376, 139668386940672, 1, 9034526753799015322, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 37 (Thread 0x7f070752d700 (LWP 26143)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668164368128
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f070752be30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06f0205d40
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06f01a8640
        addr = 0x7f06f01a8718
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06f0214f80, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f070752c060
        referral = 0x0
        e = 0x0
        dn = 0x7f06f02023f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06f0130f40
        passin_sdn = 0
        mods = 0x7f06f0205d40
        pw_mod = <optimized out>
        tmpmods = 0x7f06f012bbc0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06f01a8640
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000m\036\203)\a\177\000\000 \000\000\360\006\177\000\000[\000\000\000\000\000\000\000\060\204\020\360\006\177\000\000\000\000\000\000\000\000\000\000\260\372 \360\006\177\000\000\350\361\b\360\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\220 \016\360\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000?\022\360\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000?"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06f0214f80) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06f01a8640
        opresult = 0
        normalized_mods = 0x7f06f012bbc0
        mods = 0x7f06f01040f0
        mod = 0x7f06f012bbc8
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -266252416, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f070752ca90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f070752ca90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f070752ca90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f070752ca90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06f0179ba0
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06f0216d10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06f01b24d0 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06f0179ba0
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\360\006\177\000\000\200\311R\a\a\177\000\000\220\311R\a\a\177\000\000\356\306R\a\a\177\000\000\354\306R\a\a\177\000\000\360\306R\a\a\177\000\000\261\070\255\370\350\003\000\000\000\000\000\000\237?\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000~\000\000\000\001\000\001\000\020\235\033\360\006\177\000\000(\000\000\000\000\000\000\000~", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\300\037j.\a\177\000\000\020\235\033\360\006\177\000\000y\000\000\000\000\000\000\000~\000\000\000\000\000\000\000\300\037j.\a\177\000\000y\000\000\000\000\000\000\000\300\037j.\a\177\000\000\302"...
        bind_target_entry = 0x7f06f0163c20
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06f0176900
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f070752ca90, op=0x7f072e691680, conn=0x7f0707539140) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707539140, pb_op = 0x7f072e691680, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06f02527a0, op_stack_elem = 0x7f072e799ca0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f070752ca90
        conn = 0x7f0707539140
        op = 0x7f072e691680
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54e8f0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54e8f0
        detached = 1
        id = 139668164368128
        tid = 26143
#15 0x00007f072982edc5 in start_thread (arg=0x7f070752d700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f070752d700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668164368128, -8975886148032001126, 0, 139668164368832, 139668164368128, 1, 9034557025265388442, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 36 (Thread 0x7f0706d2c700 (LWP 26144)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139667639601072, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4002, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
        mtxmgr = <optimized out>
        mtxregion = 0x7f0719f71138
        ip = 0x0
        timespec = {tv_sec = 806, tv_nsec = 139668155914328}
        ret = <optimized out>
        dbenv = 0x7f072e1d66a0
        mutexp = 0x7f071a005a08
        now = {tv_sec = 1310720, tv_nsec = 139668814232560}
        nspins = 0
#4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4002, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
No locals.
#5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e73d8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0706d1db00) at ../../src/lock/lock.c:983
        newl = <optimized out>
        lp = <optimized out>
        env = <optimized out>
        sh_obj = 0x7f071a2db2b8
        region = <optimized out>
        ip = 0x0
        ndx = 806
        part_id = <optimized out>
        did_abort = 114416024
        ihold = 0
        grant_dirty = <optimized out>
        no_dd = 1
        ret = 0
        t_ret = <optimized out>
        holder = <optimized out>
        sh_off = <optimized out>
        action = <optimized out>
#6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e73d8, flags=0, obj=obj at entry=0x7f072e197860, lock_mode=<optimized out>, lock=lock at entry=0x7f0706d1db00) at ../../src/lock/lock.c:463
        lt = 0x7f072dfafc70
        ret = <optimized out>
#7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f072e197770, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0706d1db00) at ../../src/db/db_meta.c:1255
        dbp = 0x7f072e2b8f50
        couple = {{op = 114416024, mode = 32519, timeout = 114416020, obj = 0x7f072e197770, lock = {off = 139668628338413, ndx = 774606672, gen = 32519, mode = DB_LOCK_NG}}, {op = 114416032, mode = 32519, timeout = 774648544, obj = 0x7f0706d1dad4, lock = {off = 139666028307872, ndx = 1409, gen = 0, mode = 774606672}}, {op = 114416012, mode = 32519, timeout = 1, obj = 0x12e2cb6d0, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
        reqp = 0x0
        txn = 0x0
        env = 0x7f072e0efbf0
        has_timeout = <optimized out>
        i = 0
        ret = <optimized out>
#8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f072e197770, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0706d1dde0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0706d1dc24) at ../../src/btree/bt_search.c:723
        t = 0x7f072e2cb6d0
        cp = 0x7f06880125a0
        dbp = 0x7f072e2b8f50
        lock = {off = 0, ndx = 806, gen = 0, mode = 3226}
        saved_lock = {off = 0, ndx = 806, gen = 32519, mode = 771423344}
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        h = 0x0
        parent_h = 0x0
        base = <optimized out>
        i = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        lock_mode = DB_LOCK_READ
        pg = 13
        saved_pg = 0
        start_pgno = 0
        recno = 0
        adjust = <optimized out>
        cmp = 3
        deloffset = <optimized out>
        ret = <optimized out>
        set_stack = 1
        stack = 0
        t_ret = <optimized out>
        getlock = 0
        was_next = 0
        get_mode = 0
        wait = 4
        level = 2 '\002'
        saved_level = 255 '\377'
#9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f072e197770, root_pgno=root_pgno at entry=0, key=0x7f0706d1dde0, flags=<optimized out>, exactp=0x7f0706d1dc24) at ../../src/btree/bt_cursor.c:2804
        t = <optimized out>
        cp = <optimized out>
        dbp = <optimized out>
        h = <optimized out>
        base = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        bt_lpgno = 771423344
        recno = 771423344
        sflags = <optimized out>
        bulk = <optimized out>
        cmp = 0
        ret = 0
        t_ret = <optimized out>
#10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f072e197770, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0706d1dcc4) at ../../src/btree/bt_cursor.c:1099
        cp = 0x7f06880125a0
        dbp = 0x7f072e2b8f50
        mpf = <optimized out>
        orig_pgno = 0
        orig_indx = 0
        exact = 32519
        newopd = <optimized out>
        ret = <optimized out>
#11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06f0035460, key=0x7f0706d1dde0, data=0x7f0706d1de10, flags=26) at ../../src/db/db_cam.c:952
        dbp = 0x7f072e2b8f50
        ddbc = <optimized out>
        dbc_n = 0x7f072e197770
        opd = 0x0
        cp = <optimized out>
        cp_n = <optimized out>
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        pgno = 0
        indx_off = <optimized out>
        multi = 2048
        orig_ulen = 0
        tmp_flags = <optimized out>
        tmp_read_locking = 0
        tmp_rmw = 0
        type = <optimized out>
        key_small = 0
        ret = <optimized out>
        t_ret = <optimized out>
#12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06f0035460, key=key at entry=0x7f0706d1dde0, data=data at entry=0x7f0706d1de10, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
No locals.
#13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06f0035460, key=0x7f0706d1dde0, data=0x7f0706d1de10, flags=2074) at ../../src/db/db_iface.c:2359
        dbp = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0706d1ff60, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
        ret = 0
        idl_rc = 0
        cursor = 0x7f06f0035460
        idl = 0x0
        key = {data = 0x7f0706d200c0, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
        data = {data = 0x7f0706d1de70, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        id = 0
        count = 0
        buffer = "\000\000\000\000\000\000\000\000\020e\022\200\006\177\000\000\000\000\000\000\000\000\000\000\360\373\016.\a\177\000\000\000\000\000\000\000\000\000\000\350\253\364\"\a\177\000\000\220s\022\200\006\177\000\000\060\337\000\210\006\177\000\000\000\000\000\000\000\000\000\000\240v\022\200\006\177\000\000\240\320\a\200\006\177\000\000\020e\022\200\006\177\000\000@\t\a\344\006\177\000\000?\364\"\a\177\000\000\230k.\032\364\206\377\377$D\373\"\a\177\000\000\240v\022\200\006\177\000\000\060\337\000\210\006\177\000\000tT\000\032\a\177\000\000>\205\350\"\a\177\000\000\020e\022\200\000\000\000\000\070\021\367\031\a\177\000\000\230\017\000\000\000\000\000\000`\337\321\006\a\177\000\000P\337\321\006\a\177\000\000H"...
        ptr = <optimized out>
        dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
        s_txn = {back_txn_txn = 0x0}
        li = <optimized out>
#15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0706d1ff60, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
No locals.
#16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06e8188e20 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0706d24230, err=err at entry=0x7f0706d26c8c, unindexed=unindexed at entry=0x7f0706d24224, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
        interval = <optimized out>
        db = 0x7f072e2b8f50
        db_txn = 0x0
        key = {data = 0x7f0706d200c0, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        idl = 0x0
        prefix = <optimized out>
        tmpbuf = 0x0
        buf = "=referral\000\000\000\253\001\000\000\004\000\000\000\263\001\000\000\004\000\000\000\273\001\000\000\004\000\000\000\303\001\000\000\004\000\000\000\313\001\000\000\004\000\000\000\323\001\000\000\004\000\000\000\333\001\000\000\004\000\000\000\343\001\000\000\004\000\000\000\353\001\000\000\004\000\000\000\363\001\000\000\002\270 \036\a\177\000\000\004\000\000\000\003\002", '\000' <repeats 19 times>, "^\261\363\257M\331e\b\002\322\006\a\177\000\000 \002\322\006\a\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000\037\205\353Q\000\000\000\000l\337H\036\a\177\000\000 \002\322\006\a\177\000\000\237\241\"\036\a\177\000\000\240\206\001\000\001\000\000\000"...
        typebuf = "objectclass\000\253\000\000\000\004\000\000\000\263\000\000\000\004\000\000\000\273\000\000\000\004\000\000\000\303\000\000\000\004\000\000\000\313\000\000\000\004\000\000\000\323\000\000\000\004\000\000\000\333\000\000\000\004\000\000\000\343\000\000\000\004\000\000\000\353\000\000\000\004\000\000\000\363\000\000\000\004\000\000\000\373\000\000\000\004\000\000\000\003\001\000\000\004\000\000\000\v\001\000\000\004\000\000\000\023\001\000\000\004\000\000\000\033\001\000\000\004\000\000\000#\001\000\000\004\000\000\000+\001\000\000\004\000\000\000\063\001\000\000\004\000\000\000;\001\000\000\004\000\000\000C\001\000\000\004\000\000\000K\001\000\000\004\000\000\000S\001\000\000\004\000\000\000[\001\000\000\004\000\000\000c\001\000\000"...
        ai = 0x7f072e1be6c0
        basetmp = 0x0
        basetype = <optimized out>
        retry_count = 0
        encrypted_val = 0x0
        is_and = 1
        ai_flags = 1
#17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, type=0x7f06e8188e20 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0706d26c8c, unindexed=unindexed at entry=0x7f0706d24224, txn=txn at entry=0x7f0706d24230, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
        idl2 = 0x7f0706d22460
        i = 0
#18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06e81b93a0, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
        tmp = {bv = {bv_len = 8, bv_val = 0x7f06e802d1d0 "referral"}, v_csnset = 0x0, v_flags = 0}
        ptr = {0x7f0706d24280, 0x0}
        fake = {bv = {bv_len = 8, bv_val = 0x7f0706d24320 "referral"}, v_csnset = 0x7f0706d242a8, v_flags = 1536}
        buf = "referral\000-\372\"\a\177\000\000Pi\373-\a\177\000\000\340U\032.\a\177\000\000\034E\322\006\a\177\000\000\000\000\000\000\000\000\000\000\030:\t\000\000\000\000\000{ \303\000\000\000\000\000(E\322\006\a\177", '\000' <repeats 22 times>, "\a\177\000\000\000\000\000\000\a\177\000\000\355v\372\"\a\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000\000\000\000\000$D\373\"\a\177\000\000\002\000\000\000\a\177\000\000\000:\t\000\a\177\000\000\330\234-\032\a\177\000\000\001\000\000\000\a\177\000\000\334C\322\006\000\000\000\000\064D\322\006\a\177\000\000A\b\000\000\000\000\000\000\200"...
        type = 0x7f06e8188e20 "objectclass"
        indextype = 0x7f071e271c87 "eq"
        sv = {bv = {bv_len = 8, bv_val = 0x7f0706d24320 "referral"}, v_csnset = 0x7f0706d242a8, v_flags = 1536}
        bval = 0x7f06e81b93c8
        ivals = 0x7f0706d24250
        idl = 0x0
        unindexed = 0
        sattr = {a_type = 0x7f06e8148950 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
        txn = {back_txn_txn = 0x0}
        pr_idx = 0
#19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e81b93a0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e813f7a0, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x7f06e811e680
        tmp = 0x7f06e811e680
        tmp2 = 0x0
        f = 0x7f06e81b93a0
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 0
#21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e813f7a0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#22 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e81a3080, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x0
        tmp = 0x3
        tmp2 = 0x7f072e0f5f20
        f = 0x7f06e813f7a0
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 1
#23 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06e81a3080, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=100000, allidslimit at entry=0) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#24 0x00007f071e21667a in filter_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=<optimized out>, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c) at ldap/servers/slapd/back-ldbm/filterindex.c:175
No locals.
#25 0x00007f071e252c36 in onelevel_candidates (err=0x7f0706d26c8c, lookup_returned_allidsp=0x7f0706d26c7c, managedsait=<optimized out>, filter=<optimized out>, e=0x7f06e40c7e70, base=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", be=0x7f072e0f5f20, pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1143
        fid2kids = 0x7f06e81572c0
        candidates = <optimized out>
        focref = 0x7f06e81b93a0
        fand = 0x7f06e81a3080
        forr = 0x7f06e813f7a0
        ftop = <optimized out>
#26 build_candidate_list (candidates=0x7f0706d26cb8, lookup_returned_allidsp=0x7f0706d26c7c, scope=<optimized out>, base=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=0x7f072e0f5f20, pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1010
        filter = 0x7f06e81031d0
        err = 0
        li = 0x7f072df49930
        managedsait = 0
        r = 0
#27 ldbm_back_search (pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
        rc = <optimized out>
        time_up = 0
        vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
        vlv_rc = 32519
        lookthrough_limit = 0
        abandoned = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x7f06e40c7e70
        candidates = 0x0
        base = 0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        basesdn = 0x7f06e81bc1f0
        scope = 1
        controls = 0x7f06e81c50d0
        operation = 0x7f072e609210
        addr = 0x7f072e6092e8
        estimate = 0
        sort = 0
        vlv = <optimized out>
        sort_spec = 0x0
        is_sorting_critical = <optimized out>
        is_sorting_critical_orig = 0
        sort_control = 0x0
        virtual_list_view = 0
        vlv_spec = 0x0
        is_vlv_critical = 0
        vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
        sr = <optimized out>
        tmp_err = -1
        tmp_desc = 0x0
        lookup_returned_allids = 0
        backend_count = 0
        print_once = 1
        txn = {back_txn_txn = 0x0}
        rc = <optimized out>
#28 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f0706d2ba90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
        be_suffix = 0x7f072de73fa0
        err = 0
        next_be = 0x0
        base = 0x7f06e8168c70 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normbase = <optimized out>
        fstr = 0x7f06e806c8c0 "(objectClass=*)"
        scope = 1
        be = 0x7f072e0f5f20
        be_single = 0x0
        be_list = {0x7f072e0f5f20, 0x0, 0x7f0706d26fc0, 0x7f0706d26ff0, 0x7f0706d27010, 0x7f0706d27070, 0x7f06e817bc10, 0x7f07075343e8, 0x0, 0x7f0706d27028, 0x90, 0x7f0706d27070, 0x7f06e817bc10, 0x7f0706d27048, 0x90, 0x7f0706d27070, 0x7f06e817bc10, 0x7f07075343e8, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06e80f2580, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06e817bc10, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f07075343e8, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0706d270d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e6dc780, 0x65d94daff3b15e00, 0x1, 0x7f07075343e8, 0x0, 0x7f072c1a4c90, 0x1, 0x7f072bcae93d <bind_credentials_set_nolock+237>, 0x7f072e7e7310, 0x7f072c1a4c90, 0x0, 0x7f072bf4a820 <global_slapdFrontendConfig>, 0x8, 0x0, 0x0, 0x7f0706d27140, 0x7f07075343e8, 0x0, 0x0, 0x80, 0x7f072e7e7310, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f0706d27210, 0x7f072c183b8e <handle_handshake_done+750>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0706d27298, 0xc02f030300000050, 0x10000000800, 0x5873c0c85873c0c8, 0x2058751248, 0x134705c925c81266, 0x5f075a5f0ebf1679, 0xcb7e4d560a396afd, 0xc1cf5d3d29d8c0c1, 0x7f072aa08259, 0x0, 0xc02f0060, 0x7f072aa0dfa0, 0x7f072aa0d911, 0x1, 0x7f072aa0dab9, 0x4, 0x7f072aa0d915, 0x8000800000000a, 0x80, 0x7f072aa0d91d, 0x1008000000006, 0x0, 0x322e31534c54, 0x0, 0x0, 0x7f0706d2725c, 0x7f0706d2735c, 0x7f0700000001, 0x6d27650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06e8174bd0, 0x7f072bd09f50, 0x7f06e8069390, 0x0, 0x0, 0x7f06e8217850, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f0706d27380, 0x7f0706d27370, 0x7f0706d27368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06e821d990, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472
>, 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f0706d27570, 0x7f072e0efbf0, 0x7f0706d27650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f0706d27438, 0x7f0706d27440, 0xffff86ee06d27578, 0x7f0722fb4424 <__os_id+36>, 0x0, 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f0706d276c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06e821d990, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f0706d27650, 0x7f072e0efbf0, 0x7f0706d27650, 0x7f0706d27570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06e821d990, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f0706d27650, 0x7f072e1b8d80, 0x1, 0x7f06e8205278, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f0706d2756c, 0x100000001, 0x7f0706d2756c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
        referral_list = {0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f06e80dda80, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f0706d29068, 0x0, 0x7f072bc5d851 <slapi_attr_type2plugin+113>, 0x7f072e1cbfd0, 0x0, 0x75676e6974736964, 0x6d614e6465687369, 0x7f072e1d0065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0706d290c8, 0x7f071a1b9328, 0x16d7f6, 0x7f0706d29150, 0x7f0722f9a289 <__log_putr+809>, 0x373533353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06e8112235, 0x7f06e8112232, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06e8112236, 0x65d94daff3b15e00, 0x7f06e8112235, 0x7f0706d28ff0, 0x7f0706d29080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06e81b13b2, 0x65d94daff3b15e00, 0x0, 0xffffffff, 0x7f0706d29078, 0x7f072bcbb6f7 <slapi_entry_syntax_check+615>, 0x7f06e803dd60, 0x7f06e81fff00, 0xe803dda6, 0x7f0706d29070, 0x7f0706d2ba90, 0x7f0706d2ba90, 0x7f0706d29080, 0x7f0706d2906c, 0x6d29080, 0x100000000, 0x0, 0x0, 0x7f06e80a2980, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x0, 0x0, 0x0, 0x0, 0x3857a93900000000, 0x4639581261a56b43, 0x2f81badc6bcb3892, 0x27f942064672ea95, 0xe36eef13a943143, 0x65d94daff3b15e00, 0xffae2e9d775adf1, 0x105b46d6, 0xdec59cf, 0x7f071b13664a <felem_mul+1098>, 0x1266fdde, 0xfb6f6e8, 0x1f6dedd0, 0x32d8957e, 0x24cdfbbc, 0x105b46d6, 0x20b68dac, 0x330cfb89, 0xdec59cf, 0x7f0706d29430, 0x76df9df7cf7e8, 0x326db2e71979b8, 0x27a165dc7f80d42, 0x3e23dd649d812ca, 0x9784e14c81b7e5c, 0x8694a223ef32e5a, 0x0, 0x0, 0x0, 0x0, 0x45d7cd6a00000000, 0x3134d111811a9e55, 0x3dc8088f60dea349, 0x306fc079551c486e, 0x0, 0x0, 0x0, 0x0, 0x415179a500000000, 0x31c21015694185ef, 0x3b2c80213c9d2eda, 0x39f8bf904f546387, 0xbec4f5f35b0a41a, 0x65d94daff3b15e00, 0x532d42e03be9bb4, 0x1323507b241bf60, 0x17a25752097d0d0, 0x7f071b1361c9 <felem_square+601>, 0x4725978, 0x1c8b86a0, 0x23a771b8f1100, 0x14ee056e95b280, 0xbaeab42a5e9800, 0x1ac9e4951184af8, 0x3e72d38666b42b1, 0x112ac437aa8b732, 0x113c262118848ee, 0x209f3027df6ffbc, 0x2e04eb98ec57484, 0x39fa7c5b0e5fa52, 0x532d42e0
3be9bb4, 0xdc0d98f0827b3c, 0x1567e6de91f9b80, 0x15af6713f619590, 0x182e52c1f8a2ac2, 0x17a25752097d0d0, 0x136a9cbd4ebe240, 0x65d94daff3b15e00, 0x7f0717eb2496, 0x7f0706d29400, 0x7f0706d29430, 0x7f0706d293d0, 0x7f0706d2a080, 0x7f0706d29400, 0x7f0706d29430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x46b2566a00000000, 0x3fe1ca10924cbb28, 0x2c269c674b55664c, 0x20157f364861ca00, 0x115b1f4d330f9481, 0x65d94daff3b15e00, 0x363d55c7ab6541e, 0xb79c49f, 0x40aa860, 0x7f071b13664a <felem_mul+1098>, 0x9ade004, 0x3c7ad8d, 0x78f5b1a, 0x1308e14d, 0x135bc008, 0xb79c49f, 0x16f3893e, 0x13498845, 0x40aa860, 0x7f0706d29920, 0x10206978a349fe, 0x3e1685b7e6987, 0x149d2493ce4eaf2, 0x1a223267f19e512, 0x323fef5295dfd41, 0x20203366733adfd, 0x431dd120c47cc5a, 0x3ecc64498306e30, 0x679f9386bce1839, 0x32304db1757905b, 0x586100ae78493f5, 0x3f6486dccb008e4, 0x4f5690111f6295d, 0x1bb8b31c9dde6e1, 0x1bd93c6904761a6, 0x18b5196826a383a, 0x2288c02392e0f52, 0x65d94daff3b15e00, 0x7f06e821c1c0, 0x7f0706d295c0, 0x7f0706d29590, 0x7f0706d2a0e0, 0x7f0706d2a0b0, 0x7f0706d295c0, 0x7f0706d29590, 0x7f071b137c2d <scalar_mult+1901>, 0x7f0706d2a170, 0x7f0706d2a1a0, 0x7f0706d29920, 0x7f0706d295f0, 0x7f0706d29620, 0x7f0706d29830, 0x7f0706d29890, 0x7f0706d29800, 0x402e0e9fa8, 0x7f0706d296e0, 0x7f0706d298f0, 0x7f0706d29680, 0x7f0706d297a0, 0x7f0706d29860, 0x7f0706d29740, 0x7f0706d29770...}
        attrlistbuf = "\"objectClass\"", '\000' <repeats 51 times>, "conn=13372 op=2 UNBIND\n", '\000' <repeats 41 times>, "X\000\000\000\200", '\000' <repeats 11 times>, "?`.\a\177\000\000\000^\261\363\257M\331e\000\000\000\000\000\000\000\000\240V\031\350\006\177\000\000N\273\317+\a\177\000\000\020H\v\350\006\177\000\000\216\000\000\000\000\000\000\000\025"...
        attrliststr = <optimized out>
        attrs = 0x7f06e8106eb0
        rc = -1
        internal_op = <optimized out>
        basesdn = 0x7f06e81cff20
        sdn = 0x7f06e81bc1f0
        operation = 0x7f072e609210
        referral = 0x0
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        nentries = 0
        pnentries = 0
        flag_search_base_found = 0
        flag_no_such_object = 0
        flag_referral = 0
        flag_psearch = <optimized out>
        err_code = 0
        ctrlp = 0x7f06e81c50d0
        ctl_value = 0x7f06e8174f38
        iscritical = -1
        be_name = <optimized out>
        index = -1
        sent_result = 0
        pr_stat = 0
        pagesize = 100
        estimate = 0
        curr_search_count = <optimized out>
        pr_be = <optimized out>
        pr_search_result = <optimized out>
        pr_idx = 0
        orig_sdn = 0x0
        free_sdn = 1
#29 0x00007f072c19e11e in do_search (pb=pb at entry=0x7f0706d2ba90) at ldap/servers/slapd/search.c:349
        operation = 0x7f072e609210
        ber = <optimized out>
        i = <optimized out>
        err = <optimized out>
        attrsonly = 0
        scope = 1
        deref = 0
        sizelimit = 0
        timelimit = 60
        rawbase = 0x7f06e8168c70 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        rawbase_set_in_pb = 1
        fstr = 0x7f06e806c8c0 "(objectClass=*)"
        filter = 0x7f06e81031d0
        attrs = 0x7f06e8106eb0
        gerattrs = 0x0
        psearch = 0
        psbvp = 0x0
        changetypes = 32518
        send_entchg_controls = 772485200
        changesonly = 0
        rc = -1
        strict = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        filter_normalized = 0
#30 0x00007f072c18bc17 in connection_dispatch_operation (pb=0x7f0706d2ba90, op=0x7f072e609210, conn=0x7f07075369e0) at ldap/servers/slapd/connection.c:651
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 1
#31 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075369e0, pb_op = 0x7f072e609210, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 3, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 0, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = -1, pwdpolicy = 0x0, op_stack_elem = 0x7f072e60bce0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0706d2ba90
        conn = 0x7f07075369e0
        op = 0x7f072e609210
        tag = 99
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#32 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54ed40) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54ed40
        detached = 1
        id = 139668155975424
        tid = 26144
#33 0x00007f072982edc5 in start_thread (arg=0x7f0706d2c700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0706d2c700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668155975424, -8975886148032001126, 0, 139668155976128, 139668155975424, 1, 9034558126387628954, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#34 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 35 (Thread 0x7f070652b700 (LWP 26145)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668147582720
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0706529e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06ec1ec800
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06ec1ed6b0
        addr = 0x7f06ec1ed788
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06ec222dc0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f070652a060
        referral = 0x0
        e = 0x0
        dn = 0x7f06ec221aa0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06ec142ee0
        passin_sdn = 0
        mods = 0x7f06ec1ec800
        pw_mod = <optimized out>
        tmpmods = 0x7f06ec00cd20
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06ec1ed6b0
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000m\036\203)\a\177\000\000 \000\000\354\006\177\000\000[\000\000\000\000\000\000\000p} \354\006\177\000\000\000\000\000\000\000\000\000\000\060~\v\354\006\177\000\000\230\001\005\354\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000pc\026\354\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000(\315\000\354\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06ec222dc0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06ec1ed6b0
        opresult = 0
        normalized_mods = 0x7f06ec00cd20
        mods = 0x7f06ec0a3ca0
        mod = 0x7f06ec00cd28
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -333304384, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f070652aa90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f070652aa90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f070652aa90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f070652aa90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06ec1e3e60
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06ec0c6d90 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06ec12c9d0 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06ec1e3e60
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\354\006\177\000\000\200\251R\006\a\177\000\000\220\251R\006\a\177\000\000\356\246R\006\a\177\000\000\354\246R\006\a\177\000\000\360\246R\006\a\177\000\000\261X\255\371\350\003\000\000\000\000\000\000XV\207\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000w\000\000\000\001\000\001\000P%$\354\006\177\000\000(\000\000\000\000\000\000\000w", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\220)s.\a\177\000\000P%$\354\006\177\000\000y\000\000\000\000\000\000\000w\000\000\000\000\000\000\000\220)s.\a\177\000\000y\000\000\000\000\000\000\000\220)s.\a\177\000\000"...
        bind_target_entry = 0x7f06ec234770
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06ec05ee20
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f070652aa90, op=0x7f072e612a90, conn=0x7f0707538768) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538768, pb_op = 0x7f072e612a90, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06ec0bf5f0, op_stack_elem = 0x7f072e60d900, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f070652aa90
        conn = 0x7f0707538768
        op = 0x7f072e612a90
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54f190) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54f190
        detached = 1
        id = 139668147582720
        tid = 26145
#15 0x00007f072982edc5 in start_thread (arg=0x7f070652b700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f070652b700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668147582720, -8975886148032001126, 0, 139668147583424, 139668147582720, 1, 9034559225362385818, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 34 (Thread 0x7f0705d2a700 (LWP 26146)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139667506784256, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3997, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
        mtxmgr = <optimized out>
        mtxregion = 0x7f0719f71138
        ip = 0x0
        timespec = {tv_sec = 806, tv_nsec = 139668139127416}
        ret = <optimized out>
        dbenv = 0x7f072e1d66a0
        mutexp = 0x7f071a005710
        now = {tv_sec = 0, tv_nsec = 139668814232560}
        nspins = 0
#4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=3997, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
No locals.
#5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e6fb8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0705d1b520) at ../../src/lock/lock.c:983
        newl = <optimized out>
        lp = <optimized out>
        env = <optimized out>
        sh_obj = 0x7f071a2db2b8
        region = <optimized out>
        ip = 0x0
        ndx = 806
        part_id = <optimized out>
        did_abort = 97629112
        ihold = 0
        grant_dirty = <optimized out>
        no_dd = 1
        ret = 0
        t_ret = <optimized out>
        holder = <optimized out>
        sh_off = <optimized out>
        action = <optimized out>
#6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e6fb8, flags=0, obj=obj at entry=0x7f06e400b330, lock_mode=<optimized out>, lock=lock at entry=0x7f0705d1b520) at ../../src/lock/lock.c:463
        lt = 0x7f072dfafc70
        ret = <optimized out>
#7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06e400b240, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0705d1b520) at ../../src/db/db_meta.c:1255
        dbp = 0x7f072e2b8f50
        couple = {{op = 97629112, mode = 32519, timeout = 97629108, obj = 0x7f06e400b240, lock = {off = 139668628338413, ndx = 5, gen = 32519, mode = DB_LOCK_NG}}, {op = 97629120, mode = 32519, timeout = 774648544, obj = 0x7f0705d1b4f4, lock = {off = 139665895223472, ndx = 1409, gen = 0, mode = 774606672}}, {op = 97629100, mode = 32519, timeout = 1, obj = 0x12e0efbf0, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
        reqp = 0x0
        txn = 0x0
        env = 0x7f072e0efbf0
        has_timeout = <optimized out>
        i = 0
        ret = <optimized out>
#8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06e400b240, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0705d1b800, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0705d1b644) at ../../src/btree/bt_search.c:723
        t = 0x7f072e2cb6d0
        cp = 0x7f06801270b0
        dbp = 0x7f072e2b8f50
        lock = {off = 0, ndx = 806, gen = 0, mode = 3759947232}
        saved_lock = {off = 0, ndx = 806, gen = 1708740015, mode = 3759437616}
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        h = 0x0
        parent_h = 0x0
        base = <optimized out>
        i = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        lock_mode = DB_LOCK_READ
        pg = 13
        saved_pg = 0
        start_pgno = 0
        recno = 0
        adjust = <optimized out>
        cmp = 1
        deloffset = <optimized out>
        ret = <optimized out>
        set_stack = 1
        stack = 0
        t_ret = <optimized out>
        getlock = 0
        was_next = 0
        get_mode = 0
        wait = 4
        level = 2 '\002'
        saved_level = 255 '\377'
#9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06e400b240, root_pgno=root_pgno at entry=0, key=0x7f0705d1b800, flags=<optimized out>, exactp=0x7f0705d1b644) at ../../src/btree/bt_cursor.c:2804
        t = <optimized out>
        cp = <optimized out>
        dbp = <optimized out>
        h = <optimized out>
        base = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        bt_lpgno = 97638592
        recno = 97638592
        sflags = <optimized out>
        bulk = <optimized out>
        cmp = 0
        ret = 0
        t_ret = <optimized out>
#10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06e400b240, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0705d1b6e4) at ../../src/btree/bt_cursor.c:1099
        cp = 0x7f06801270b0
        dbp = 0x7f072e2b8f50
        mpf = <optimized out>
        orig_pgno = 0
        orig_indx = 0
        exact = 32519
        newopd = <optimized out>
        ret = <optimized out>
#11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f0680126e80, key=0x7f0705d1b800, data=0x7f0705d1b830, flags=26) at ../../src/db/db_cam.c:952
        dbp = 0x7f072e2b8f50
        ddbc = <optimized out>
        dbc_n = 0x7f06e400b240
        opd = 0x0
        cp = <optimized out>
        cp_n = <optimized out>
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        pgno = 0
        indx_off = <optimized out>
        multi = 2048
        orig_ulen = 0
        tmp_flags = <optimized out>
        tmp_read_locking = 0
        tmp_rmw = 0
        type = <optimized out>
        key_small = 0
        ret = <optimized out>
        t_ret = <optimized out>
#12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f0680126e80, key=key at entry=0x7f0705d1b800, data=data at entry=0x7f0705d1b830, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
No locals.
#13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f0680126e80, key=0x7f0705d1b800, data=0x7f0705d1b830, flags=2074) at ../../src/db/db_iface.c:2359
        dbp = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0705d1d980, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
        ret = 0
        idl_rc = 0
        cursor = 0x7f0680126e80
        idl = 0x0
        key = {data = 0x7f0705d1dae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
        data = {data = 0x7f0705d1b890, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        id = 0
        count = 0
        buffer = "\000\000\000\000\000\000\000\000\215\230\350\"\a\177\000\000\200\333\321\005\a\177\000\000\000\000\000\000\000\000\000\000\203\337\334\031\a\177\000\000\000\000\000\000\000\000\000\000\032\000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, " ;\001\330\006\177\000\000\360\017\006\360\006\177\000\000\357]\352\"\a\177\000\000\000\b\000\000\000\000\000\000\364\206\377\377\a\177\000\000\360\226\350\"\a\177\000\000?\321\005\a\177\000\000\000\000\000\000\201\005\000\000 ;\001\330\006\177\000\000\070\300\334\031\a\177\000\000\340\062,.\a\177\000\000\032", '\000' <repeats 11 times>, "\001\000\000\000P\217+.\a\177\000\000\000\000\000\000\002\000\000\000\001\000\000\000\001\000\000\000?"...
        ptr = <optimized out>
        dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
        s_txn = {back_txn_txn = 0x0}
        li = <optimized out>
#15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0705d1d980, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
No locals.
#16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06e010dff0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0705d21c50, err=err at entry=0x7f0705d2474c, unindexed=unindexed at entry=0x7f0705d21c44, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
        interval = <optimized out>
        db = 0x7f072e2b8f50
        db_txn = 0x0
        key = {data = 0x7f0705d1dae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        idl = 0x0
        prefix = <optimized out>
        tmpbuf = 0x0
        buf = "=posixaccount\000\000\000\004\000\000\000\333\n\000\000\004\000\000\000\343\n\000\000\004\000\000\000\353\n\000\000\004\000\000\000\363\n\000\000\004\000\000\000\373\n\000\000\004\000\000\000\003\v\000\000\004\000\000\000\v\v\000\000\004\000\000\000\023\v\000\000\004\000\000\000\033\v\000\000\004\000\000\000#\v\000\000\004\000\000\000+\v\000\000\004\000\000\000\063\v\000\000\004\000\000\000;\v\000\000\004\000\000\000C\v\000\000\004\000\000\000K\v\000\000\004\000\000\000S\v\000\000\004\000\000\000[\v\000\000\004\000\000\000c\v\000\000\004\000\000\000k\v\000\000\004\000\000\000s\v\000\000\004\000\000\000{\v\000\000\004\000\000\000\203\v\000\000\004\000\000\000\213\v\000\000"...
        typebuf = "objectClass\000\323\t\000\000\004\000\000\000\333\t\000\000\004\000\000\000\343\t\000\000\004\000\000\000\353\t\000\000\004\000\000\000\363\t\000\000\004\000\000\000\373\t\000\000\004\000\000\000\003\n\000\000\004\000\000\000\v\n\000\000\004\000\000\000\023\n\000\000\004\000\000\000\033\n\000\000\004\000\000\000#\n\000\000\004\000\000\000+\n\000\000\004\000\000\000\063\n\000\000\004\000\000\000;\n\000\000\004\000\000\000C\n\000\000\004\000\000\000K\n\000\000\004\000\000\000S\n\000\000\004\000\000\000[\n\000\000\004\000\000\000c\n\000\000\004\000\000\000k\n\000\000\004\000\000\000s\n\000\000\004\000\000\000{\n\000\000\004\000\000\000\203\n\000\000\004\000\000\000\213\n\000\000"...
        ai = 0x7f072e1be6c0
        basetmp = 0x0
        basetype = <optimized out>
        retry_count = 0
        encrypted_val = 0x0
        is_and = 1
        ai_flags = 1
#17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, type=0x7f06e010dff0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0705d2474c, unindexed=unindexed at entry=0x7f0705d21c44, txn=txn at entry=0x7f0705d21c50, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
        idl2 = 0x0
        i = 0
#18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06e0312a00, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
        tmp = {bv = {bv_len = 12, bv_val = 0x7f06e0198b80 "posixAccount"}, v_csnset = 0x0, v_flags = 0}
        ptr = {0x7f0705d21ca0, 0x0}
        fake = {bv = {bv_len = 12, bv_val = 0x7f0705d21d40 "posixaccount"}, v_csnset = 0x7f06e032efc0, v_flags = 1536}
        buf = "posixaccount\000\177\000\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\225\317-\a\177\000\000\323\325\351%\a\177", '\000' <repeats 11 times>, "^\261\363\257M\331e4\340\363+\a\177\000\000\252\000\000\000\000\000\000\000\300\035\322\005\a\177\000\000P!\322\005\a\177\000\000\070!\322\005\a\177\000\000\315\301\313+\a\177\000\000\370\035\322\005\a\177\000\000\220\200\351%\a\177", '\000' <repeats 26 times>, "\300\225\317-\a\177", '\000' <repeats 634 times>...
        type = 0x7f06e010dff0 "objectClass"
        indextype = 0x7f071e271c87 "eq"
        sv = {bv = {bv_len = 12, bv_val = 0x7f0705d21d40 "posixaccount"}, v_csnset = 0x7f06e032efc0, v_flags = 1536}
        bval = 0x7f06e0312a28
        ivals = 0x7f0705d21c70
        idl = 0x0
        unindexed = 0
        sattr = {a_type = 0x7f06e017a410 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
        txn = {back_txn_txn = 0x0}
        pr_idx = -1
#19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e0312a00, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e032ec00, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x0
        tmp = 0x65d94daff3b15e00
        tmp2 = 0x0
        f = 0x7f06e0312a00
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 1
#21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e032ec00, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#22 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e02a6040, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x0
        tmp = 0x0
        tmp2 = 0x0
        f = 0x7f06e032ec00
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 0
#23 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06e02a6040, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#24 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06e0262a50, be=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06e032ec00, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0705d2473c, err=err at entry=0x7f0705d2474c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
        focref = 0x7f06e00d7100
        forr = 0x7f06e02a6040
        ftop = <optimized out>
        candidates = <optimized out>
        has_tombstone_filter = <optimized out>
        isroot = 0
        allidslimit = 100000
        op = 0x0
        is_bulk_import = 0
#25 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0705d24778, lookup_returned_allidsp=0x7f0705d2473c, scope=<optimized out>, base=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06e0262a50) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
        filter = 0x7f06e032ec00
        err = 0
        li = 0x7f072df49930
        managedsait = 0
        r = 0
#26 ldbm_back_search (pb=0x7f06e0262a50) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
        rc = <optimized out>
        time_up = 0
        vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
        vlv_rc = 32519
        lookthrough_limit = 0
        abandoned = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x7f06a051d150
        candidates = 0x0
        base = 0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        basesdn = 0x7f06e01f7380
        scope = 2
        controls = 0x0
        operation = 0x7f06e01a1020
        addr = 0x7f06e01a10f8
        estimate = 0
        sort = 0
        vlv = <optimized out>
        sort_spec = 0x0
        is_sorting_critical = <optimized out>
        is_sorting_critical_orig = 0
        sort_control = 0x0
        virtual_list_view = 0
        vlv_spec = 0x0
        is_vlv_critical = 0
        vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
        sr = <optimized out>
        tmp_err = -1
        tmp_desc = 0x0
        lookup_returned_allids = 0
        backend_count = 0
        print_once = 1
        txn = {back_txn_txn = 0x0}
        rc = <optimized out>
#27 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06e0262a50, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
        be_suffix = 0x7f072de73fa0
        err = 0
        next_be = 0x0
        base = 0x7f072e2b7d00 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normbase = <optimized out>
        fstr = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
        scope = 2
        be = 0x7f072e0f5f20
        be_single = 0x0
        be_list = {0x7f072e0f5f20, 0x0, 0x0, 0x65, 0x0, 0x7f06e01572b0, 0x7f072e6e5f50, 0x7f072a9f80cc <ssl_DefSend+76>, 0x7f06e02652f0, 0xf3b15e00, 0x24, 0xe, 0x0, 0x7f06e02931ae, 0x0, 0x0, 0x7f072e6c6bb0, 0x7f072bcabaa8 <slapi_pblock_get+56>, 0x7f070000000e, 0x7f0705d24b90, 0x7f0705d24b14, 0x7f072e48bb40, 0x7f0705d29a90, 0x7f072bcc751d <log_result+1037>, 0x0, 0x7f0705d24bc0, 0x7f072bd01e5d, 0x7f0705d24bf0, 0x7f072bd01e5d, 0x65d94daff3b15e00, 0x65, 0x65, 0xe, 0x0, 0x7f06e02931a0, 0x0, 0x0, 0x7f0700000000, 0x0, 0xffffffff00000000, 0x7f0700000000, 0x7f0729e8952f <PR_ExitMonitor+159>, 0x0, 0x7f072e6c6bb0, 0x0, 0x7f072bd01e5d, 0x7f06e0290030, 0x7f072a9fe39c <ssl_SecureSend+428>, 0x7f072e6c6bb0, 0x7f06e02931a0, 0xe, 0x7f0729e89100 <PR_Unlock+80>, 0x0, 0x7f072aa0204b <ssl_Write+91>, 0x0, 0x7f072e76dde0, 0xe, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x0, 0x0, 0x7f072bccad8d <set_db_default_result_handlers+77>, 0x7f0705d29a90, 0x7f0705d29a90, 0xa, 0x7f072bcb3ca0 <plugin_call_func+256>, 0x7f072e0ee7a0, 0x11800000002, 0xffffffd60000003a, 0x7f0700000000, 0x0, 0x65d94daff3b15e00, 0x7f06e01572b0, 0x7f0705d29a90, 0x200, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x0, 0x2, 0x7f072bcb3fe2 <plugin_call_plugins+418>, 0x7f072df4b040, 0x65d94daff3b15e00, 0x0, 0x7f0705d29a90, 0xe, 0x7f072bcc6e26 <flush_ber+230>, 0x0, 0x7f0705d29a90, 0xe, 0x65d94daff3b15e00, 0x7f06e01572b0, 0x0, 0x7f0705d29a90, 0x7f06e01572b0, 0x9, 0x65d94daff3b15e00, 0x65, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x7f072bd01e5d, 0x7f072dfb0a60, 0x0, 0x6622, 0x7f0707536cb0, 0x0, 0x0, 0x65, 0x2e48bb40, 0x10f01000002, 0xffffffcd00000031, 0x7f072e48bb40, 0x0, 0x7f06e01c90c8, 0x1, 0x0, 0x7f0705d24f88, 0x7f0705d24f38, 0x0, 0x7f0705d24f38, 0x7f0705d24f40, 0x0, 0x7f0705d24f88, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x7f0705d24f40, 0x7f0705d29a90, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f06e0345ff0, 0x7f072bd03a2e, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0705d24f50, 0x0, 0x7f0705d24f40, 0x100000001, 0x0, 0x7f0705d24f80, 0x0, 0x0, 0x7f0705d24f80, 0x7f0705d24f78, 0x7f0705d24ef4, 0x0, 0x0, 
0x7f0705d24efc, 0x7f072dcd1e30, 0x1, 0x205d25000, 0x0, 0x200000001, 0xffffffff, 0xe10ffffffff, 0x7d0, 0xe10, 0x7d0, 0x7f06e00b75f0, 0x7f06e0345ff0, 0x0, 0x0, 0x0, 0x7f072e48bb40, 0x0, 0x0, 0x0, 0x7f06e0298fe0, 0x0, 0x0, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x7f0705d24fc0, 0x7f0705d24ff0, 0x7f0705d25010, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0707536cb0, 0x0, 0x7f0705d25028, 0x90, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0705d25048, 0x90, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06e0313730, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06e032ed10, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f0707536cb0, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0705d250d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e659320, 0x65d94daff3b15e00, 0x1, 0x7f0707536cb0...}
        referral_list = {0x0 <repeats 48 times>, 0xffff80f8fa2d9461, 0x37, 0xd, 0x1, 0x5c0000003d, 0x7f0705d26ba0, 0x0, 0x0, 0x770000006e, 0x0, 0x7f0705d26b9f, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f06e0000020, 0x0, 0x7f06e003c830, 0x0, 0x10, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f0705d26c88, 0x35d, 0x0, 0x7f072bc61ce3 <slapi_ch_malloc+19>, 0x7f0705d26c88, 0x7f06e0000020, 0x0, 0x35c, 0x7f06e0226e00, 0x7f072bcec38e <ber_bvcpy+46>, 0x7f06e0226e00, 0x7f06e003c830, 0x0, 0x7f072bcec5a1 <slapi_value_set_berval+49>, 0x0, 0x7f06e0226e00, 0x7f06e003c830, 0x7f072bcec5f6 <value_init+70>, 0x7f06e00ae6e0, 0x7f06e0226e00, 0x7f06e003c830, 0x7f072bcec652 <value_new+50>, 0x0, 0x65d94daff3b15e00, 0xffffffff00000001, 0x65d94daff3b15e00, 0x0, 0x7f06e0353278, 0x1, 0x0, 0x7f06e00ae6e0, 0x7f072bcee42a <slapi_valueset_add_attr_valuearray_ext+250>, 0x7f06e01a57f0, 0x7f06e0353270, 0x7f06e0163f40, 0x7f0705d26d7c, 0xffffffff00000001, 0x7f06e0353270, 0x7f06e017c350, 0x7f06e00ae6e0, 0x7f0705d28fd0, 0x7f06e0348b20, 0x7f0705d28f90, 0x7f072bc5b4d4 <attr_add_valuearray+148>, 0x7f06e019a220, 0x7f06e034f9f0, 0x0, 0x7f072b7a3085 <profile_update_file_data_locked+85>, 0xfd00, 0x1035277, 0x1, 0x81a4, 0x0, 0x0, 0x354, 0x1000, 0x8, 0x5872a492, 0xdc6d3e, 0x587152bb, 0x2f44381a, 0x587152bb, 0x2f44381a, 0x0, 0x0, 0x0, 0x0, 0x65d94daff3b15e00, 0xf, 0x7f06d40030d0, 0x0, 0x7f06d40030d8, 0x7f06e0206730, 0x7f0705d28f48, 0x7f0705d28f50, 0x7f06d40030d0, 0x0, 0x1, 0x7f06e0206730, 0x7f0705d28f48, 0x7f0705d28f50, 0x7f072b7a3a20 <profile_open_file+432>, 0x7f06e019a220, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06e010dff0, 0x7f07219e6eb5, 0x7f06e02652f0, 0x7f0722f99e78 <__log_fill+120>, 0x7f0705d27020, 0x7d00, 0x7f0705d27030, 0x7f072e0efbf0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06e01b9b30, 0x8267a4, 0x7f0705d270e0, 0x7f0722f9a289 <__log_putr+809>, 0x7f0719f71364, 0x0, 0x1870, 0x7f07219e4bbd <aclutil_print_aci+45>, 0xe100000002, 0x7f0700825e50, 0x7f0705d26f60, 0xc, 0x7f072dec6670, 0x7f0722f99e78 <__log_fill+120>, 0x7f0705d270c0, 0x7
d00, 0x7f0705d27150, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0705d270f8, 0x7f071a1b9328, 0x8267a4, 0x7f0705d27180, 0x7f0722f9a289 <__log_putr+809>, 0x7f0719f71364, 0x7f0705d270c0, 0x18c0, 0x7f0705d270f0, 0xe100000002, 0x7f0700825e50, 0x7f0705d27000, 0xc, 0x7f0705d27220, 0x7f06e0000020, 0x20, 0x0, 0x0, 0x7f0705d27108, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f06e01f1970, 0x7f072bcec58a <slapi_value_set_berval+26>, 0x0, 0x7f06e01f1970, 0x0, 0x7f072bcec5f6 <value_init+70>, 0x7f0705d27080, 0x7f06e01f1970, 0x0, 0x7f072bcec652 <value_new+50>, 0x7f06e01f1970, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x7f06e00be900, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06e00be900, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06e0182b48, 0x7f0705d274d8, 0x7f0705d274e8, 0x7f0725e9ceed <string_values2keys+509>, 0x7f0705d27110, 0x7f0705d274e0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06e01b9b30, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06e0182b48, 0x0...}
        attrlistbuf = "\037\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\216\322\005\a\177\000\000\311n\347)\a\177\000\000\273\212\320+\a\177\000\000\300\215\322\005\a\177\000\000\000\000\000\000\000\000\000\000?\320+\a\177\000\000?\320+\a\177\000\000\356q\347)\a\177\000\000\060\214\322\005\a\177\000\000\000\000\000\000\000\000\000\000\060\231\363-\a\177\000\000\237\213\322\005\a\177\000\000\240\213\322\005\a\177\000\000\016\000\000\000\006\177\000\000\360\214\322\005\a\177\000\000\361\214\322\005\a\177\000\000\000\000\000\000\006\177\000\000\bRN)\000\000\000\000\060\231\363-\a\177\000\000@\324\036\340\006\177\000 \200\314\371-\a\177\000\000\370\213\322\005\a\177\000\000\064\340\363+\a\177\000\000\060\200"...
        attrliststr = <optimized out>
        attrs = 0x7f06e00fffa0
        rc = -1
        internal_op = <optimized out>
        basesdn = 0x7f06e014b550
        sdn = 0x7f06e01f7380
        operation = 0x7f06e01a1020
        referral = 0x0
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        nentries = 0
        pnentries = 0
        flag_search_base_found = 0
        flag_no_such_object = 0
        flag_referral = 0
        flag_psearch = <optimized out>
        err_code = 0
        ctrlp = 0x0
        ctl_value = 0x0
        iscritical = 0
        be_name = <optimized out>
        index = -1
        sent_result = 0
        pr_stat = 0
        pagesize = -1
        estimate = 0
        curr_search_count = <optimized out>
        pr_be = <optimized out>
        pr_search_result = <optimized out>
        pr_idx = -1
        orig_sdn = 0x7f072dfb06d0
        free_sdn = 1
#28 0x00007f072bcb8ede in search_internal_callback_pb (pb=pb at entry=0x7f06e0262a50, callback_data=callback_data at entry=0x7f0705d29010, prc=prc at entry=0x7f072bcb8030 <internal_plugin_result_callback>, psec=psec at entry=0x7f072bcb8080 <internal_plugin_search_entry_callback>, prec=prec at entry=0x7f072bcb8040 <internal_plugin_search_referral_callback>) at ldap/servers/slapd/plugin_internal_op.c:783
        controls = 0x0
        op = 0x7f06e01a1020
        filter = 0x7f06e032ec00
        fstr = 0x7f06e034b2f0 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
        callback_handler_data = {p_res_callback = 0x7f072bcb8030 <internal_plugin_result_callback>, p_srch_entry_callback = 0x7f072bcb8080 <internal_plugin_search_entry_callback>, p_ref_entry_callback = 0x7f072bcb8040 <internal_plugin_search_referral_callback>, callback_data = 0x7f0705d29010}
        scope = 2
        ifstr = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
        opresult = 734756912
        rc = 0
        tmp_attrs = 0x0
#29 0x00007f072bcb9178 in search_internal_pb (pb=pb at entry=0x7f06e0262a50) at ldap/servers/slapd/plugin_internal_op.c:636
        psid = {rc = -1, num_entries = 0, num_referrals = 0, entry_list_head = 0x0, referral_list_head = 0x0}
        iterator = <optimized out>
        tmp = 0x7f072dfb06d0
        ref_iterator = <optimized out>
        ref_tmp = 0x7f072df9cba0
        i = <optimized out>
        opresult = 0
        pb_search_entries = 0x0
        pb_search_referrals = 0x0
#30 0x00007f072bcb93d3 in slapi_search_internal_pb (pb=pb at entry=0x7f06e0262a50) at ldap/servers/slapd/plugin_internal_op.c:545
No locals.
#31 0x00007f0721ffde80 in search_one_berval (baseDN=baseDN at entry=0x7f072dfb06d0, attrNames=attrNames at entry=0x7f072e199380, value=<optimized out>, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", target=target at entry=0x7f06e033c2c0, excludes=excludes at entry=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:668
        err = <optimized out>
        sres = -534605168
        entries = 0x0
        attrs = {0x7f0721fffc1c "1.1", 0x0}
        result = 0
        filter = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
        spb = 0x7f06e0262a50
#32 0x00007f0721ffe232 in search (baseDN=0x7f072dfb06d0, attrNames=0x7f072e199380, attr=0x7f06e03450c0, values=<optimized out>, requiredObjectClass=0x7f072dfb4bd0 "posixAccount", target=0x7f06e033c2c0, excludes=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:607
        v = 0x7f06e035a640
        vhint = 0
        result = 0
        values = <optimized out>
        attrNames = 0x7f072e199380
        excludes = 0x7f072e1a27d0
        target = 0x7f06e033c2c0
        requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
        attr = 0x7f06e03450c0
        baseDN = 0x7f072dfb06d0
#33 0x00007f0721ffe53c in searchAllSubtrees (subtrees=<optimized out>, exclude_subtrees=0x7f072e1a27d0, attrNames=attrNames at entry=0x7f072e199380, attr=0x7f06e03450c0, values=values at entry=0x0, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", dn=0x7f06e033c2c0, unique_in_all_subtrees=1) at ldap/servers/plugins/uiduniq/uid.c:816
        sufdn = 0x7f072dfb06d0
        result = 0
        i = <optimized out>
#34 0x00007f0721fff005 in preop_add (pb=0x7f0705d29a90) at ldap/servers/plugins/uiduniq/uid.c:1040
        err = <optimized out>
        markerObjectClass = 0x0
        sdn = 0x7f06e033c2c0
        e = 0x7f06e022dd00
        config = 0x7f072e2b3390
        i = <optimized out>
        requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
        isupdatedn = 0
        attr = 0x7f06e03450c0
        result = 0
        errtext = 0x0
        attrNames = 0x7f072e199380
        attr_friendly = 0x7f072e2b6b50 "uid "
#35 0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df9cfa0, operation=operation at entry=407, pb=pb at entry=0x7f0705d29a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0721ffedf0 <preop_add>
        rc = <optimized out>
        return_value = 0
        count = 22
#36 0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0705d29a90, operation=407, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#37 plugin_call_plugins (pb=pb at entry=0x7f0705d29a90, whichfunction=whichfunction at entry=407) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 1
        rc = 0
        do_op = <optimized out>
#38 0x00007f072bc57e49 in op_shared_add (pb=pb at entry=0x7f0705d29a90) at ldap/servers/slapd/add.c:680
        operation = 0x7f072e609530
        e = 0x7f06e022dd00
        pse = 0xf
        be = 0x7f072e0f5f20
        err = <optimized out>
        internal_op = 0
        repl_op = 0
        legacy_op = 0
        lastmod = 1
        pwdtype = 0x0
        attr = 0x0
        referral = 0x0
        errorbuf = "\000\224`.\a\177\000\000\360x5\340\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000?`.\a\177\000\000\000\225\322\005\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\225\322\005\a\177\000\000P\337\301*\a\177\000\000\200(\f\340\006\177\000\000?`.\a\177\000\000\037,\317+\a\177\000\000\220\225\322\005\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000@\333\031\340\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\225\322\005\a\177\000\000`\225\322\005\a\177\000\000\r\000\000\000\000\000\000\000\024j"...
        p = <optimized out>
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        sdn = 0x7f06e033c2c0
        pwpolicy = <optimized out>
#39 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f0705d29a90) at ldap/servers/slapd/add.c:226
        operation = 0x7f072e609530
        ber = <optimized out>
        last = 0x7f06e03578ea "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
        len = 18446744073709551615
        tag = 18446744073709551615
        e = 0x7f06e022dd00
        err = 0
        rc = <optimized out>
        searchsubentry = <optimized out>
#40 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f0705d29a90, op=0x7f072e609530, conn=0x7f07075370e8) at ldap/servers/slapd/connection.c:612
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#41 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075370e8, pb_op = 0x7f072e609530, pb_plugin = 0x7f072df9cfa0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06e0161630, op_stack_elem = 0x7f072e6094b0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0705d29a90
        conn = 0x7f07075370e8
        op = 0x7f072e609530
        tag = 104
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#42 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54f5e0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54f5e0
        detached = 1
        id = 139668139190016
        tid = 26146
#43 0x00007f072982edc5 in start_thread (arg=0x7f0705d2a700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0705d2a700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668139190016, -8975886148032001126, 0, 139668139190720, 139668139190016, 1, 9034560326484626330, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#44 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 33 (Thread 0x7f0705529700 (LWP 26147)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668130797312
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0705527e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06e412a580
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06e410f630
        addr = 0x7f06e410f708
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06e41e1eb0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0705528060
        referral = 0x0
        e = 0x0
        dn = 0x7f06e41deb10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06e40c6ca0
        passin_sdn = 0
        mods = 0x7f06e412a580
        pw_mod = <optimized out>
        tmpmods = 0x7f06e41c2250
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06e410f630
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\b0%\344\006\177\000\000 \000\000\344\006\177\000\000[\000\000\000\000\000\000\000p\202\000\344\006\177", '\000' <repeats 11 times>, "\244\030\344\006\177\000\000?\022\344\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000P\030\005\344\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000X\"\034\344\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000?"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06e41e1eb0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06e410f630
        opresult = 0
        normalized_mods = 0x7f06e41c2250
        mods = 0x7f06e4172c60
        mod = 0x7f06e41c2258
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -467788112, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0705528a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0705528a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0705528a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0705528a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06e413b0d0
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06e41d2d10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06e41b1c80 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06e413b0d0
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\344\006\177\000\000\200\211R\005\a\177\000\000\220\211R\005\a\177\000\000\356\206R\005\a\177\000\000\354\206R\005\a\177\000\000\360\206R\005\a\177\000\000\261x\255\372\350\003\000\000\000\000\000\000\260\355\200\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000p\000\000\000\001\000\001\000p\247\030\344\006\177\000\000(\000\000\000\000\000\000\000p", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\200\005z.\a\177\000\000p\247\030\344\006\177\000\000y\000\000\000\000\000\000\000p\000\000\000\000\000\000\000\200\005z.\a\177\000\000y\000\000\000\000\000\000\000\200\005z.\a\177\000\000"...
        bind_target_entry = 0x7f06e4006690
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06e41e1170
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0705528a90, op=0x7f072e671520, conn=0x7f0707537d90) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537d90, pb_op = 0x7f072e671520, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06e41826b0, op_stack_elem = 0x7f072e64c1c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0705528a90
        conn = 0x7f0707537d90
        op = 0x7f072e671520
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54fa30) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54fa30
        detached = 1
        id = 139668130797312
        tid = 26147
#15 0x00007f072982edc5 in start_thread (arg=0x7f0705529700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0705529700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668130797312, -8975886148032001126, 0, 139668130798016, 139668130797312, 1, 9034561425459383194, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 32 (Thread 0x7f0704d28700 (LWP 26148)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=4294936308, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4063, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
        mtxmgr = <optimized out>
        mtxregion = 0x7f0719f71138
        ip = 0x0
        timespec = {tv_sec = 806, tv_nsec = 139668122344216}
        ret = <optimized out>
        dbenv = 0x7f072e1d66a0
        mutexp = 0x7f071a007e40
        now = {tv_sec = 2048, tv_nsec = 139668814232560}
        nspins = 0
#4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4063, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
No locals.
#5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2ea1f8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0704d19dc0) at ../../src/lock/lock.c:983
        newl = <optimized out>
        lp = <optimized out>
        env = <optimized out>
        sh_obj = 0x7f071a2db2b8
        region = <optimized out>
        ip = 0x0
        ndx = 806
        part_id = <optimized out>
        did_abort = 80845912
        ihold = 0
        grant_dirty = <optimized out>
        no_dd = 1
        ret = 0
        t_ret = <optimized out>
        holder = <optimized out>
        sh_off = <optimized out>
        action = <optimized out>
#6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2ea1f8, flags=0, obj=obj at entry=0x7f06da28e900, lock_mode=<optimized out>, lock=lock at entry=0x7f0704d19dc0) at ../../src/lock/lock.c:463
        lt = 0x7f072dfafc70
        ret = <optimized out>
#7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06da28e810, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0704d19dc0) at ../../src/db/db_meta.c:1255
        dbp = 0x7f072e2b8f50
        couple = {{op = 80845912, mode = 32519, timeout = 80845908, obj = 0x7f06da28e810, lock = {off = 139668628338413, ndx = 0, gen = 3070296068, mode = DB_LOCK_NG}}, {op = 80845920, mode = 32519, timeout = 774648544, obj = 0x7f0704d19d94, lock = {off = 139667420332256, ndx = 1409, gen = 0, mode = 774606672}}, {op = 80845900, mode = 32519, timeout = 1, obj = 0x100000000, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
        reqp = 0x0
        txn = 0x0
        env = 0x7f072e0efbf0
        has_timeout = <optimized out>
        i = 0
        ret = <optimized out>
#8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06da28e810, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0704d1a0a0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0704d19ee4) at ../../src/btree/bt_search.c:723
        t = 0x7f072e2cb6d0
        cp = 0x7f06daf9c0e0
        dbp = 0x7f072e2b8f50
        lock = {off = 0, ndx = 806, gen = 25955, mode = 1677787140}
        saved_lock = {off = 0, ndx = 806, gen = 0, mode = 620822532}
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        h = 0x0
        parent_h = 0x0
        base = <optimized out>
        i = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        lock_mode = DB_LOCK_READ
        pg = 13
        saved_pg = 0
        start_pgno = 0
        recno = 0
        adjust = <optimized out>
        cmp = 3
        deloffset = <optimized out>
        ret = <optimized out>
        set_stack = 1
        stack = 0
        t_ret = <optimized out>
        getlock = 0
        was_next = 0
        get_mode = 0
        wait = 4
        level = 2 '\002'
        saved_level = 255 '\377'
#9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06da28e810, root_pgno=root_pgno at entry=0, key=0x7f0704d1a0a0, flags=<optimized out>, exactp=0x7f0704d19ee4) at ../../src/btree/bt_cursor.c:2804
        t = <optimized out>
        cp = <optimized out>
        dbp = <optimized out>
        h = <optimized out>
        base = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        bt_lpgno = 1935765609
        recno = 1935765609
        sflags = <optimized out>
        bulk = <optimized out>
        cmp = 0
        ret = 0
        t_ret = <optimized out>
#10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06da28e810, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0704d19f84) at ../../src/btree/bt_cursor.c:1099
        cp = 0x7f06daf9c0e0
        dbp = 0x7f072e2b8f50
        mpf = <optimized out>
        orig_pgno = 0
        orig_indx = 0
        exact = 32519
        newopd = <optimized out>
        ret = <optimized out>
#11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06dadc9530, key=0x7f0704d1a0a0, data=0x7f0704d1a0d0, flags=26) at ../../src/db/db_cam.c:952
        dbp = 0x7f072e2b8f50
        ddbc = <optimized out>
        dbc_n = 0x7f06da28e810
        opd = 0x0
        cp = <optimized out>
        cp_n = <optimized out>
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        pgno = 0
        indx_off = <optimized out>
        multi = 2048
        orig_ulen = 0
        tmp_flags = <optimized out>
        tmp_read_locking = 0
        tmp_rmw = 0
        type = <optimized out>
        key_small = 0
        ret = <optimized out>
        t_ret = <optimized out>
#12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06dadc9530, key=key at entry=0x7f0704d1a0a0, data=data at entry=0x7f0704d1a0d0, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
No locals.
#13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06dadc9530, key=0x7f0704d1a0a0, data=0x7f0704d1a0d0, flags=2074) at ../../src/db/db_iface.c:2359
        dbp = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0704d1c220, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0704d22c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
        ret = 0
        idl_rc = 0
        cursor = 0x7f06dadc9530
        idl = 0x0
        key = {data = 0x7f0704d1c380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
        data = {data = 0x7f0704d1a130, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        id = 0
        count = 0
        buffer = "\004\000\001\371\224\000\000u\004\000\001\367\224\000\000\063\004\000\001\365\224\000\000e\004\000\001\363\224\000\000m\004\000\001\361\224\000\000e\004\000\001\357\224\000\000n\004\000\001\355\224\000\000l\004\000\001\353\224\000\000=\004\000\001\351\224\000\000,\004\000\001\347\224\000\000i\004\000\001\345\224\000\000i\004\000\001\343\224\000\000:\004\000\001\341\224\000\000r\004\000\001?\000\000e\004\000\001?\000\000g\004\000\001?\000\000l\004\000\001?\000\000n\004\000\001?\000\000\n\004\000\001?\000\000i\004\000\001?\000\000:\004\000\001?\000\000\060\004\000\001?\000\000Z\004\000\001?\000\000T\004\000\001?\000\000p\004\000\001?\000\000\061\004\000\001?\000\000\060\004\000\001?\000\000"...
        ptr = <optimized out>
        dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
        s_txn = {back_txn_txn = 0x0}
        li = <optimized out>
#15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0704d1c220, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
No locals.
#16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06d870ff40 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0704d204f0, err=err at entry=0x7f0704d22c8c, unindexed=unindexed at entry=0x7f0704d204e4, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
        interval = <optimized out>
        db = 0x7f072e2b8f50
        db_txn = 0x0
        key = {data = 0x7f0704d1c380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        idl = 0x0
        prefix = <optimized out>
        tmpbuf = 0x0
        buf = "=referral", '\000' <repeats 2672 times>...
        typebuf = "objectclass", '\000' <repeats 244 times>
        ai = 0x7f072e1be6c0
        basetmp = 0x0
        basetype = <optimized out>
        retry_count = 0
        encrypted_val = 0x0
        is_and = 0
        ai_flags = 0
#17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, type=0x7f06d870ff40 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0704d22c8c, unindexed=unindexed at entry=0x7f0704d204e4, txn=txn at entry=0x7f0704d204f0, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
        idl2 = 0x74656e2e616a2e76
        i = 0
#18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06d9727b30, ftype=<optimized out>, err=0x7f0704d22c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
        tmp = {bv = {bv_len = 8, bv_val = 0x7f06db3ab610 "referral"}, v_csnset = 0x0, v_flags = 0}
        ptr = {0x7f0704d20540, 0x0}
        fake = {bv = {bv_len = 8, bv_val = 0x7f0704d205e0 "referral"}, v_csnset = 0x7f06da3662a0, v_flags = 1536}
        buf = "referral\000\000\000\000\000\000\000\000`\033\370-\a\177\000\000\274_N)\a\177\000\000\001\000\000\000\000\000\000\000\314m\315+\a\177\000\000 \264\315-\a\177\000\000O-\317+\a\177\000\000\000\000\000\000\000\000\000\000O-\317+\a\177\000\000\004\000\000\000\000\000\000\000\377m\315+\a\177\000\000\004\000\000\000\000\000\000\000P~b\334\006\177\000\000\001\000\000\000\000\000\000\000\226\312\305+\a\177\000\000\000\000\000\000\000\000\000\000_\313\305+\a\177\000\000P~b\334\006\177\000\000 \000\000\330\006\177\000\000\a\000\000\000\000\000\000\000 \237\340\333\006\177", '\000' <repeats 26 times>...
        type = 0x7f06d870ff40 "objectclass"
        indextype = 0x7f071e271c87 "eq"
        sv = {bv = {bv_len = 8, bv_val = 0x7f0704d205e0 "referral"}, v_csnset = 0x7f06da3662a0, v_flags = 1536}
        bval = 0x7f06d9727b58
        ivals = 0x7f0704d20510
        idl = 0x0
        unindexed = 0
        sattr = {a_type = 0x7f06d8cc8fa0 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
        txn = {back_txn_txn = 0x0}
        pr_idx = -1
#19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06d9727b30, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06d97048d0, ftype=<optimized out>, err=0x7f0704d22c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x7f06d97513d0
        tmp = 0x7f06d97513d0
        tmp2 = 0x0
        f = 0x7f06d9727b30
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 0
#21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06d97048d0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#22 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f0704d27a90, be=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06d976dff0, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0704d22c7c, err=err at entry=0x7f0704d22c8c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
        focref = 0x7f06d9727b30
        forr = 0x7f06d97048d0
        ftop = <optimized out>
        candidates = <optimized out>
        has_tombstone_filter = <optimized out>
        isroot = 0
        allidslimit = 100000
        op = 0x0
        is_bulk_import = 0
#23 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0704d22cb8, lookup_returned_allidsp=0x7f0704d22c7c, scope=<optimized out>, base=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f0704d27a90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
        filter = 0x7f06d976dff0
        err = 0
        li = 0x7f072df49930
        managedsait = 0
        r = 0
#24 ldbm_back_search (pb=0x7f0704d27a90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
        rc = <optimized out>
        time_up = 0
        vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
        vlv_rc = 32519
        lookthrough_limit = 0
        abandoned = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x7f06a051d150
        candidates = 0x0
        base = 0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        basesdn = 0x7f06dbcdf9f0
        scope = 2
        controls = 0x0
        operation = 0x7f072e4c10d0
        addr = 0x7f072e4c11a8
        estimate = 0
        sort = 0
        vlv = <optimized out>
        sort_spec = 0x0
        is_sorting_critical = <optimized out>
        is_sorting_critical_orig = 0
        sort_control = 0x0
        virtual_list_view = 0
        vlv_spec = 0x0
        is_vlv_critical = 0
        vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
        sr = <optimized out>
        tmp_err = -1
        tmp_desc = 0x0
        lookup_returned_allids = 0
        backend_count = 0
        print_once = 1
        txn = {back_txn_txn = 0x0}
        rc = <optimized out>
#25 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f0704d27a90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
        be_suffix = 0x7f072de73fa0
        err = 0
        next_be = 0x0
        base = 0x7f06dbab5150 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normbase = <optimized out>
        fstr = 0x7f06da47c4c0 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
        scope = 2
        be = 0x7f072e0f5f20
        be_single = 0x0
        be_list = {0x7f072e0f5f20, 0x0, 0x7f0704d23008, 0x7f0704d22fcc, 0x7f0704d23010, 0xdb298a90, 0x100000000, 0xffffffffffffffff, 0x1, 0xffffffff00000000, 0x0, 0x7f072e0f5f20, 0x7f072df49930, 0x7f06a4074d80, 0x7f06d97546f0, 0x0, 0x1, 0x5873c403, 0x0, 0x7f06dad9e790, 0x0, 0x0, 0x7f06db298a90, 0x65d94daff3b15e00, 0x7f0704d23254, 0x7f06da412180, 0x0, 0x7f072bcb114c <plugin_matches_operation+204>, 0x7f0704d23254, 0x65d94daff3b15e00, 0x0, 0x0, 0x7f06da412180, 0x0, 0x0, 0x65d94daff3b15e00, 0x0, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x0, 0x7f072dfb0a60, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x1db298a90, 0x10f00010002, 0xffffffcd00000031, 0x7f06db298a90, 0x0, 0x7f06dbad4d00, 0x1, 0x0, 0x7f0704d232e8, 0x7f0704d23298, 0x0, 0x7f0704d23298, 0x7f0704d232a0, 0x0, 0x7f0704d232e8, 0x65d94daff3b15e00, 0x7f06da412180, 0x7f0704d232a0, 0x7f06da412180, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f0704d27390, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0704d232b0, 0x1, 0x7f0704d232a0, 0x100000001, 0x7f0700000000, 0x7f0704d232e0, 0x0, 0x0, 0x7f0704d232e0, 0x7f0704d232d8, 0x7f0704d23254, 0x0, 0x0, 0x7f0704d2325c, 0x7f0704d2335c, 0x7f0700000001, 0x4d23650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06db3d3f10, 0x7f072bd09f50, 0x7f06d9047e20, 0x0, 0x0, 0x7f06db298a90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f0704d23380, 0x7f0704d23370, 0x7f0704d23368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06d9719500, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472>, 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f0704d23570, 0x7f072e0efbf0, 0x7f0704d23650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f0704d23438, 0x7f0704d23440, 0xffff86ee04d23578, 0x7f0722fb4424 <__os_id+36>, 0x0
, 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f0704d236c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06d9719500, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f0704d23650, 0x7f072e0efbf0, 0x7f0704d23650, 0x7f0704d23570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06d9719500, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f0704d23650, 0x7f072e1b8d80, 0x1, 0x7f06db1b5368, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f0704d2356c, 0x100000001, 0x7f0704d2356c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
        referral_list = {0x0, 0x0, 0x6e73757972746e65, 0x706d6174736500, 0x73694c6e6f697461, 0x74, 0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f0719f71364, 0x7f0722f99e78 <__log_fill+120>, 0x7f0704d25090, 0x7d00, 0xdf00000065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f072bcd6dcc <PL_HashTableRawLookup_const+76>, 0x7f072dcdb420, 0x7f0704d24ff0, 0x0, 0x7f0704d24ff0, 0x7f06d95d4940, 0x7f0725e9eddb <keystring_validate+27>, 0x515d, 0x7f06dbe8e86e, 0x7f06dbe8e869, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06dbe8e86f, 0x65d94daff3b15e00, 0x7f06dbe8e86e, 0x7f0704d24ff0, 0x0, 0x0, 0x7f06d8e9d760, 0x7f0725e9a545 <int_validate+69>, 0x7f06dbe8e86e, 0x0, 0x7f0704d25080, 0x0, 0x0, 0x7f072bcbb8fb <slapi_mods_syntax_check+379>, 0x7f0719f71364, 0x1, 0x7f0704d27a90, 0x2000, 0x7f0704d25080, 0x7f0704d25080, 0x7f06dba59f20, 0x7f0704d25078, 0x7f0704d25290, 0x0, 0x7f06daf00490, 0x7f072dd060d0, 0x7f0704d251e0, 0x7f0725e9eddb <keystring_validate+27>, 0x0, 0x7f06d95d496d, 0x7f06d95d4968, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06d95d496e, 0x65d94daff3b15e00, 0x7f06d95d496d, 0x7f0704d250f0, 0x1, 0x0, 0x7f06d95d4940, 0x7f0725e9f4bc <distinguishedname_validate+92>, 0x7f06d95d496d, 0x65d94daff3b15e00, 0x91077ce, 0x7f0704d27a90, 0x1, 0x7f072bcbb408 <slapi_dn_syntax_check+264>, 0x1220ef9c, 0x7f072dcfe270, 0x2e, 0x7f06d95d4940, 0xdc7740, 0x7f0704d25430, 0x23412cb248b34aa, 0x1408519e191c12b, 0x31fe71007d47b40, 0x3b7c9b09b451a3f, 0x720007507dcb687, 0x6437cb2e9126634, 0x0, 0x0, 0x0, 0x0, 0x38b6fe7200000000, 0x339d09768553136b, 0x1b5b2f6a59ce33c1, 0x259f6ed835ce1dfb, 0x0, 0x0, 0x0, 0x0, 0x3650378000000000, 0x3b49744d90cd756a, 0x2e051ced6393d496, 0x2ab0901b6d285c55, 0xefb02d83e0f350a, 0x65d94daff3b15e00, 0x1f095d460962a938, 0x1668f4e0f22d730, 0x687ecba674fafc, 0x7f071b1361c9 <felem_square+601>, 0x331dde5a, 0x6357ef10, 0x0, 0x62c465f66e3fce, 0x165cc9c7995b4c8, 0x256506e137707c0, 0x7190c298cc48679, 0x7d425500ef0e796, 0x122b5d71bcbc555a, 0x112229786001987a, 0x1e8aadb3817bb540, 0x15f47a91ae8dfbae, 0x1f095d460962a938, 0xe3fba0a4ea61b88, 0x1210e8c44fb3c5cc, 0x440
081ddcd6fcec, 0x5e1f867f025521a, 0x687ecba674fafc, 0xd18cfc2d2613e4, 0x65d94daff3b15e00, 0x7f070485a55a, 0x7f0704d25400, 0x7f0704d25430, 0x7f0704d253d0, 0x7f0704d26080, 0x7f0704d25400, 0x7f0704d25430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x24a2f66e00000000, 0x3c8a154c5ac0ec0e, 0x28257a1c5897de7d, 0x1d539da268fbc9ed, 0x5e3fe1734bcc95c, 0x65d94daff3b15e00, 0x304b5144f85f7ee, 0xa45fde4, 0x2295dc, 0x7f071b13664a <felem_mul+1098>, 0x3787316, 0xbb0d144, 0x1761a288, 0x1a2ee607, 0x6f0e62c, 0xa45fde4, 0x148bfbc8, 0x1516ffea, 0x2295dc, 0x7f0704d25920, 0xb29a89c305480d, 0x105a1b7cda0966c, 0x156e878d554ac20, 0xd39aaeb87425ce, 0x39fc8c12cd5b157, 0x2c540320caceff7, 0x5516096e14d1727, 0x2ff904fe0a6b09f, 0x513921c9c413680, 0x39c17ae9e029433, 0x6379185312ec89d, 0x1ebfe1d87a8bf77, 0x4e3c852b7391c49, 0xd9444abd550def, 0x288460ba58c6515, 0x2e16321941175, 0x2c13902af652ab, 0x65d94daff3b15e00, 0x7f06db43ceb0, 0x7f0704d255c0, 0x7f0704d25590, 0x7f0704d260e0, 0x7f0704d260b0, 0x7f0704d255c0, 0x7f0704d25590, 0x7f071b137c2d <scalar_mult+1901>, 0x7f0704d26170, 0x7f0704d261a0, 0x7f0704d25920, 0x7f0704d255f0, 0x7f0704d25620, 0x7f0704d25830, 0x7f0704d25890, 0x7f0704d25800, 0x402e0e9fa8, 0x7f0704d256e0, 0x7f0704d258f0, 0x7f0704d25680, 0x7f0704d257a0, 0x7f0704d25860, 0x7f0704d25740, 0x7f0704d25770...}
        attrlistbuf = "\"krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdCha"...
        attrliststr = <optimized out>
        attrs = 0x7f06db315600
        rc = -1
        internal_op = <optimized out>
        basesdn = 0x7f06dc68b2b0
        sdn = 0x7f06dbcdf9f0
        operation = 0x7f072e4c10d0
        referral = 0x0
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        nentries = 0
        pnentries = 0
        flag_search_base_found = 0
        flag_no_such_object = 0
        flag_referral = 0
        flag_psearch = <optimized out>
        err_code = 0
        ctrlp = 0x0
        ctl_value = 0x0
        iscritical = 0
        be_name = <optimized out>
        index = -1
        sent_result = 0
        pr_stat = 0
        pagesize = -1
        estimate = 0
        curr_search_count = <optimized out>
        pr_be = <optimized out>
        pr_search_result = <optimized out>
        pr_idx = -1
        orig_sdn = 0x0
        free_sdn = 1
#26 0x00007f072c19e11e in do_search (pb=pb at entry=0x7f0704d27a90) at ldap/servers/slapd/search.c:349
        operation = 0x7f072e4c10d0
        ber = <optimized out>
        i = <optimized out>
        err = <optimized out>
        attrsonly = 0
        scope = 2
        deref = 0
        sizelimit = 0
        timelimit = 300
        rawbase = 0x7f06dbab5150 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        rawbase_set_in_pb = 1
        fstr = 0x7f06da47c4c0 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
        filter = 0x7f06d976dff0
        attrs = 0x7f06db315600
        gerattrs = 0x0
        psearch = 0
        psbvp = 0x0
        changetypes = 32519
        send_entchg_controls = 80901904
        changesonly = 0
        rc = -1
        strict = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        filter_normalized = 0
#27 0x00007f072c18ba73 in connection_dispatch_operation (pb=0x7f0704d27a90, op=0x7f072e4c10d0, conn=0x7f07075388d0) at ldap/servers/slapd/connection.c:651
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#28 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075388d0, pb_op = 0x7f072e4c10d0, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 1, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 0, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x0, op_stack_elem = 0x7f072e6681d0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0704d27a90
        conn = 0x7f07075388d0
        op = 0x7f072e4c10d0
        tag = 99
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#29 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54fe80) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e54fe80
        detached = 1
        id = 139668122404608
        tid = 26148
#30 0x00007f072982edc5 in start_thread (arg=0x7f0704d28700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0704d28700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668122404608, -8975886148032001126, 0, 139668122405312, 139668122404608, 1, 9034562517991689114, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#31 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 31 (Thread 0x7f0704527700 (LWP 26149)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668114011904
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0704525e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06d0005240
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06d01ea670
        addr = 0x7f06d01ea748
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06d01fc3a0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0704526060
        referral = 0x0
        e = 0x0
        dn = 0x7f06d013a590 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06d01e1ef0
        passin_sdn = 0
        mods = 0x7f06d0005240
        pw_mod = <optimized out>
        tmpmods = 0x7f06d0104110
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06d01ea670
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\210\316 \320\006\177\000\000 \000\000\320\006\177\000\000[\000\000\000\000\000\000\000\000[ \320\006\177\000\000\000\000\000\000\000\000\000\000\200Y\036\320\006\177\000\000xO\037\320\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\000\346\035\320\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\030A\020\320\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06d01fc3a0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06d01ea670
        opresult = 0
        normalized_mods = 0x7f06d0104110
        mods = 0x7f06d018ac10
        mod = 0x7f06d0104118
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -803224672, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0704526a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0704526a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0704526a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0704526a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06d00f9080
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06d02017b0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06d004cf20 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06d00f9080
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\320\006\177\000\000\200iR\004\a\177\000\000\220iR\004\a\177\000\000\356fR\004\a\177\000\000\354fR\004\a\177\000\000\360fR\004\a\177\000\000\261\230\255\373\350\003\000\000\000\000\000\000\017?\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000q\000\000\000\001\000\001\000\300\323 \320\006\177\000\000(\000\000\000\000\000\000\000q", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000 8z.\a\177\000\000\300\323 \320\006\177\000\000y\000\000\000\000\000\000\000q\000\000\000\000\000\000\000 8z.\a\177\000\000y\000\000\000\000\000\000\000 8z.\a\177\000\000\302"...
        bind_target_entry = 0x7f06d01fb920
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06d00ed000
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0704526a90, op=0x7f072e1c1680, conn=0x7f0707537ef8) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537ef8, pb_op = 0x7f072e1c1680, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06d00a6930, op_stack_elem = 0x7f072e501390, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0704526a90
        conn = 0x7f0707537ef8
        op = 0x7f072e1c1680
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e5502d0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e5502d0
        detached = 1
        id = 139668114011904
        tid = 26149
#15 0x00007f072982edc5 in start_thread (arg=0x7f0704527700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0704527700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668114011904, -8975886148032001126, 0, 139668114012608, 139668114011904, 1, 9034563616966445978, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 30 (Thread 0x7f0703d26700 (LWP 26150)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668105619200
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0703d24e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06d4099cd0
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06d42e0210
        addr = 0x7f06d42e02e8
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06d4230aa0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0703d25060
        referral = 0x0
        e = 0x0
        dn = 0x7f06d4295310 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06d40fb710
        passin_sdn = 0
        mods = 0x7f06d4099cd0
        pw_mod = <optimized out>
        tmpmods = 0x7f06d4183300
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06d42e0210
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000x#2\324\006\177\000\000 \000\000\324\006\177\000\000[\000\000\000\000\000\000\000\060\271\b\324\006\177\000\000\000\000\000\000\000\000\000\000 at V-\324\006\177\000\000H\035-\324\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000pa\n\324\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\b3\030\324\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06d4230aa0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06d42e0210
        opresult = 0
        normalized_mods = 0x7f06d4183300
        mods = 0x7f06d42fd770
        mod = 0x7f06d4183308
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -735901024, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0703d25a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0703d25a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0703d25a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0703d25a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06d42e0b30
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06d42e1cb0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06d410d2e0 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06d42e0b30
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\324\006\177\000\000\200Y\322\003\a\177\000\000\220Y\322\003\a\177\000\000\356V\322\003\a\177\000\000\354V\322\003\a\177\000\000\360V\322\003\a\177\000\000\261\250-\374\350\003\000\000\000\000\000\000\064\227\204\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000t\000\000\000\001\000\001\000\340\216!\324\006\177\000\000(\000\000\000\000\000\000\000t", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000`d\036.\a\177\000\000\340\216!\324\006\177\000\000y\000\000\000\000\000\000\000t\000\000\000\000\000\000\000`d\036.\a\177\000\000y\000\000\000\000\000\000\000`d\036.\a\177\000\000"...
        bind_target_entry = 0x7f06d4189980
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06d42b6f60
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0703d25a90, op=0x7f072e6493c0, conn=0x7f0707538330) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538330, pb_op = 0x7f072e6493c0, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06d41de340, op_stack_elem = 0x7f072e60fda0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0703d25a90
        conn = 0x7f0707538330
        op = 0x7f072e6493c0
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527410) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e527410
        detached = 1
        id = 139668105619200
        tid = 26150
#15 0x00007f072982edc5 in start_thread (arg=0x7f0703d26700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0703d26700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668105619200, -8975886148032001126, 0, 139668105619904, 139668105619200, 1, 9034564718088686490, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 29 (Thread 0x7f0703525700 (LWP 26151)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668097226496
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0703523e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06c8139850
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06c81f7ee0
        addr = 0x7f06c81f7fb8
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06c81fdfd0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0703524060
        referral = 0x0
        e = 0x0
        dn = 0x7f06c80c7230 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06c8100a80
        passin_sdn = 0
        mods = 0x7f06c8139850
        pw_mod = <optimized out>
        tmpmods = 0x7f06c804c9d0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06c81f7ee0
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000hi(\310\006\177\000\000 \000\000\310\006\177\000\000[\000\000\000\000\000\000\000\360\370\026\310\006\177\000\000\000\000\000\000\000\000\000\000\340\243\031\310\006\177\000\000xB\017\310\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\320+\003\310\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\330\311\004\310\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06c81fdfd0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06c81f7ee0
        opresult = 0
        normalized_mods = 0x7f06c804c9d0
        mods = 0x7f06c8153620
        mod = 0x7f06c804c9d8
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -937435184, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0703524a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0703524a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0703524a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0703524a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06c8040a10
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06c802f8e0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06c80ffc20 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06c8040a10
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\310\006\177\000\000\200IR\003\a\177\000\000\220IR\003\a\177\000\000\356FR\003\a\177\000\000\354FR\003\a\177\000\000\360FR\003\a\177\000\000\261\270\255\374\350\003\000\000\000\000\000\000a\251\216\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000\200\000\000\000\001\000\001\000? \310\006\177\000\000(\000\000\000\000\000\000\000\200", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\360\347d.\a\177\000\000? \310\006\177\000\000y\000\000\000\000\000\000\000\200\000\000\000\000\000\000\000\360\347d.\a\177\000\000y\000\000\000\000\000\000\000\360\347d.\a\177\000\000\302\306"...
        bind_target_entry = 0x7f06c827a5b0
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06c813b890
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0703524a90, op=0x7f072e7fa9d0, conn=0x7f0707539410) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707539410, pb_op = 0x7f072e7fa9d0, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c8135e70, op_stack_elem = 0x7f072e4f7250, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0703524a90
        conn = 0x7f0707539410
        op = 0x7f072e7fa9d0
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527860) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e527860
        detached = 1
        id = 139668097226496
        tid = 26151
#15 0x00007f072982edc5 in start_thread (arg=0x7f0703525700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0703525700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668097226496, -8975886148032001126, 0, 139668097227200, 139668097226496, 1, 9034565817063443354, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 28 (Thread 0x7f0702d24700 (LWP 26152)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668088833792
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0702d22e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06cc09cb70
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06cc22cfd0
        addr = 0x7f06cc22d0a8
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06cc0144d0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0702d23060
        referral = 0x0
        e = 0x0
        dn = 0x7f06cc0b52f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06cc161400
        passin_sdn = 0
        mods = 0x7f06cc09cb70
        pw_mod = <optimized out>
        tmpmods = 0x7f06cc153ee0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06cc22cfd0
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000h\310\v\314\006\177\000\000 \000\000\314\006\177\000\000[\000\000\000\000\000\000\000\240\317\002\314\006\177\000\000\000\000\000\000\000\000\000\000 n\024\314\006\177\000\000\370\355\037\314\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\200\377\n\314\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\350>\025\314\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06cc0144d0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06cc22cfd0
        opresult = 0
        normalized_mods = 0x7f06cc153ee0
        mods = 0x7f06cc1728a0
        mod = 0x7f06cc153ee8
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -872332080, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0702d23a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0702d23a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0702d23a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0702d23a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06cc153350
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06cc134670 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06cc117240 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06cc153350
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\314\006\177\000\000\200\071\322\002\a\177\000\000\220\071\322\002\a\177\000\000\356\066\322\002\a\177\000\000\354\066\322\002\a\177\000\000\360\066\322\002\a\177\000\000\261\310-\375\350\003\000\000\000\000\000\000?\203\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000s\000\000\000\001\000\001\000\340\332#\314\006\177\000\000(\000\000\000\000\000\000\000s", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\200\023f.\a\177\000\000\340\332#\314\006\177\000\000y\000\000\000\000\000\000\000s\000\000\000\000\000\000\000\200\023f.\a\177\000\000y\000\000\000\000\000\000\000\200\023f.\a\177\000\000\302"...
        bind_target_entry = 0x7f06cc139c50
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06cc1d6d50
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0702d23a90, op=0x7f072e60fb40, conn=0x7f07075381c8) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075381c8, pb_op = 0x7f072e60fb40, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06cc100dd0, op_stack_elem = 0x7f072e65bb70, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0702d23a90
        conn = 0x7f07075381c8
        op = 0x7f072e60fb40
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527cb0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e527cb0
        detached = 1
        id = 139668088833792
        tid = 26152
#15 0x00007f072982edc5 in start_thread (arg=0x7f0702d24700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0702d24700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668088833792, -8975886148032001126, 0, 139668088834496, 139668088833792, 1, 9034566918185683866, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 27 (Thread 0x7f0702523700 (LWP 26153)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668080441088
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0702521e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06c0378040
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06c004ac40
        addr = 0x7f06c004ad18
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06c001fec0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0702522060
        referral = 0x0
        e = 0x0
        dn = 0x7f06c027c790 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06c021c160
        passin_sdn = 0
        mods = 0x7f06c0378040
        pw_mod = <optimized out>
        tmpmods = 0x7f06c02a8db0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06c004ac40
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000H\266\004\300\006\177\000\000 \000\000\300\006\177\000\000[\000\000\000\000\000\000\000\360\001+\300\006\177\000\000\000\000\000\000\000\000\000\000\060%7\300\006\177\000\000X\313\002\300\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\360\313:\300\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\270\215*\300\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06c001fec0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06c004ac40
        opresult = 0
        normalized_mods = 0x7f06c02a8db0
        mods = 0x7f06c02aa200
        mod = 0x7f06c02a8db8
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1073611072, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0702522a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0702522a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0702522a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0702522a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06c032ac70
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06c02837c0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06c022c6a0 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06c032ac70
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\300\006\177\000\000\200)R\002\a\177\000\000\220)R\002\a\177\000\000\356&R\002\a\177\000\000\354&R\002\a\177\000\000\360&R\002\a\177\000\000\261?\375\350\003\000\000\000\000\000\000q\302\202\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000r\000\000\000\001\000\001\000\220Z\006\300\006\177\000\000(\000\000\000\000\000\000\000r", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\340\334m.\a\177\000\000\220Z\006\300\006\177\000\000y\000\000\000\000\000\000\000r\000\000\000\000\000\000\000\340\334m.\a\177\000\000y\000\000\000\000\000\000\000\340\334m.\a\177\000\000\302\306"...
        bind_target_entry = 0x7f06c002c300
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06c0052660
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0702522a90, op=0x7f072e5fe570, conn=0x7f0707538060) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538060, pb_op = 0x7f072e5fe570, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c005c700, op_stack_elem = 0x7f072e5fe4f0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0702522a90
        conn = 0x7f0707538060
        op = 0x7f072e5fe570
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528100) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e528100
        detached = 1
        id = 139668080441088
        tid = 26153
#15 0x00007f072982edc5 in start_thread (arg=0x7f0702523700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0702523700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668080441088, -8975886148032001126, 0, 139668080441792, 139668080441088, 1, 9034568017160440730, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 26 (Thread 0x7f0701d22700 (LWP 26154)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=0, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3703, timespec=timespec at entry=0x0, exclusive=exclusive at entry=0) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88b37 in __db_tas_mutex_readlock_int (nowait=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:438
        dbenv = 0x7f072e1d66a0
        mtxregion = 0x7f0719f71138
        ret = <optimized out>
        mutexp = 0x7f0719ffa880
        mtxmgr = <optimized out>
        ip = 0x1
        lock = <optimized out>
        nspins = <optimized out>
#4  __db_tas_mutex_readlock (env=env at entry=0x7f072e0efbf0, mutex=3703) at ../../src/mutex/mut_tas.c:472
No locals.
#5  0x00007f0722fa2d35 in __memp_fget (dbmfp=dbmfp at entry=0x7f072e2c32e0, pgnoaddr=pgnoaddr at entry=0x7f0688034610, ip=0x0, txn=0x0, flags=flags at entry=0, addrp=addrp at entry=0x7f0688034600) at ../../src/mp/mp_fget.c:317
        state = <optimized out>
        alloc_bhp = 0x0
        bhp = 0x7f0719dcbfe0
        oldest_bhp = <optimized out>
        env = 0x7f072e0efbf0
        read_lsnp = <optimized out>
        vlsn = <optimized out>
        dbmp = 0x7f072e1a55e0
        hp = 0x7f07193937e8
        c_mp = 0x7f0719383138
        mfp = <optimized out>
        list = 0x16
        lp = <optimized out>
        renv = <optimized out>
        infop = 0x7f072e0f11d0
        t_infop = 0x7f071a2e6e68
        reginfo = <optimized out>
        td = 0x0
        list_off = <optimized out>
        mf_offset = 595832
        bucket = 1173
        pinmax = <optimized out>
        st_hsearch = <optimized out>
        b_incr = 1
        b_lock = 0
        h_locked = 0
        dirty = 0
        extending = 0
        makecopy = 0
        mvcc = 0
        need_free = <optimized out>
        ret = 0
#6  0x00007f0722f4c333 in __dbc_iget (dbc=0x7f0688038430, key=0x7f0701d13800, data=<optimized out>, flags=17) at ../../src/db/db_cam.c:1050
        dbp = <optimized out>
        ddbc = <optimized out>
        dbc_n = 0x0
        opd = 0x7f068800b080
        cp = <optimized out>
        cp_n = 0x7f06880345f0
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        pgno = 32519
        indx_off = <optimized out>
        multi = 2048
        orig_ulen = 0
        tmp_flags = <optimized out>
        tmp_read_locking = <optimized out>
        tmp_rmw = 0
        type = <optimized out>
        key_small = 0
        ret = 0
        t_ret = <optimized out>
#7  0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f0688038430, key=key at entry=0x7f0701d13800, data=data at entry=0x7f0701d13830, flags=flags at entry=2065) at ../../src/db/db_cam.c:770
No locals.
#8  0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f0688038430, key=0x7f0701d13800, data=0x7f0701d13830, flags=2065) at ../../src/db/db_iface.c:2359
        dbp = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#9  0x00007f071e21ba42 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=<optimized out>, txn=<optimized out>, a=0x7f072e1be6c0, flag_err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:280
        lastid = 38557
        ret = 0
        idl_rc = <optimized out>
        cursor = 0x7f0688038430
        idl = 0x7f06c4256550
        key = {data = 0x7f0701d15ae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        data = {data = 0x7f0701d13890, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        id = <optimized out>
        count = 8378
        buffer = "\004\000\001\071\227\000\000Q\004\000\001\067\227\000\000p\004\000\001\065\227\000\000N\004\000\001\063\227\000\000R\004\000\001\061\227\000\000p\004\000\001/\227\000\000V\004\000\001-\227\000\000M\004\000\001+\227\000\000C\004\000\001)\227\000\000\n\004\000\001'\227\000\000s\004\000\001%\227\000\000n\004\000\001#\227\000\000C\004\000\001!\227\000\000g\004\000\001\037\227\000\000,\004\000\001\035\227\000\000i\004\000\001\033\227\000\000o\004\000\001\031\227\000\000d\004\000\001\027\227\000\000a\004\000\001\025\227\000\000R\004\000\001\023\227\000\000a\004\000\001\021\227\000\000P\004\000\001\017\227\000\000n\004\000\001\r\227\000\000s\004\000\001\v\227\000\000f\004\000\001\t\227\000\000t"...
        ptr = <optimized out>
        dataret = {data = 0x0, size = 4, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
        s_txn = {back_txn_txn = 0x0}
        li = <optimized out>
#10 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0701d15980, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
No locals.
#11 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06c42238f0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0701d19c50, err=err at entry=0x7f0701d1c74c, unindexed=unindexed at entry=0x7f0701d19c44, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
        interval = <optimized out>
        db = 0x7f072e2b8f50
        db_txn = 0x0
        key = {data = 0x7f0701d15ae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        idl = 0x0
        prefix = <optimized out>
        tmpbuf = 0x0
        buf = "=posixaccount\000\000\000\004\000\000\000\243\t\000\000\004\000\000\000\253\t\000\000\004\000\000\000\263\t\000\000\004\000\000\000\273\t\000\000\004\000\000\000\303\t\000\000\004\000\000\000\313\t\000\000\004\000\000\000\323\t\000\000\004\000\000\000\333\t\000\000\004\000\000\000\343\t\000\000\004\000\000\000\353\t\000\000\004\000\000\000\363\t\000\000\004\000\000\000\373\t\000\000\004\000\000\000\003\n\000\000\004\000\000\000\v\n\000\000\004\000\000\000\023\n\000\000\004\000\000\000\033\n\000\000\004\000\000\000#\n\000\000\004\000\000\000+\n\000\000=referral\000\000\000;\n\000\000\004\000\000\000C\n\000\000\004\000\000\000K\n\000\000\004\000\000\000S\n\000\000"...
        typebuf = "objectClass\000\000\000\000\000P\217+.\a\177", '\000' <repeats 18 times>, "\300\346\033.\a\177", '\000' <repeats 18 times>, "\200[\321\001\a\177\000\000\n\000\000\000\n", '\000' <repeats 20 times>, "\b\000\000\000\000\000\000\004\000\000\000\373\b\000\000\004\000\000\000\003\t\000\000\004\000\000\000\v\t\000\000\004\000\000\000\023\t\000\000\004\000\000\000\033\t\000\000\004\000\000\000#\t\000\000\004\000\000\000+\t\000\000objectclass\000;\t\000\000\004\000\000\000C\t\000\000\004\000\000\000K\t\000\000\004\000\000\000S\t\000\000"...
        ai = 0x7f072e1be6c0
        basetmp = 0x0
        basetype = <optimized out>
        retry_count = 0
        encrypted_val = 0x0
        is_and = 1
        ai_flags = 1
#12 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, type=0x7f06c42238f0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0701d1c74c, unindexed=unindexed at entry=0x7f0701d19c44, txn=txn at entry=0x7f0701d19c50, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
        idl2 = 0x0
        i = 0
#13 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06c42375b0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
        tmp = {bv = {bv_len = 12, bv_val = 0x7f06c41288e0 "posixAccount"}, v_csnset = 0x0, v_flags = 0}
        ptr = {0x7f0701d19ca0, 0x0}
        fake = {bv = {bv_len = 12, bv_val = 0x7f0701d19d40 "posixaccount"}, v_csnset = 0x7f06c4236c40, v_flags = 1536}
        buf = "posixaccount\000\177\000\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\225\317-\a\177\000\000\323\325\351%\a\177", '\000' <repeats 11 times>, "^\261\363\257M\331e4\340\363+\a\177\000\000\252\000\000\000\000\000\000\000\300\235\321\001\a\177\000\000P\241\321\001\a\177\000\000\070\241\321\001\a\177\000\000\315\301\313+\a\177\000\000\370\235\321\001\a\177\000\000\220\200\351%\a\177", '\000' <repeats 26 times>, "\300\225\317-\a\177", '\000' <repeats 634 times>...
        type = 0x7f06c42238f0 "objectClass"
        indextype = 0x7f071e271c87 "eq"
        sv = {bv = {bv_len = 12, bv_val = 0x7f0701d19d40 "posixaccount"}, v_csnset = 0x7f06c4236c40, v_flags = 1536}
        bval = 0x7f06c42375d8
        ivals = 0x7f0701d19c70
        idl = 0x0
        unindexed = 0
        sattr = {a_type = 0x7f06c41c2bd0 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
        txn = {back_txn_txn = 0x0}
        pr_idx = -1
#14 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06c42375b0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#15 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06c42376c0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x0
        tmp = 0x65d94daff3b15e00
        tmp2 = 0x0
        f = 0x7f06c42375b0
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 1
#16 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06c42376c0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#17 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06c4238fd0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x0
        tmp = 0x0
        tmp2 = 0x0
        f = 0x7f06c42376c0
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 0
#18 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06c4238fd0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#19 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06c42280d0, be=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06c42376c0, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0701d1c73c, err=err at entry=0x7f0701d1c74c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
        focref = 0x7f06c4225510
        forr = 0x7f06c4238fd0
        ftop = <optimized out>
        candidates = <optimized out>
        has_tombstone_filter = <optimized out>
        isroot = 0
        allidslimit = 100000
        op = 0x0
        is_bulk_import = 0
#20 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0701d1c778, lookup_returned_allidsp=0x7f0701d1c73c, scope=<optimized out>, base=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06c42280d0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
        filter = 0x7f06c42376c0
        err = 0
        li = 0x7f072df49930
        managedsait = 0
        r = 0
#21 ldbm_back_search (pb=0x7f06c42280d0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
        rc = <optimized out>
        time_up = 0
        vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
        vlv_rc = 32519
        lookthrough_limit = 0
        abandoned = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x7f06a051d150
        candidates = 0x0
        base = 0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        basesdn = 0x7f06c41e6200
        scope = 2
        controls = 0x0
        operation = 0x7f06c41dc7f0
        addr = 0x7f06c41dc8c8
        estimate = 0
        sort = 0
        vlv = <optimized out>
        sort_spec = 0x0
        is_sorting_critical = <optimized out>
        is_sorting_critical_orig = 0
        sort_control = 0x0
        virtual_list_view = 0
        vlv_spec = 0x0
        is_vlv_critical = 0
        vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
        sr = <optimized out>
        tmp_err = -1
        tmp_desc = 0x0
        lookup_returned_allids = 0
        backend_count = 0
        print_once = 1
        txn = {back_txn_txn = 0x0}
        rc = <optimized out>
#22 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06c42280d0, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
        be_suffix = 0x7f072de73fa0
        err = 0
        next_be = 0x0
        base = 0x7f072e2b7d00 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normbase = <optimized out>
        fstr = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
        scope = 2
        be = 0x7f072e0f5f20
        be_single = 0x0
        be_list = {0x7f072e0f5f20, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x30, 0x1c422ebc0, 0x10f00010002, 0xffffffcd00000031, 0x7f06c422ebc0, 0x0, 0x7f06c41ee890, 0x1, 0x0, 0x7f0701d1cc78, 0x7f0701d1cc28, 0x0, 0x7f0701d1cc28, 0x7f0701d1cc30, 0x0, 0x7f0701d1cc78, 0x65d94daff3b15e00, 0x7f06c42245c0, 0x7f0701d1cc30, 0x7f06c42245c0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f0701d1ccd8, 0x7f0701d1cc88, 0x0, 0x7f0701d1cc88, 0x7f0701d1cc40, 0x1, 0x7f0701d1cc30, 0x100000001, 0x7f0600000000, 0x7f0701d1cc70, 0x0, 0x0, 0x7f0701d1cc70, 0x7f0701d1cc68, 0x7f0701d1cbe4, 0x0, 0x0, 0x7f0701d1cbec, 0x7f0701d1cc90, 0x100000001, 0x0, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06c4102320, 0x7f072bd09f50, 0x0, 0x0, 0x0, 0x7f06c422ebc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x0, 0x7f06c421bb60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x1, 0x0, 0x7f0701d1cea8, 0x7f0701d1ce58, 0x0, 0x7f0701d1ce58, 0x7f0701d1ce60, 0x0, 0x7f0701d1cea8, 0x65d94daff3b15e00, 0x7f06c42280d0, 0x7f0701d1ce60, 0x7f06c42280d0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f072bd03a2e, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0701d1ce70, 0x1, 0x7f0701d1ce60, 0x100000001, 0x0, 0x7f0701d1cea0, 0x0, 0x0, 0x7f0701d1cea0, 0x7f0701d1ce98, 0x7f0701d1ce14, 0x0, 0x0, 0x7f0701d1ce1c, 0x7f0701d1d008, 0x7f0600000001, 0xc41ad150, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06c40b9c00, 0x7f072bd09f50, 0x0, 0x0, 0x0, 0x7f06c41dc7f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x7f06c41d73c8, 0x7f0701d1cf18, 0x7f072dcd1e30, 0x30, 0x7f0701d1d000, 0x7f0701d1cff4, 0x1c423bfb0, 0x7f0701d1cf28, 0x7f06c4238f90, 0x7f06c42245c0, 0x7f06c423bfb0, 0x0, 0x5, 0x7f06c41d8ea8, 0x7f06c40c1fe8, 0x7f06c400f750, 0x7f06c40c1fe8, 0x7f06c40c1fe8, 0x7f06c40c1fe8, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0
x10, 0x7f072bced4fe <valuearray_free_ext+78>, 0x7f06c4057580, 0x7f06c40c1fd8, 0x7f0701d1cfc0, 0x7f0701d1cff0, 0x7f0701d1d010, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f0701d1d028, 0x90, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0701d1d048, 0x90, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06c422b000, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06c4057580, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f0707536cb0, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0701d1d0d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e2b7640, 0x65d94daff3b15e00, 0x1, 0x7f0707536cb0...}
        referral_list = {0x0 <repeats 48 times>, 0xffff80f8fe2e1461, 0x37, 0xd, 0x1, 0x5c0000003d, 0x7f0701d1eba0, 0x0, 0x0, 0x770000006e, 0x0, 0x7f0701d1eb9f, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f06c4000020, 0x0, 0x7f06c41b3e10, 0x0, 0x10, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f0701d1ec88, 0x35d, 0x0, 0x7f072bc61ce3 <slapi_ch_malloc+19>, 0x7f0701d1ec88, 0x7f06c4000020, 0x0, 0x35c, 0x7f06c4237e60, 0x7f072bcec38e <ber_bvcpy+46>, 0x7f06c4237e60, 0x7f06c41b3e10, 0x0, 0x7f072bcec5a1 <slapi_value_set_berval+49>, 0x0, 0x7f06c4237e60, 0x7f06c41b3e10, 0x7f072bcec5f6 <value_init+70>, 0x7f06c414d040, 0x7f06c4237e60, 0x7f06c41b3e10, 0x7f072bcec652 <value_new+50>, 0x0, 0x65d94daff3b15e00, 0xffffffff00000001, 0x65d94daff3b15e00, 0x0, 0x7f06c418f3e8, 0x1, 0x0, 0x7f06c414d040, 0x7f072bcee42a <slapi_valueset_add_attr_valuearray_ext+250>, 0x7f06c40fc460, 0x7f06c418f3e0, 0x7f06c41b6c80, 0x7f0701d1ed7c, 0xffffffff00000001, 0x7f06c418f3e0, 0x7f06c422a800, 0x7f06c414d040, 0x7f0701d20fd0, 0x7f06c41d1380, 0x7f0701d20f90, 0x7f072bc5b4d4 <attr_add_valuearray+148>, 0x7f06c4234ba0, 0x7f06c420d690, 0x0, 0x7f072b7a3085 <profile_update_file_data_locked+85>, 0xfd00, 0x1035277, 0x1, 0x81a4, 0x0, 0x0, 0x354, 0x1000, 0x8, 0x5872a492, 0xdc6d3e, 0x587152bb, 0x2f44381a, 0x587152bb, 0x2f44381a, 0x0, 0x0, 0x0, 0x0, 0x65d94daff3b15e00, 0xf, 0x7f06d40030d0, 0x0, 0x7f06d40030d8, 0x7f06c422f3d0, 0x7f0701d20f48, 0x7f0701d20f50, 0x7f06d40030d0, 0x0, 0x1, 0x7f06c422f3d0, 0x7f0701d20f48, 0x7f0701d20f50, 0x7f072b7a3a20 <profile_open_file+432>, 0x7f06c4234ba0, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06c42238f0, 0x7f07219e6eb5, 0x7f06c4156720, 0x7f0701d1ef30, 0x7f06c41e1f60, 0x7f072bcd6dff <PL_HashTableLookup_const+31>, 0x0, 0x0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06c41e3a10, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f0701d1f068, 0x0, 0x0, 0x7f06c4028f90, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x75676e6974736964, 0x6d614e6465687369, 0x7f06c4010065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0
701d1f0c8, 0x7f071a1b9328, 0x241840, 0x7f0701d1f150, 0x7f0722f9a289 <__log_putr+809>, 0x343633353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06c41d7e25, 0x7f06c41d7e22, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06c41d7e26, 0x65d94daff3b15e00, 0x7f06c41d7e25, 0x7f0701d1eff0, 0x7f0701d1f080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06c41e3762, 0x7f06c4000020, 0x20, 0x0, 0x0, 0x7f0701d1f108, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f06c42336b0, 0x7f072bcec58a <slapi_value_set_berval+26>, 0x0, 0x7f06c42336b0, 0x0, 0x7f072bcec5f6 <value_init+70>, 0x7f0701d1f080, 0x7f06c42336b0, 0x0, 0x7f072bcec652 <value_new+50>, 0x7f06c42336b0, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x7f06c413d320, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06c413d320, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06c415c388, 0x7f0701d1f4d8, 0x7f0701d1f4e8, 0x7f0725e9ceed <string_values2keys+509>, 0x7f0701d1f110, 0x7f0701d1f4e0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06c41e3a10, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06c415c388, 0x0...}
        attrlistbuf = "\037\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\016\322\001\a\177\000\000\311n\347)\a\177\000\000\273\212\320+\a\177\000\000\300\r\322\001\a\177\000\000\000\000\000\000\000\000\000\000?\320+\a\177\000\000?\320+\a\177\000\000\356q\347)\a\177\000\000\060\f\322\001\a\177\000\000\000\000\000\000\000\000\000\000\060\231\363-\a\177\000\000\237\v\322\001\a\177\000\000\240\v\322\001\a\177\000\000\016\000\000\000\006\177\000\000\360\f\322\001\a\177\000\000\361\f\322\001\a\177\000\000\000\000\000\000\006\177\000\000\bRN)\000\000\000\000\060\231\363-\a\177\000\000\060 \v\304\006\177\000 \200\314\371-\a\177\000\000\370\v\322\001\a\177\000\000\064\340\363+\a\177\000\000\060\200"...
        attrliststr = <optimized out>
        attrs = 0x7f06c41e36a0
        rc = -1
        internal_op = <optimized out>
        basesdn = 0x7f06c4029ad0
        sdn = 0x7f06c41e6200
        operation = 0x7f06c41dc7f0
        referral = 0x0
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        nentries = 0
        pnentries = 0
        flag_search_base_found = 0
        flag_no_such_object = 0
        flag_referral = 0
        flag_psearch = <optimized out>
        err_code = 0
        ctrlp = 0x0
        ctl_value = 0x0
        iscritical = 0
        be_name = <optimized out>
        index = -1
        sent_result = 0
        pr_stat = 0
        pagesize = -1
        estimate = 0
        curr_search_count = <optimized out>
        pr_be = <optimized out>
        pr_search_result = <optimized out>
        pr_idx = -1
        orig_sdn = 0x7f072dfb06d0
        free_sdn = 1
#23 0x00007f072bcb8ede in search_internal_callback_pb (pb=pb at entry=0x7f06c42280d0, callback_data=callback_data at entry=0x7f0701d21010, prc=prc at entry=0x7f072bcb8030 <internal_plugin_result_callback>, psec=psec at entry=0x7f072bcb8080 <internal_plugin_search_entry_callback>, prec=prec at entry=0x7f072bcb8040 <internal_plugin_search_referral_callback>) at ldap/servers/slapd/plugin_internal_op.c:783
        controls = 0x0
        op = 0x7f06c41dc7f0
        filter = 0x7f06c42376c0
        fstr = 0x7f06c4234de0 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
        callback_handler_data = {p_res_callback = 0x7f072bcb8030 <internal_plugin_result_callback>, p_srch_entry_callback = 0x7f072bcb8080 <internal_plugin_search_entry_callback>, p_ref_entry_callback = 0x7f072bcb8040 <internal_plugin_search_referral_callback>, callback_data = 0x7f0701d21010}
        scope = 2
        ifstr = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
        opresult = 734756912
        rc = 0
        tmp_attrs = 0x0
#24 0x00007f072bcb9178 in search_internal_pb (pb=pb at entry=0x7f06c42280d0) at ldap/servers/slapd/plugin_internal_op.c:636
        psid = {rc = -1, num_entries = 0, num_referrals = 0, entry_list_head = 0x0, referral_list_head = 0x0}
        iterator = <optimized out>
        tmp = 0x7f072dfb06d0
        ref_iterator = <optimized out>
        ref_tmp = 0x7f072df9cba0
        i = <optimized out>
        opresult = 0
        pb_search_entries = 0x0
        pb_search_referrals = 0x0
#25 0x00007f072bcb93d3 in slapi_search_internal_pb (pb=pb at entry=0x7f06c42280d0) at ldap/servers/slapd/plugin_internal_op.c:545
No locals.
#26 0x00007f0721ffde80 in search_one_berval (baseDN=baseDN at entry=0x7f072dfb06d0, attrNames=attrNames at entry=0x7f072e199380, value=<optimized out>, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", target=target at entry=0x7f06c41d8ea0, excludes=excludes at entry=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:668
        err = <optimized out>
        sres = -1004781968
        entries = 0x0
        attrs = {0x7f0721fffc1c "1.1", 0x0}
        result = 0
        filter = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
        spb = 0x7f06c42280d0
#27 0x00007f0721ffe232 in search (baseDN=0x7f072dfb06d0, attrNames=0x7f072e199380, attr=0x7f06c4205150, values=<optimized out>, requiredObjectClass=0x7f072dfb4bd0 "posixAccount", target=0x7f06c41d8ea0, excludes=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:607
        v = 0x7f06c4147910
        vhint = 0
        result = 0
        values = <optimized out>
        attrNames = 0x7f072e199380
        excludes = 0x7f072e1a27d0
        target = 0x7f06c41d8ea0
        requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
        attr = 0x7f06c4205150
        baseDN = 0x7f072dfb06d0
#28 0x00007f0721ffe53c in searchAllSubtrees (subtrees=<optimized out>, exclude_subtrees=0x7f072e1a27d0, attrNames=attrNames at entry=0x7f072e199380, attr=0x7f06c4205150, values=values at entry=0x0, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", dn=0x7f06c41d8ea0, unique_in_all_subtrees=1) at ldap/servers/plugins/uiduniq/uid.c:816
        sufdn = 0x7f072dfb06d0
        result = 0
        i = <optimized out>
#29 0x00007f0721fff005 in preop_add (pb=0x7f0701d21a90) at ldap/servers/plugins/uiduniq/uid.c:1040
        err = <optimized out>
        markerObjectClass = 0x0
        sdn = 0x7f06c41d8ea0
        e = 0x7f06c4234980
        config = 0x7f072e2b3390
        i = <optimized out>
        requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
        isupdatedn = 0
        attr = 0x7f06c4205150
        result = 0
        errtext = 0x0
        attrNames = 0x7f072e199380
        attr_friendly = 0x7f072e2b6b50 "uid "
#30 0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df9cfa0, operation=operation at entry=407, pb=pb at entry=0x7f0701d21a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0721ffedf0 <preop_add>
        rc = <optimized out>
        return_value = 0
        count = 22
#31 0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0701d21a90, operation=407, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#32 plugin_call_plugins (pb=pb at entry=0x7f0701d21a90, whichfunction=whichfunction at entry=407) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 1
        rc = 0
        do_op = <optimized out>
#33 0x00007f072bc57e49 in op_shared_add (pb=pb at entry=0x7f0701d21a90) at ldap/servers/slapd/add.c:680
        operation = 0x7f072e5f6f00
        e = 0x7f06c4234980
        pse = 0xf
        be = 0x7f072e0f5f20
        err = <optimized out>
        internal_op = 0
        repl_op = 0
        legacy_op = 0
        lastmod = 1
        pwdtype = 0x0
        attr = 0x0
        referral = 0x0
        errorbuf = "\000\023k.\a\177\000\000\220\034\034\304\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000\000\023k.\a\177\000\000\000\025\322\001\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\025\322\001\a\177\000\000P\337\301*\a\177\000\000\340.\027\304\006\177\000\000\000\023k.\a\177\000\000\037,\317+\a\177\000\000\220\025\322\001\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000\060\200#\304\006\177\000\000\062\000\000\000[\000\000\000\000^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\025\322\001\a\177\000\000`\025\322\001\a\177\000\000\r\000\000\000\000\000\000\000"...
        p = <optimized out>
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        sdn = 0x7f06c41d8ea0
        pwpolicy = <optimized out>
#34 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f0701d21a90) at ldap/servers/slapd/add.c:226
        operation = 0x7f072e5f6f00
        ber = <optimized out>
        last = 0x7f06c41c1c8a "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
        len = 18446744073709551615
        tag = 18446744073709551615
        e = 0x7f06c4234980
        err = 0
        rc = <optimized out>
        searchsubentry = <optimized out>
#35 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f0701d21a90, op=0x7f072e5f6f00, conn=0x7f07075343e8) at ldap/servers/slapd/connection.c:612
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#36 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075343e8, pb_op = 0x7f072e5f6f00, pb_plugin = 0x7f072df9cfa0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c421b850, op_stack_elem = 0x7f072e60c9c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0701d21a90
        conn = 0x7f07075343e8
        op = 0x7f072e5f6f00
        tag = 104
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#37 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528550) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e528550
        detached = 1
        id = 139668072048384
        tid = 26154
#38 0x00007f072982edc5 in start_thread (arg=0x7f0701d22700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0701d22700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668072048384, -8975886148032001126, 0, 139668072049088, 139668072048384, 1, 9034569118282681242, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#39 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 25 (Thread 0x7f0701521700 (LWP 26155)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668063655680
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f070151fe30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06b805e640
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06b8287cf0
        addr = 0x7f06b8287dc8
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06b837a570, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0701520060
        referral = 0x0
        e = 0x0
        dn = 0x7f06b80eaef0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06b80e2100
        passin_sdn = 0
        mods = 0x7f06b805e640
        pw_mod = <optimized out>
        tmpmods = 0x7f06b80bb6b0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06b8287cf0
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\210\320.\270\006\177\000\000 \000\000\270\006\177\000\000[\000\000\000\000\000\000\000\240\005\005\270\006\177\000\000\000\000\000\000\000\000\000\000\240\311G\270\006\177\000\000X\252n\270\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\060\255+\270\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\270\266\v\270\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06b837a570) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06b8287cf0
        opresult = 0
        normalized_mods = 0x7f06b80bb6b0
        mods = 0x7f06b80caf80
        mod = 0x7f06b80bb6b8
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1204312720, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0701520a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0701520a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0701520a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0701520a90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06b801f4b0
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06b80f12f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06b8675420 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06b801f4b0
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\270\006\177\000\000\200\tR\001\a\177\000\000\220\tR\001\a\177\000\000\356\006R\001\a\177\000\000\354\006R\001\a\177\000\000\360\006R\001\a\177\000\000\261\370\255\376\350\003\000\000\000\000\000\000\224\201\205\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000u\000\000\000\001\000\001\000P\201w\270\006\177\000\000(\000\000\000\000\000\000\000u", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000`\232q.\a\177\000\000P\201w\270\006\177\000\000y\000\000\000\000\000\000\000u\000\000\000\000\000\000\000`\232q.\a\177\000\000y\000\000\000\000\000\000\000`\232q.\a\177\000\000"...
        bind_target_entry = 0x7f06b8034a40
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06b8134990
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0701520a90, op=0x7f072e65b980, conn=0x7f0707538498) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538498, pb_op = 0x7f072e65b980, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b866eb00, op_stack_elem = 0x7f072e674110, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0701520a90
        conn = 0x7f0707538498
        op = 0x7f072e65b980
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e5289a0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e5289a0
        detached = 1
        id = 139668063655680
        tid = 26155
#15 0x00007f072982edc5 in start_thread (arg=0x7f0701521700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0701521700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668063655680, -8975886148032001126, 0, 139668063656384, 139668063655680, 1, 9034570217257438106, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 24 (Thread 0x7f0700d20700 (LWP 26156)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668055262976
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0700d1ee30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06bc0c1cf0
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06bc26e000
        addr = 0x7f06bc26e0d8
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06bc2660f0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f0700d1f060
        referral = 0x0
        e = 0x0
        dn = 0x7f06bc23e240 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06bc17b470
        passin_sdn = 0
        mods = 0x7f06bc0c1cf0
        pw_mod = <optimized out>
        tmpmods = 0x7f06bc0edc20
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06bc26e000
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000H\v$\274\006\177\000\000 \000\000\274\006\177\000\000[\000\000\000\000\000\000\000 \372\004\274\006\177\000\000\000\000\000\000\000\000\000\000\360\266\021\274\006\177\000\000\230\254\r\274\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000 e\023\274\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000(\334\016\274\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06bc2660f0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06bc26e000
        opresult = 0
        normalized_mods = 0x7f06bc0edc20
        mods = 0x7f06bc24bbb0
        mod = 0x7f06bc0edc28
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1138335504, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0700d1fa90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0700d1fa90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f0700d1fa90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0700d1fa90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06bc08d090
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06bc171200 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06bc02f700 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06bc08d090
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\274\006\177\000\000\200\371\321\000\a\177\000\000\220\371\321\000\a\177\000\000\356\366\321\000\a\177\000\000\354\366\321\000\a\177\000\000\360\366\321\000\a\177\000\000\261\b.\377\350\003\000\000\000\000\000\000=\352\213\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000}\000\000\000\001\000\001\000@\214'\274\006\177\000\000(\000\000\000\000\000\000\000}", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000p\nL.\a\177\000\000@\214'\274\006\177\000\000y\000\000\000\000\000\000\000}\000\000\000\000\000\000\000p\nL.\a\177\000\000y\000\000\000\000\000\000\000p\nL.\a\177\000\000"...
        bind_target_entry = 0x7f06bc15a530
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06bc0f5a50
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0700d1fa90, op=0x7f072e4c0880, conn=0x7f0707538fd8) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538fd8, pb_op = 0x7f072e4c0880, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06bc1427f0, op_stack_elem = 0x7f072e63de90, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f0700d1fa90
        conn = 0x7f0707538fd8
        op = 0x7f072e4c0880
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528df0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e528df0
        detached = 1
        id = 139668055262976
        tid = 26156
#15 0x00007f072982edc5 in start_thread (arg=0x7f0700d20700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f0700d20700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668055262976, -8975886148032001126, 0, 139668055263680, 139668055262976, 1, 9034571292609874842, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 23 (Thread 0x7f070051f700 (LWP 26157)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139668046852768, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3881, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
        mtxmgr = <optimized out>
        mtxregion = 0x7f0719f71138
        ip = 0x0
        timespec = {tv_sec = 0, tv_nsec = 139668041498625}
        ret = <optimized out>
        dbenv = 0x7f072e1d66a0
        mutexp = 0x7f071a001230
        now = {tv_sec = 139668477207320, tv_nsec = 139668627163795}
        nspins = 0
#4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=3881, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
No locals.
#5  0x00007f0722fa2e1b in __memp_fget (dbmfp=dbmfp at entry=0x7f072e2c32e0, pgnoaddr=pgnoaddr at entry=0x7f070051b5bc, ip=0x0, txn=0x7f06b02372a0, flags=0, flags at entry=2, addrp=addrp at entry=0x7f070051b5c8) at ../../src/mp/mp_fget.c:311
        state = <optimized out>
        alloc_bhp = 0x0
        bhp = 0x7f0719f35e70
        oldest_bhp = <optimized out>
        env = 0x7f072e0efbf0
        read_lsnp = <optimized out>
        vlsn = <optimized out>
        dbmp = 0x7f072e1a55e0
        hp = 0x7f071938aef8
        c_mp = 0x7f0719383138
        mfp = <optimized out>
        list = 0x0
        lp = <optimized out>
        renv = <optimized out>
        infop = 0x7f072e0f11d0
        t_infop = 0x0
        reginfo = <optimized out>
        td = 0x0
        list_off = <optimized out>
        mf_offset = 595832
        bucket = 547
        pinmax = <optimized out>
        st_hsearch = <optimized out>
        b_incr = 1
        b_lock = 0
        h_locked = 0
        dirty = 2
        extending = 0
        makecopy = 0
        mvcc = 0
        need_free = <optimized out>
        ret = 0
#6  0x00007f0722ea6211 in __bam_search (dbc=dbc at entry=0x7f06d80008c0, root_pgno=root_pgno at entry=15, key=key at entry=0x7f070051b990, flags=12802, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f070051b77c) at ../../src/btree/bt_search.c:806
        t = 0x7f072e2cb6d0
        cp = 0x7f072e198350
        dbp = 0x7f072e2b8f50
        lock = {off = 0, ndx = 585668749, gen = 32519, mode = DB_LOCK_NG}
        saved_lock = {off = 0, ndx = 5355032, gen = 32519, mode = 435622756}
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        h = 0x0
        parent_h = 0x0
        base = <optimized out>
        i = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        lock_mode = DB_LOCK_WRITE
        pg = 187
        saved_pg = 15
        start_pgno = 15
        recno = 0
        adjust = <optimized out>
        cmp = 1100
        deloffset = <optimized out>
        ret = <optimized out>
        set_stack = 1
        stack = 1
        t_ret = <optimized out>
        getlock = 1
        was_next = 0
        get_mode = 2
        wait = 4
        level = 2 '\002'
        saved_level = 255 '\377'
#7  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06d80008c0, root_pgno=15, key=key at entry=0x7f070051b990, flags=flags at entry=19, exactp=exactp at entry=0x7f070051b77c) at ../../src/btree/bt_cursor.c:2804
        t = <optimized out>
        cp = <optimized out>
        dbp = <optimized out>
        h = <optimized out>
        base = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        bt_lpgno = 0
        recno = 0
        sflags = <optimized out>
        bulk = <optimized out>
        cmp = 0
        ret = 0
        t_ret = <optimized out>
#8  0x00007f0722e956c4 in __bamc_put (dbc=0x7f06d80008c0, key=0x7f070051ba70, data=0x7f070051b990, flags=19, pgnop=0x0) at ../../src/btree/bt_cursor.c:2114
        t = <optimized out>
        cp = 0x7f072e198350
        dbp = 0x7f072e2b8f50
        dbt = {data = 0x0, size = 5355520, ulen = 32519, dlen = 5356144, doff = 32519, app_data = 0x7f070051b990, flags = 0}
        mpf = 0x7f072e2c32e0
        root_pgno = 15
        cmp = -671008528
        exact = 32518
        own = 0
        ret = 0
        stack = 0
        iiop = <optimized out>
        arg = <optimized out>
#9  0x00007f0722f4c6d5 in __dbc_iput (dbc=0x7f06d80138f0, key=0x7f070051ba70, data=0x7f070051b990, flags=19) at ../../src/db/db_cam.c:2155
        dbc_n = 0x7f06d80138f0
        oldopd = <optimized out>
        opd = 0x7f06d80008c0
        pgno = 15
        ret = 0
        t_ret = 0
        tmp_flags = <optimized out>
#10 0x00007f0722f4e6cd in __dbc_put (dbc=<optimized out>, key=key at entry=0x7f070051ba70, data=data at entry=0x7f070051b990, flags=<optimized out>, flags at entry=19) at ../../src/db/db_cam.c:2049
        dbp = <optimized out>
        ret = 0
#11 0x00007f0722f47a0e in __db_put (dbp=dbp at entry=0x7f072e2b8f50, ip=<optimized out>, txn=<optimized out>, key=key at entry=0x7f070051ba70, data=data at entry=0x7f070051b990, flags=flags at entry=19) at ../../src/db/db_am.c:583
        rid = {pgno = 2, indx = 32519}
        dbc = 0x7f06d80138f0
        tdata = {data = 0x7f0719c25168, size = 771451216, ulen = 32519, dlen = 5355676, doff = 32519, app_data = 0x2bb00000001, flags = 0}
        tkey = {data = 0x0, size = 585668749, ulen = 32519, dlen = 4294967295, doff = 0, app_data = 0x7f070051b9e0, flags = 432173491}
        env = 0x7f072e0efbf0
        bulk_kptr = <optimized out>
        bulk_ptr = <optimized out>
        recno = 32519
        cursor_flags = 40
        ret = 0
        t_ret = <optimized out>
#12 0x00007f0722f5cfa4 in __db_put_pp (dbp=0x7f072e2b8f50, txn=0x7f06b02372a0, key=0x7f070051ba70, data=0x7f070051b990, flags=<optimized out>) at ../../src/db/db_iface.c:1661
        ip = 0x0
        env = 0x7f072e0efbf0
        handle_check = <optimized out>
        ret = 0
        txn_local = 0
        t_ret = <optimized out>
#13 0x00007f071e21c9df in idl_new_insert_key (be=<optimized out>, db=<optimized out>, key=<optimized out>, id=38715, txn=<optimized out>, a=<optimized out>, disposition=0x0) at ldap/servers/slapd/back-ldbm/idl_new.c:864
        ret = 0
        data = {data = 0x7f070051b98c, size = 4, ulen = 4, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
#14 0x00007f071e21b575 in idl_insert_key (be=be at entry=0x7f072e0f5f20, db=db at entry=0x7f072e2b8f50, key=key at entry=0x7f070051ba70, id=id at entry=38715, txn=txn at entry=0x7f06b02372a0, a=a at entry=0x7f072e1be6c0, disposition=disposition at entry=0x0) at ldap/servers/slapd/back-ldbm/idl_shim.c:115
No locals.
#15 0x00007f071e22bc65 in addordel_values_sv (be=be at entry=0x7f072e0f5f20, db=0x7f072e2b8f50, indextype=<optimized out>, vals=<optimized out>, id=id at entry=38715, flags=flags at entry=1, txn=txn at entry=0x7f070051e190, a=0x7f072e1be6c0, idl_disposition=idl_disposition at entry=0x0, buffer_handle=buffer_handle at entry=0x0, type=<optimized out>) at ldap/servers/slapd/back-ldbm/index.c:1932
        rc = <optimized out>
        i = <optimized out>
        key = {data = 0x7f06b001d3b0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        db_txn = 0x7f06b02372a0
        plen = 1
        vlen = <optimized out>
        len = <optimized out>
        tmpbuf = 0x7f06b001d3b0 "=posixaccount"
        tmpbuflen = 14
        realbuf = <optimized out>
        prefix = 0x7f071e48df6c <prefix_EQUALITY> "="
        bvp = <optimized out>
        encrypted_bvp = 0x0
#16 0x00007f071e22c90a in index_addordel_values_ext_sv (be=be at entry=0x7f072e0f5f20, type=<optimized out>, vals=0x7f06b013f400, evals=evals at entry=0x0, id=38715, flags=flags at entry=1, txn=txn at entry=0x7f070051e190, idl_disposition=idl_disposition at entry=0x0, buffer_handle=buffer_handle at entry=0x0) at ldap/servers/slapd/back-ldbm/index.c:2069
        db = 0x7f072e2b8f50
        ai = 0x7f072e1be6c0
        err = 0
        ivals = 0x7f06b0107b10
        buf = "objectClass\000\006\177\000\000\060\343\021.\a\177\000\000\254= \036\a\177\000\000p\305\006\260\006\177\000\000\316? \036\a\177\000\000\200\342\372-\a\177\000\000/\225\350)\a\177\000\000\230 \373-\a\177\000\000p\305\006\260\006\177\000\000\030\337Q\000\a\177\000\000\240\332$\260\006\177\000\000\000\000\000\000\000\000\000\000\321U \036\a\177\000\000\320\374\"\260\006\177\000\000\320\374\"\260\006\177", '\000' <repeats 18 times>, "p\305\006\260\006\177\000\000\000^\261\363\257M\331e\320\374\"\260\006\177\000\000\000\000\000\000\000\000\000\000p\305\006\260\006\177\000\000\230 \373-\a\177\000\000\000\000\000\000\000\000\000\000"...
        basetmp = 0x0
        basetype = 0x7f070051de90 "objectClass"
#17 0x00007f071e22cd44 in index_addordel_values_sv (be=be at entry=0x7f072e0f5f20, type=<optimized out>, vals=<optimized out>, evals=evals at entry=0x0, id=<optimized out>, flags=flags at entry=1, txn=txn at entry=0x7f070051e190) at ldap/servers/slapd/back-ldbm/index.c:1991
No locals.
#18 0x00007f071e22ce0a in index_addordel_entry (be=0x7f072e0f5f20, e=0x7f06b006c570, flags=flags at entry=1, txn=0x7f070051e190) at ldap/servers/slapd/back-ldbm/index.c:445
        entryrdn_done = 0
        type = 0x7f06b0039970 "objectClass"
        svals = <optimized out>
        rc = 0
        result = 0
        attr = 0x7f06b0109810
#19 0x00007f071e22fcca in ldbm_back_add (pb=0x7f070051ea90) at ldap/servers/slapd/back-ldbm/ldbm_add.c:986
        be = 0x7f072e0f5f20
        li = 0x7f072df49930
        inst = 0x7f072dfb2010
        dn = 0x7f06b0113900 "uid=BP-281162,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        e = 0x7f06b022fcd0
        tombstoneentry = 0x0
        addingentry = 0x7f06b006c570
        parententry = 0x0
        originalentry = 0x7f06b0125bd0
        tmpentry = 0x0
        pid = <optimized out>
        isroot = 0
        errbuf = 0x0
        txn = {back_txn_txn = 0x7f06b02372a0}
        parent_txn = 0x0
        retval = 0
        msg = <optimized out>
        managedsait = 1
        ldap_result_code = 0
        ldap_result_message = 0x0
        ldap_result_matcheddn = 0x0
        retry_count = <optimized out>
        disk_full = 0
        parent_modify_c = {old_entry = 0x7f06e40c7e70, new_entry = 0x7f06b0143d50, smods = 0x7f06b0059120, attr_encrypt = 1}
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        parent_found = 1
        ruv_c_init = 0
        rc = 0
        addingentry_id_assigned = 1
        sdn = 0x7f06b00b7350
        parentsdn = {flag = 6 '\006', udn = 0x0, dn = 0x7f06b001be20 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", ndn = 0x7f06b00cfbf0 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", ndn_len = 57}
        operation = 0x7f072e48bb40
        is_replicated_operation = 0
        is_resurect_operation = 0
        is_tombstone_operation = 0
        is_fixup_operation = 0
        is_remove_from_cache = 0
        is_ruv = 0
        opcsn = <optimized out>
        addr = {udn = 0x0, uniqueid = 0x0, sdn = 0x7f070051e280}
        not_an_error = 0
        parent_switched = 0
        noabort = 0
        myrc = 0
        conn_id = 13378
        op_id = 1
        result_sent = 0
#20 0x00007f072bc57ee8 in op_shared_add (pb=pb at entry=0x7f070051ea90) at ldap/servers/slapd/add.c:699
        rc = 0
        ec = 0x7f06b024a6a0
        add_target_sdn = 0x7f06b00b7350
        save_e = 0x0
        operation = 0x7f072e48bb40
        e = 0x7f06b022fcd0
        pse = 0xf
        be = 0x7f072e0f5f20
        err = <optimized out>
        internal_op = 0
        repl_op = 0
        legacy_op = 0
        lastmod = 1
        pwdtype = 0x0
        attr = 0x0
        referral = 0x0
        errorbuf = "\000\236A.\a\177\000\000pX%\260\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000\340\236A.\a\177\000\000\000\345Q\000\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\345Q\000\a\177\000\000P\337\301*\a\177\000\000P\027%\260\006\177\000\000\340\236A.\a\177\000\000\037,\317+\a\177\000\000\220\345Q\000\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000\000\267\005\260\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\345Q\000\a\177\000\000`\345Q\000\a\177\000\000\r\000\000\000\000\000\000\000"...
        p = <optimized out>
        proxydn = 0x0
        proxystr = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
        sdn = 0x0
        pwpolicy = <optimized out>
#21 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f070051ea90) at ldap/servers/slapd/add.c:226
        operation = 0x7f072e48bb40
        ber = <optimized out>
        last = 0x7f06b025586a "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
        len = 18446744073709551615
        tag = 18446744073709551615
        e = 0x7f06b022fcd0
        err = 0
        rc = <optimized out>
        searchsubentry = <optimized out>
#22 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f070051ea90, op=0x7f072e48bb40, conn=0x7f0707536cb0) at ldap/servers/slapd/connection.c:612
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#23 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707536cb0, pb_op = 0x7f072e48bb40, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x7f06b00a0d00, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x7f06b02372a0, pb_txn_ruv_mods_fn = 0x7f071df89900 <replica_ruv_smods_for_op>, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply
_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombstone_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b02443a0, op_stack_elem = 0x7f072e0f2310, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f070051ea90
        conn = 0x7f0707536cb0
        op = 0x7f072e48bb40
        tag = 104
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#24 0x00007f0729e8e96b in _pt_root (arg=0x7f072e529240) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e529240
        detached = 1
        id = 139668046870272
        tid = 26157
#25 0x00007f072982edc5 in start_thread (arg=0x7f070051f700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f070051f700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668046870272, -8975886148032001126, 0, 139668046870976, 139668046870272, 1, 9034572391584631706, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#26 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 22 (Thread 0x7f06ffd1e700 (LWP 26158)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
        self = 139668038477568
#2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
        inst = <optimized out>
#3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f06ffd1ce30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
        li = 0x7f072df49930
        rc = 0
#4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
        cache_rc = 0
        new_mod_count = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x0
        ec = 0x0
        original_entry = 0x0
        tmpentry = 0x0
        postentry = 0x0
        mods = 0x7f06b41bdf40
        mods_original = 0x0
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        txn = {back_txn_txn = 0x0}
        parent_txn = 0x0
        ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
        ruv_c_init = 0
        retval = -1
        msg = <optimized out>
        errbuf = 0x0
        retry_count = 0
        disk_full = 0
        ldap_result_code = 0
        ldap_result_message = 0x0
        rc = 0
        operation = 0x7f06b4155630
        addr = 0x7f06b4155708
        is_fixup_operation = 0
        is_ruv = 0
        opcsn = <optimized out>
        repl_op = 0
        opreturn = 0
        mod_count = 0
        not_an_error = 0
        fixup_tombstone = 0
        ec_locked = 0
        result_sent = 0
#5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06b418ccb0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
        rc = 0
        be = 0x7f072e0f5f20
        pse = 0x7f06ffd1d060
        referral = 0x0
        e = 0x0
        dn = 0x7f06b40c31b0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normdn = <optimized out>
        sdn = 0x7f06b4054f90
        passin_sdn = 0
        mods = 0x7f06b41bdf40
        pw_mod = <optimized out>
        tmpmods = 0x7f06b41b9370
        smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
        repl_op = 0
        internal_op = 32
        lastmod = 1
        skip_modified_attrs = 0
        unhashed_pw_attr = 0x0
        operation = 0x7f06b4155630
        errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\270\004\026\264\006\177\000\000 \000\000\264\006\177\000\000[\000\000\000\000\000\000\000\060w\034\264\006\177\000\000\000\000\000\000\000\000\000\000 D\034\264\006\177\000\000\b\244\016\264\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\240 \031\264\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000x\223\033\264\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
        err = <optimized out>
        lc_mod = <optimized out>
        p = <optimized out>
        i = <optimized out>
        proxydn = 0x0
        proxy_err = <optimized out>
        errtext = 0x0
#6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06b418ccb0) at ldap/servers/slapd/modify.c:599
        controls = 0x0
        pwpolicy_ctrl = 0
        op = 0x7f06b4155630
        opresult = 0
        normalized_mods = 0x7f06b41b9370
        mods = 0x7f06b4133a90
        mod = 0x7f06b41b9378
        smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1273443152, free_mods = 32518}
        pw_change = <optimized out>
        old_pw = 0x0
#7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
No symbol table info available.
#8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f06ffd1da90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
        n = <optimized out>
        func = 0x7f0720112570 <ipalockout_postop>
        rc = <optimized out>
        return_value = 0
        count = 3
#9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f06ffd1da90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
No locals.
#10 plugin_call_plugins (pb=pb at entry=0x7f06ffd1da90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
        p = 0x7f072df4b040
        locked = <optimized out>
        plugin_list_number = 2
        rc = 0
        do_op = <optimized out>
#11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f06ffd1da90) at ldap/servers/slapd/bind.c:861
        sdn_updated = <optimized out>
        pb_sdn = 0x7f06b413f6a0
        ber = <optimized out>
        err = <optimized out>
        isroot = 0
        method = 128
        version = 2
        auth_response_requested = 0
        pw_response_requested = 0
        rawdn = 0x7f06b41f5bb0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        dn = <optimized out>
        saslmech = 0x0
        cred = {bv_len = 16, bv_val = 0x7f06b41af9e0 "mhHdYJhhjh67B58O"}
        be = 0x7f072e0f5f20
        ber_rc = <optimized out>
        rc = 0
        sdn = 0x7f06b413f6a0
        bind_sdn_in_pb = 1
        referral = 0x0
        errorbuf = '\000' <repeats 511 times>
        supported = <optimized out>
        pmech = <optimized out>
        authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\264\006\177\000\000\200\331\321\377\006\177\000\000\220\331\321\377\006\177\000\000\356\326\321\377\006\177\000\000\354\326\321\377\006\177\000\000\360\326\321\377\006\177\000\000\261(.\000\350\003\000\000\000\000\000\000\355\030\177\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000n\000\000\000\001\000\001\000\320\361\027\264\006\177\000\000(\000\000\000\000\000\000\000n", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\240\ny.\a\177\000\000\320\361\027\264\006\177\000\000y\000\000\000\000\000\000\000n\000\000\000\000\000\000\000\240\ny.\a\177\000\000y\000\000\000\000\000\000\000\240\ny.\a\177\000\000"...
        bind_target_entry = 0x7f06b42052a0
        auto_bind = <optimized out>
        minssf = <optimized out>
        minssf_exclude_rootdse = <optimized out>
        original_sdn = 0x7f06b41fd1e0
#12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f06ffd1da90, op=0x7f072e671840, conn=0x7f0707537ac0) at ldap/servers/slapd/connection.c:602
        minssf = 0
        minssf_exclude_rootdse = <optimized out>
        enable_nagle = 1
        pop_cork = 0
#13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
        is_timedout = 0
        curtime = <optimized out>
        local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537ac0, pb_op = 0x7f072e671840, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b41ee7f0, op_stack_elem = 0x7f072e6717c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
        pb = 0x7f06ffd1da90
        conn = 0x7f0707537ac0
        op = 0x7f072e671840
        tag = 96
        need_wakeup = 1
        thread_turbo_flag = <optimized out>
        ret = <optimized out>
        more_data = 0
        replication_connection = 0
        doshutdown = 0
        maxthreads = 5
        enable_nunc_stans = 0
        bypasspollcnt = <optimized out>
#14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e529690) at ../../../nspr/pr/src/pthreads/ptthread.c:212
        rv = <optimized out>
        thred = 0x7f072e529690
        detached = 1
        id = 139668038477568
        tid = 26158
#15 0x00007f072982edc5 in start_thread (arg=0x7f06ffd1e700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f06ffd1e700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668038477568, -8975886148032001126, 0, 139668038478272, 139668038477568, 1, 9034995705171938202, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.

Thread 21 (Thread 0x7f06ff51d700 (LWP 26159)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
No locals.
#1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=4294936308, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
        ret = <optimized out>
#2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4059, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
        ret = <optimized out>
        t_ret = 0
#3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
        mtxmgr = <optimized out>
        mtxregion = 0x7f0719f71138
        ip = 0x0
        timespec = {tv_sec = 806, tv_nsec = 139668030024472}
        ret = <optimized out>
        dbenv = 0x7f072e1d66a0
        mutexp = 0x7f071a007be0
        now = {tv_sec = 2048, tv_nsec = 139668814232560}
        nspins = 0
#4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4059, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
No locals.
#5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e8728, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f06ff50edc0) at ../../src/lock/lock.c:983
        newl = <optimized out>
        lp = <optimized out>
        env = <optimized out>
        sh_obj = 0x7f071a2db2b8
        region = <optimized out>
        ip = 0x0
        ndx = 806
        part_id = <optimized out>
        did_abort = -11473832
        ihold = 0
        grant_dirty = <optimized out>
        no_dd = 1
        ret = 0
        t_ret = <optimized out>
        holder = <optimized out>
        sh_off = <optimized out>
        action = <optimized out>
#6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e8728, flags=0, obj=obj at entry=0x7f06a8098670, lock_mode=<optimized out>, lock=lock at entry=0x7f06ff50edc0) at ../../src/lock/lock.c:463
        lt = 0x7f072dfafc70
        ret = <optimized out>
#7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06a8098580, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f06ff50edc0) at ../../src/db/db_meta.c:1255
        dbp = 0x7f072e2b8f50
        couple = {{op = 4283493464, mode = 32518, timeout = 4283493460, obj = 0x7f06a8098580, lock = {off = 139668628338413, ndx = 0, gen = 3070296068, mode = DB_LOCK_NG}}, {op = 4283493472, mode = 32518, timeout = 774648544, obj = 0x7f06ff50ed94, lock = {off = 139666565918560, ndx = 1409, gen = 0, mode = 774606672}}, {op = 4283493452, mode = 32518, timeout = 1, obj = 0x100000000, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
        reqp = 0x0
        txn = 0x0
        env = 0x7f072e0efbf0
        has_timeout = <optimized out>
        i = 0
        ret = <optimized out>
#8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06a8098580, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f06ff50f0a0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f06ff50eee4) at ../../src/btree/bt_search.c:723
        t = 0x7f072e2cb6d0
        cp = 0x7f06a80c6f60
        dbp = 0x7f072e2b8f50
        lock = {off = 0, ndx = 806, gen = 25955, mode = 1677787140}
        saved_lock = {off = 0, ndx = 806, gen = 0, mode = 620822532}
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        h = 0x0
        parent_h = 0x0
        base = <optimized out>
        i = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        lock_mode = DB_LOCK_READ
        pg = 13
        saved_pg = 0
        start_pgno = 0
        recno = 0
        adjust = <optimized out>
        cmp = 3
        deloffset = <optimized out>
        ret = <optimized out>
        set_stack = 1
        stack = 0
        t_ret = <optimized out>
        getlock = 0
        was_next = 0
        get_mode = 0
        wait = 4
        level = 2 '\002'
        saved_level = 255 '\377'
#9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06a8098580, root_pgno=root_pgno at entry=0, key=0x7f06ff50f0a0, flags=<optimized out>, exactp=0x7f06ff50eee4) at ../../src/btree/bt_cursor.c:2804
        t = <optimized out>
        cp = <optimized out>
        dbp = <optimized out>
        h = <optimized out>
        base = <optimized out>
        indx = <optimized out>
        inp = <optimized out>
        lim = <optimized out>
        bt_lpgno = 1935765609
        recno = 1935765609
        sflags = <optimized out>
        bulk = <optimized out>
        cmp = 0
        ret = 0
        t_ret = <optimized out>
#10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06a8098580, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f06ff50ef84) at ../../src/btree/bt_cursor.c:1099
        cp = 0x7f06a80c6f60
        dbp = 0x7f072e2b8f50
        mpf = <optimized out>
        orig_pgno = 0
        orig_indx = 0
        exact = 32519
        newopd = <optimized out>
        ret = <optimized out>
#11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06a82081e0, key=0x7f06ff50f0a0, data=0x7f06ff50f0d0, flags=26) at ../../src/db/db_cam.c:952
        dbp = 0x7f072e2b8f50
        ddbc = <optimized out>
        dbc_n = 0x7f06a8098580
        opd = 0x0
        cp = <optimized out>
        cp_n = <optimized out>
        mpf = 0x7f072e2c32e0
        env = 0x7f072e0efbf0
        pgno = 0
        indx_off = <optimized out>
        multi = 2048
        orig_ulen = 0
        tmp_flags = <optimized out>
        tmp_read_locking = 0
        tmp_rmw = 0
        type = <optimized out>
        key_small = 0
        ret = <optimized out>
        t_ret = <optimized out>
#12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06a82081e0, key=key at entry=0x7f06ff50f0a0, data=data at entry=0x7f06ff50f0d0, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
No locals.
#13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06a82081e0, key=0x7f06ff50f0a0, data=0x7f06ff50f0d0, flags=2074) at ../../src/db/db_iface.c:2359
        dbp = <optimized out>
        ip = 0x0
        env = 0x7f072e0efbf0
        ret = <optimized out>
#14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f06ff511220, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f06ff517c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
        ret = 0
        idl_rc = 0
        cursor = 0x7f06a82081e0
        idl = 0x0
        key = {data = 0x7f06ff511380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
        data = {data = 0x7f06ff50f130, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        id = 0
        count = 0
        buffer = "\004\000\001\071\227\000\000o\004\000\001\067\227\000\000a\004\000\001\065\227\000\000u\004\000\001\063\227\000\000w\004\000\001\061\227\000\000\061\004\000\001/\227\000\000H\004\000\001-\227\000\000m\004\000\001+\227\000\000z\004\000\001)\227\000\000F\004\000\001'\227\000\000F\004\000\001%\227\000\000U\004\000\001#\227\000\000F\004\000\001!\227\000\000=\004\000\001\037\227\000\000r\004\000\001\035\227\000\000u\004\000\001\033\227\000\000s\004\000\001\031\227\000\000u\004\000\001\027\227\000\000=\004\000\001\025\227\000\000s\004\000\001\023\227\000\000i\004\000\001\021\227\000\000i\004\000\001\017\227\000\000v\004\000\001\r\227\000\000\n\004\000\001\v\227\000\000\n\004\000\001\t\227\000\000r"...
        ptr = <optimized out>
        dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
        s_txn = {back_txn_txn = 0x0}
        li = <optimized out>
#15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f06ff511220, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
No locals.
#16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06a8203bf0 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f06ff5154f0, err=err at entry=0x7f06ff517c8c, unindexed=unindexed at entry=0x7f06ff5154e4, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
        interval = <optimized out>
        db = 0x7f072e2b8f50
        db_txn = 0x0
        key = {data = 0x7f06ff511380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
        idl = 0x0
        prefix = <optimized out>
        tmpbuf = 0x0
        buf = "=referral", '\000' <repeats 2672 times>...
        typebuf = "objectclass", '\000' <repeats 244 times>
        ai = 0x7f072e1be6c0
        basetmp = 0x0
        basetype = <optimized out>
        retry_count = 0
        encrypted_val = 0x0
        is_and = 0
        ai_flags = 0
#17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, type=0x7f06a8203bf0 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f06ff517c8c, unindexed=unindexed at entry=0x7f06ff5154e4, txn=txn at entry=0x7f06ff5154f0, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
        idl2 = 0x74656e2e616a2e76
        i = 0
#18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06a82a77f0, ftype=<optimized out>, err=0x7f06ff517c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
        tmp = {bv = {bv_len = 8, bv_val = 0x7f06a8207730 "referral"}, v_csnset = 0x0, v_flags = 0}
        ptr = {0x7f06ff515540, 0x0}
        fake = {bv = {bv_len = 8, bv_val = 0x7f06ff5155e0 "referral"}, v_csnset = 0x7f06a81d4d00, v_flags = 1536}
        buf = "referral\000\000Q\377\006\177\000\000\t", '\000' <repeats 39 times>, "\360\322 \250\006\177\000\000@\037\023\250\006\177\000\000\243\000\000\000\000\000\000\000\020ZQ\377\006\177\000\000\000\000\000\000\000\000\000\000\064\340\363+\a\177\000\000\063\201\351%\a\177\000\000\000\000\000\000\000\000\000\000\350YQ\377\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331eP\337\037\250\006\177\000\000\260VQ\377\006\177\000\000\243\000\000\000\000\000\000\000?\313+\a\177\000\000\350YQ\377\006\177\000\000\300\200\351%\a\177", '\000' <repeats 42 times>...
        type = 0x7f06a8203bf0 "objectclass"
        indextype = 0x7f071e271c87 "eq"
        sv = {bv = {bv_len = 8, bv_val = 0x7f06ff5155e0 "referral"}, v_csnset = 0x7f06a81d4d00, v_flags = 1536}
        bval = 0x7f06a82a7818
        ivals = 0x7f06ff515510
        idl = 0x0
        unindexed = 0
        sattr = {a_type = 0x7f06a820ed90 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
        txn = {back_txn_txn = 0x0}
        pr_idx = -1
#19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06a82a77f0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06a801fe40, ftype=<optimized out>, err=0x7f06ff517c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
        idl = 0x7f06a81a4d90
        tmp = 0x7f06a81a4d90
        tmp2 = 0x0
        f = 0x7f06a82a77f0
        nextf = 0x0
        isnot = 0
        f_count = <optimized out>
        le_count = <optimized out>
        ge_count = <optimized out>
        is_bounded_range = <optimized out>
        low_val = 0x0
        high_val = 0x0
        t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
        fpairs = {0x0, 0x0}
        tpairs = {0x0, 0x0}
        vpairs = {0x0, 0x0}
        is_and = 0
#21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06a801fe40, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
        li = <optimized out>
        result = 0x0
        ftype = <optimized out>
#22 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06ff51ca90, be=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06a8211550, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f06ff517c7c, err=err at entry=0x7f06ff517c8c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
        focref = 0x7f06a82a77f0
        forr = 0x7f06a801fe40
        ftop = <optimized out>
        candidates = <optimized out>
        has_tombstone_filter = <optimized out>
        isroot = 0
        allidslimit = 100000
        op = 0x0
        is_bulk_import = 0
#23 0x00007f071e252b9f in build_candidate_list (candidates=0x7f06ff517cb8, lookup_returned_allidsp=0x7f06ff517c7c, scope=<optimized out>, base=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06ff51ca90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
        filter = 0x7f06a8211550
        err = 0
        li = 0x7f072df49930
        managedsait = 0
        r = 0
#24 ldbm_back_search (pb=0x7f06ff51ca90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
        rc = <optimized out>
        time_up = 0
        vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
        vlv_rc = 32518
        lookthrough_limit = 0
        abandoned = 0
        be = 0x7f072e0f5f20
        inst = 0x7f072dfb2010
        li = 0x7f072df49930
        e = 0x7f06a051d150
        candidates = 0x0
        base = 0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        basesdn = 0x7f06a8208490
        scope = 2
        controls = 0x0
        operation = 0x7f072e615b00
        addr = 0x7f072e615bd8
        estimate = 0
        sort = 0
        vlv = <optimized out>
        sort_spec = 0x0
        is_sorting_critical = <optimized out>
        is_sorting_critical_orig = 0
        sort_control = 0x0
        virtual_list_view = 0
        vlv_spec = 0x0
        is_vlv_critical = 0
        vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
        sr = <optimized out>
        tmp_err = -1
        tmp_desc = 0x0
        lookup_returned_allids = 0
        backend_count = 0
        print_once = 1
        txn = {back_txn_txn = 0x0}
        rc = <optimized out>
#25 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06ff51ca90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
        be_suffix = 0x7f072de73fa0
        err = 0
        next_be = 0x0
        base = 0x7f06a8225d60 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
        normbase = <optimized out>
        fstr = 0x7f06a8226950 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
        scope = 2
        be = 0x7f072e0f5f20
        be_single = 0x0
        be_list = {0x7f072e0f5f20, 0x0, 0x7f06ff518008, 0x7f06ff517fcc, 0x7f06ff518010, 0xa8201d90, 0x100000000, 0xffffffffffffffff, 0x1, 0xffffffff00000000, 0x0, 0x7f072e0f5f20, 0x7f072df49930, 0x7f06a4074d80, 0x7f06a82a77f0, 0x0, 0x1, 0x5873c1c7, 0x0, 0x7f06a8070440, 0x0, 0x0, 0x7f06a8201d90, 0x65d94daff3b15e00, 0x7f06ff518254, 0x7f06a81647e0, 0x0, 0x7f072bcb114c <plugin_matches_operation+204>, 0x7f06ff518254, 0x65d94daff3b15e00, 0x0, 0x0, 0x7f06a81647e0, 0x0, 0x0, 0x65d94daff3b15e00, 0x0, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x0, 0x7f072dfb0a60, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x1a8201d90, 0x10f00010002, 0xffffffcd00000031, 0x7f06a8201d90, 0x0, 0x7f06a812d3c0, 0x1, 0x0, 0x7f06ff5182e8, 0x7f06ff518298, 0x0, 0x7f06ff518298, 0x7f06ff5182a0, 0x0, 0x7f06ff5182e8, 0x65d94daff3b15e00, 0x7f06a81647e0, 0x7f06ff5182a0, 0x7f06a81647e0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f06ff51c390, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f06ff5182b0, 0x1, 0x7f06ff5182a0, 0x100000001, 0x7f0600000000, 0x7f06ff5182e0, 0x0, 0x0, 0x7f06ff5182e0, 0x7f06ff5182d8, 0x7f06ff518254, 0x0, 0x0, 0x7f06ff51825c, 0x7f06ff51835c, 0x7f0700000001, 0xff518650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06a804a050, 0x7f072bd09f50, 0x7f06a8231af0, 0x0, 0x0, 0x7f06a8201d90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f06ff518380, 0x7f06ff518370, 0x7f06ff518368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06a81780f0, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472>, 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f06ff518570, 0x7f072e0efbf0, 0x7f06ff518650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f06ff518438, 0x7f06ff518440, 0xffff86eeff518578, 0x7f0722fb4424 <__os_id+36>, 0x
0, 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f06ff5186c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06a81780f0, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f06ff518650, 0x7f072e0efbf0, 0x7f06ff518650, 0x7f06ff518570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06a81780f0, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f06ff518650, 0x7f072e1b8d80, 0x1, 0x7f06a8104438, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f06ff51856c, 0x100000001, 0x7f06ff51856c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
        referral_list = {0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f06a820a8a0, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f06ff51a068, 0x0, 0x7f072bc5d851 <slapi_attr_type2plugin+113>, 0x7f072dfb6f10, 0x0, 0x75676e6974736964, 0x6d614e6465687369, 0x7f072e1d0065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f06ff51a0c8, 0x7f071a1b9328, 0x11eabc, 0x7f06ff51a150, 0x7f0722f9a289 <__log_putr+809>, 0x313533353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06a821ede5, 0x7f06a821ede2, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06a821ede6, 0x65d94daff3b15e00, 0x7f06a821ede5, 0x7f06ff519ff0, 0x7f06ff51a080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06a8202402, 0x65d94daff3b15e00, 0x0, 0xffffffff, 0x7f06ff51a078, 0x7f072bcbb6f7 <slapi_entry_syntax_check+615>, 0x7f06a820d380, 0x7f06a821f1a0, 0xa820d3c6, 0x7f06ff51a070, 0x7f06ff51ca90, 0x7f06ff51ca90, 0x7f06ff51a080, 0x7f06ff51a06c, 0xff51a080, 0x100000000, 0x0, 0x0, 0x7f06a813b810, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x0, 0x0, 0x0, 0x0, 0x4172a1de00000000, 0x21a407bd7524998f, 0x3645c82849fde36a, 0x1915757f5009fe9b, 0x10e7015d36895918, 0x65d94daff3b15e00, 0x6d305733e44872b, 0x84c5806, 0x95331d3, 0x7f071b13664a <felem_mul+1098>, 0x75a8c72, 0xa80cf37, 0x15019e6e, 0x18343943, 0xeb518e4, 0x84c5806, 0x1098b00c, 0x29949d46, 0x95331d3, 0x7f06ff51a430, 0x28cade975e3ae09, 0x2910a07c1523f21, 0x5c7e5f59d07be14, 0x585f10ef8b5a560, 0xb5e830978fe5484, 0x874b52541b17aef, 0x0, 0x0, 0x0, 0x0, 0x3213b28500000000, 0x40a3ea9068c400b4, 0x2b1c1bd832cc1691, 0x261eb0de5e58ee01, 0x0, 0x0, 0x0, 0x0, 0x387eb4dd00000000, 0x271a53e38cfca2ae, 0x3771e41d66064fa4, 0x204162ce72e5a60f, 0x25451f8e574a21ab, 0x65d94daff3b15e00, 0x54a50280a2e9b52, 0x208cd256370bda0, 0x28d140029972610, 0x7f071b1361c9 <felem_square+601>, 0xc447e3b, 0x2ec41814, 0x0, 0xadc15b7bef4c14, 0xf02e0c40044ab2, 0x96d5cb2b1153c4, 0x2b02e91bd44260b, 0x2f35c5b280935fe, 0x38712f30eabe338, 0x2f90e7f0ca15abe, 0x7d0fa473a15cb31, 0x558092c6e67dfbe, 0x54a50280a2e9b52, 0x
47deeb80793c67e, 0x8dd094192eb937b, 0x3beddd2bf6971aa, 0x3c7740126f6b086, 0x28d140029972610, 0x35bc733134bcff1, 0x65d94daff3b15e00, 0x7f06101437a9, 0x7f06ff51a400, 0x7f06ff51a430, 0x7f06ff51a3d0, 0x7f06ff51b080, 0x7f06ff51a400, 0x7f06ff51a430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x2e8b02a800000000, 0x4a31b3d86f9fa7c5, 0x24b2582d66927aa9, 0x27b0640c594bc4be, 0x113e066831ad84b7, 0x65d94daff3b15e00, 0x200b1bc7ff0b8e7, 0xf80cabc, 0x5377d9a, 0x7f071b13664a <felem_mul+1098>, 0x1a018ad, 0x1b94be1, 0x37297c2, 0xd45b196, 0x340315a, 0xf80cabc, 0x1f019578, 0x9d57023, 0x5377d9a, 0x7f06ff51a920, 0x1b533c4a4a4a328, 0x97536827a57936, 0x1c261f24ff79f50, 0xfaf12be99989b4, 0x21e00453ba0a64f, 0x2ab575e30562748, 0x57d34dd646c6325, 0x2dc97b84a68d2f0, 0x64c599d92e7fa54, 0x2f41e46d413d79f, 0x478e28091c8976c, 0x36be9bc38a854ee, 0x57eaae295520fb5, 0x3022a28e943a35b, 0x3ae2066a5226c65, 0x12cd1c29578d0fc, 0x11f411f7be8eb2e, 0x65d94daff3b15e00, 0x7f06a812b2c0, 0x7f06ff51a5c0, 0x7f06ff51a590, 0x7f06ff51b0e0, 0x7f06ff51b0b0, 0x7f06ff51a5c0, Quit

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  



From rharwood at redhat.com  Mon Jan  9 19:18:58 2017
From: rharwood at redhat.com (Robbie Harwood)
Date: Mon, 09 Jan 2017 14:18:58 -0500
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
Message-ID: <jlg7f64kpnh.fsf@thriss.redhat.com>

Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:

> There were about 1500 hosts that were alerting for "clock skew" and the
> issue went away only after I did a resync using ntpdate on all those hosts

Great, glad it's fixed!  Are these VMs?  If not, you may wish to
(re?)configure automatic syncing.

> Is it possible that so many higher number of minor offsets adds up and
> causes it. Coz from the individual offset it looks much below the 5min limit

Not as such, if I understand you correctly?  This should only be a
problem between any two machines that need to communicate (including the
freeipa KDC).

> Or, is there a way to tell whats the offset limit its actually looking for.

5 minutes almost certainly.  The parameter to configure it is
"clockskew" in the config files, but I don't think IPA touches that.

Hope that helps,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/50109bf7/attachment.sig>

From tgeier at accertify.com  Mon Jan  9 21:31:53 2017
From: tgeier at accertify.com (Timothy Geier)
Date: Mon, 9 Jan 2017 21:31:53 +0000
Subject: [Freeipa-users] IPA to IPA migration
In-Reply-To: <cf73089f-262a-d1c6-df41-5642df940ee9@brownpapertickets.com>
References: <7DFD9430-D86B-4445-8EA2-1BE4AC8FCE7E@accertify.com>
	<586E637A.5060107@redhat.com>
	<cf73089f-262a-d1c6-df41-5642df940ee9@brownpapertickets.com>
Message-ID: <1483997575.26979.2.camel@accertify.com>

On Fri, 2017-01-06 at 07:42 -0800, Ian Harding wrote:
> 
> On 01/05/2017 07:17 AM, Rob Crittenden wrote:
> > Timothy Geier wrote:
> >> This is something I?ve looked at lately and a manual proof of concept I
> >> just did (using ideas from
> >> https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA)
> >> makes it seem theoretically possible (though it looks like, barring the
> >> migration of the kerberos master key, all enrolled hosts would need to
> >> use ipa-getkeytab to get a replacement keytab from the new server and
> >> copy it to /etc/krb5.keytab so that sssd will work properly..the
> >> alternative is re-enrollment.  All other keytabs in use by other
> >> applications would have to be similarly replaced).  
> > 
> > Why migrate at all?
> 
> It is possible to get a FreeIPA installation so boogered up that it's
> just not salvageable.  I'm pretty close to that right now.  The
> replication model is really great but it replicates all my mistakes.
> 
> Maybe I'm just not smart enough, but I suspect others have wished they
> could just throw in the towel and start over.  I would if it were
> relatively easy, that is, if I could export and reimport users (ideally
> with passwords), hosts, groups, hbac rules, etc.  I woudln't even mind
> having to re-enroll them.
> 

My situation isn't quite there yet, but this is very close to my main
reason for wanting to do this type of migration..all of the big things
work and work well but there's too many little things that're not
fatally wrong right now but seem likely to turn into bigger issues down
the road and getting downtime to try to fix them just isn't going to
happen.

The method outlined by Mateusz Ma?ek looks very interesting and worth
looking into..yes, definitely not trivial but doable. 

> 
> 
> -- 
> Ian Harding
> IT Director
> Brown Paper Tickets
> 1-800-838-3006 ext 7186
> http://www.brownpapertickets.com
> 





From lkrispen at redhat.com  Tue Jan 10 09:22:08 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Tue, 10 Jan 2017 10:22:08 +0100
Subject: [Freeipa-users] DirSrv hanging
In-Reply-To: <67F33439-B7BC-490B-9C09-4D1AC00FF89B@jisc.ac.uk>
References: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>
	<67F33439-B7BC-490B-9C09-4D1AC00FF89B@jisc.ac.uk>
Message-ID: <5874A7C0.7080708@redhat.com>

Hi,

it looks like you are running into: 
https://bugzilla.redhat.com/show_bug.cgi?id=1349779

this is a hang inside BerkeleyDB and we have so far not been able to 
resolve it, also with Oracle support. The weird thing is that from the 
code in BDB this should not be possible, but it is happening. Ther is a 
suspicion that it could be an effect of VMs, where the wrong page is 
accessed, but no further evidence on this.

You can try to change the timing pattern of checkpointing, eg by 
changing the checkpoint interval or the dbcache size, but there is no 
guarantee it will help.

Regards,
Ludwig

On 01/09/2017 07:06 PM, Adam Bishop wrote:
> On 7 Jan 2017, at 05:19, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
>> I have a standalone FreeIPA instance that is becoming unresponsive every few hours. While in this state it will accept connections, but will not do anything with them (i.e. if you connect an ldaps client to 636, you see SYN->SYNACK->ACK->ClientHello, but a ServerHello is not returned). This system is running FreeIPA 4.4.0 currently, but this also occurred on 4.2.x. Time is synchronised correctly and this is a fairly new installation so all the PKI expiry dates are well into the future.
> Better stacktrace follows - looks like the database is deadlocked?
>
> 0x00007f0729552dfd in poll () at ../sysdeps/unix/syscall-template.S:81
> 81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
>
> Thread 47 (Thread 0x7f0719382700 (LWP 26132)):
> #0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
> No locals.
> #1  0x00007f072bcea149 in DS_Sleep (ticks=ticks at entry=100) at ldap/servers/slapd/util.c:1072
>          mSecs = <optimized out>
>          tm = {tv_sec = 0, tv_usec = 74630}
> #2  0x00007f071e20c7e7 in deadlock_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4296
>          rval = <optimized out>
>          priv = 0x7f072df4a660
>          li = <optimized out>
>          interval = <optimized out>
> #3  0x00007f0729e8e96b in _pt_root (arg=0x7f072dfae960) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072dfae960
>          detached = 1
>          id = 139668464609024
>          tid = 26132
> #4  0x00007f072982edc5 in start_thread (arg=0x7f0719382700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0719382700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668464609024, -8975886148032001126, 0, 139668464609728, 139668464609024, 1, 9034517080458922906, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #5  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 46 (Thread 0x7f0718b81700 (LWP 26133)):
> #0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
> No locals.
> #1  0x00007f0722fb5bad in __os_sleep (usecs=<optimized out>, secs=<optimized out>, env=0x7f072e0efbf0) at ../../src/os/os_yield.c:90
>          t = {tv_sec = 0, tv_usec = 218571}
>          ret = <optimized out>
> #2  __os_yield (env=env at entry=0x7f072e0efbf0, secs=<optimized out>, secs at entry=1, usecs=<optimized out>, usecs at entry=0) at ../../src/os/os_yield.c:48
> No locals.
> #3  0x00007f0722fb12b3 in __memp_sync_int (env=env at entry=0x7f072e0efbf0, dbmfp=dbmfp at entry=0x0, trickle_max=trickle_max at entry=0, flags=flags at entry=4, wrote_totalp=wrote_totalp at entry=0x0, interruptedp=interruptedp at entry=0x0) at ../../src/mp/mp_sync.c:483
>          bhp = <optimized out>
>          bharray = 0x7f07100008c0
>          dbmp = 0x7f072e1a55e0
>          hp = <optimized out>
>          c_mp = <optimized out>
>          mp = 0x7f0719383138
>          mfp = <optimized out>
>          mutex = <optimized out>
>          last_mf_offset = 0
>          ar_cnt = 1110
>          ar_max = <optimized out>
>          i = 0
>          n_cache = <optimized out>
>          remaining = 2
>          wrote_total = 1108
>          wrote_cnt = 1108
>          dirty = <optimized out>
>          filecnt = 0
>          maxopenfd = 0
>          required_write = <optimized out>
>          ret = 0
>          t_ret = <optimized out>
> #4  0x00007f0722fc1752 in __txn_checkpoint (env=env at entry=0x7f072e0efbf0, kbytes=kbytes at entry=0, minutes=minutes at entry=0, flags=flags at entry=0) at ../../src/txn/txn_chkpt.c:242
>          dblp = <optimized out>
>          ckp_lsn = {file = 226, offset = 156394}
>          last_ckp = {file = 0, offset = 0}
>          msg_lsn = {file = 226, offset = 158769}
>          mgr = <optimized out>
>          region = 0x7f071a2dcea8
>          lp = 0x7f071a1b9328
>          renv = <optimized out>
>          infop = <optimized out>
>          last_ckp_time = <optimized out>
>          now = 0
>          bytes = 374817
>          id = 1450728411
>          logflags = <optimized out>
>          mbytes = 12
>          op = <optimized out>
>          ret = 0
> #5  0x00007f0722fc1b74 in __txn_checkpoint_pp (dbenv=<optimized out>, kbytes=0, minutes=0, flags=0) at ../../src/txn/txn_chkpt.c:81
>          __rep_check = 0
>          __t_ret = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #6  0x00007f071e2109c7 in checkpoint_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4525
>          time_of_last_checkpoint_completion = 1483980976
>          interval = <optimized out>
>          rval = <optimized out>
>          priv = <optimized out>
>          li = <optimized out>
>          debug_checkpointing = 0
>          checkpoint_interval = 60
>          home_dir = <optimized out>
>          list = 0x0
>          listp = <optimized out>
>          penv = 0x7f072e0f5a40
>          time_of_last_comapctdb_completion = 1483980010
>          compactdb_interval = 2592000
>          txn = {back_txn_txn = 0x0}
> #7  0x00007f0729e8e96b in _pt_root (arg=0x7f072dfb55b0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072dfb55b0
>          detached = 1
>          id = 139668456216320
>          tid = 26133
> #8  0x00007f072982edc5 in start_thread (arg=0x7f0718b81700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0718b81700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668456216320, -8975886148032001126, 0, 139668456217024, 139668456216320, 1, 9034518179433679770, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #9  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 45 (Thread 0x7f0718380700 (LWP 26134)):
> #0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
> No locals.
> #1  0x00007f072bcea149 in DS_Sleep (ticks=ticks at entry=250) at ldap/servers/slapd/util.c:1072
>          mSecs = <optimized out>
>          tm = {tv_sec = 0, tv_usec = 133889}
> #2  0x00007f071e20ca5f in trickle_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:4722
>          interval = 250
>          rval = <optimized out>
>          priv = 0x7f072df4a660
>          li = <optimized out>
>          debug_checkpointing = 0
> #3  0x00007f0729e8e96b in _pt_root (arg=0x7f072e1b8540) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e1b8540
>          detached = 1
>          id = 139668447823616
>          tid = 26134
> #4  0x00007f072982edc5 in start_thread (arg=0x7f0718380700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0718380700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668447823616, -8975886148032001126, 0, 139668447824320, 139668447823616, 1, 9034519323505593242, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #5  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 44 (Thread 0x7f0717b7f700 (LWP 26135)):
> #0  0x00007f0729554ba3 in select () at ../sysdeps/unix/syscall-template.S:81
> No locals.
> #1  0x00007f072bcea149 in DS_Sleep (ticks=<optimized out>) at ldap/servers/slapd/util.c:1072
>          mSecs = <optimized out>
>          tm = {tv_sec = 0, tv_usec = 866632}
> #2  0x00007f071e260684 in perfctrs_wait (milliseconds=milliseconds at entry=1000, priv=<optimized out>, db_env=<optimized out>) at ldap/servers/slapd/back-ldbm/perfctrs.c:100
>          interval = <optimized out>
> #3  0x00007f071e2076d7 in perf_threadmain (param=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3796
>          priv = 0x7f072df4a660
>          li = <optimized out>
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e0f60c0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e0f60c0
>          detached = 1
>          id = 139668439430912
>          tid = 26135
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0717b7f700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0717b7f700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668439430912, -8975886148032001126, 0, 139668439431616, 139668439430912, 1, 9034520422480350106, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 43 (Thread 0x7f0717175700 (LWP 26136)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e584bd0, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
>          rv = <optimized out>
>          thred = 0x7f072e5701e0
> #2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e584bd0, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
>          prit = <optimized out>
> #3  0x00007f07211556fe in cos_cache_wait_on_change (arg=<optimized out>) at ldap/servers/plugins/cos/cos_cache.c:407
> No locals.
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e5701e0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e5701e0
>          detached = 1
>          id = 139668428904192
>          tid = 26136
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0717175700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0717175700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668428904192, -8975886148032001126, 0, 139668428904896, 139668428904192, 1, 9034521243892845466, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 42 (Thread 0x7f0716974700 (LWP 26137)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e4fba70, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
>          rv = <optimized out>
>          thred = 0x7f072e576670
> #2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e4fba70, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
>          prit = <optimized out>
> #3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e5813a0) at ldap/servers/plugins/roles/roles_cache.c:404
>          roles_def = 0x7f072e5813a0
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e576670) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e576670
>          detached = 1
>          id = 139668420511488
>          tid = 26137
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0716974700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0716974700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668420511488, -8975886148032001126, 0, 139668420512192, 139668420511488, 1, 9034522345015085978, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 41 (Thread 0x7f0716173700 (LWP 26138)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e520c30, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
>          rv = <optimized out>
>          thred = 0x7f072e4f7540
> #2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e520c30, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
>          prit = <optimized out>
> #3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e0f0540) at ldap/servers/plugins/roles/roles_cache.c:404
>          roles_def = 0x7f072e0f0540
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e4f7540) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e4f7540
>          detached = 1
>          id = 139668412118784
>          tid = 26138
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0716173700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0716173700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668412118784, -8975886148032001126, 0, 139668412119488, 139668412118784, 1, 9034523443989842842, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 40 (Thread 0x7f0715972700 (LWP 26139)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e891f0 in PR_WaitCondVar (cvar=cvar at entry=0x7f072e5739f0, timeout=4294967295) at ../../../nspr/pr/src/pthreads/ptsynch.c:396
>          rv = <optimized out>
>          thred = 0x7f072e0e9ba0
> #2  0x00007f072bcd7028 in slapi_wait_condvar (cvar=0x7f072e5739f0, timeout=timeout at entry=0x0) at ldap/servers/slapd/slapi2nspr.c:150
>          prit = <optimized out>
> #3  0x00007f071c6a1efd in roles_cache_wait_on_change (arg=0x7f072e4fb050) at ldap/servers/plugins/roles/roles_cache.c:404
>          roles_def = 0x7f072e4fb050
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e0e9ba0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e0e9ba0
>          detached = 1
>          id = 139668403726080
>          tid = 26139
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0715972700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0715972700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668403726080, -8975886148032001126, 0, 139668403726784, 139668403726080, 1, 9034524545112083354, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 39 (Thread 0x7f0715171700 (LWP 26140)):
> #0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
> No locals.
> #1  0x00007f0729e88c87 in pt_TimedWait (cv=cv at entry=0x7f072e0f0798, ml=0x7f072e558850, timeout=timeout at entry=30000) at ../../../nspr/pr/src/pthreads/ptsynch.c:264
>          rv = <optimized out>
>          now = {tv_sec = 1483983280, tv_usec = 674497}
>          tmo = {tv_sec = 1483983310, tv_nsec = 674497000}
>          ticks = <optimized out>
> #2  0x00007f0729e8916e in PR_WaitCondVar (cvar=0x7f072e0f0790, timeout=timeout at entry=30000) at ../../../nspr/pr/src/pthreads/ptsynch.c:398
>          rv = <optimized out>
>          thred = 0x7f072e56bed0
> #3  0x00007f072c194a13 in housecleaning (cur_time=<optimized out>) at ldap/servers/slapd/house.c:48
>          interval = 30000
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e56bed0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e56bed0
>          detached = 0
>          id = 139668395333376
>          tid = 26140
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0715171700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0715171700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668395333376, -8975886148032001126, 0, 139668395334080, 139668395333376, 1, 9034525644086840218, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 38 (Thread 0x7f0714970700 (LWP 26141)):
> #0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
> No locals.
> #1  0x00007f0729e88c87 in pt_TimedWait (cv=cv at entry=0x7f072e0bfbd8, ml=0x7f072e0d84f0, timeout=timeout at entry=10000) at ../../../nspr/pr/src/pthreads/ptsynch.c:264
>          rv = <optimized out>
>          now = {tv_sec = 1483983281, tv_usec = 273257}
>          tmo = {tv_sec = 1483983291, tv_nsec = 273257000}
>          ticks = <optimized out>
> #2  0x00007f0729e8916e in PR_WaitCondVar (cvar=0x7f072e0bfbd0, timeout=10000) at ../../../nspr/pr/src/pthreads/ptsynch.c:398
>          rv = <optimized out>
>          thred = 0x7f072e578fb0
> #3  0x00007f072bc79d38 in eq_loop (arg=<optimized out>) at ldap/servers/slapd/eventq.c:326
>          timeout = <optimized out>
>          until = <optimized out>
> #4  0x00007f0729e8e96b in _pt_root (arg=0x7f072e578fb0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e578fb0
>          detached = 0
>          id = 139668386940672
>          tid = 26141
> #5  0x00007f072982edc5 in start_thread (arg=0x7f0714970700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0714970700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668386940672, -8975886148032001126, 0, 139668386941376, 139668386940672, 1, 9034526753799015322, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #6  0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 37 (Thread 0x7f070752d700 (LWP 26143)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668164368128
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f070752be30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06f0205d40
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06f01a8640
>          addr = 0x7f06f01a8718
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06f0214f80, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f070752c060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06f02023f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06f0130f40
>          passin_sdn = 0
>          mods = 0x7f06f0205d40
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06f012bbc0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06f01a8640
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000m\036\203)\a\177\000\000 \000\000\360\006\177\000\000[\000\000\000\000\000\000\000\060\204\020\360\006\177\000\000\000\000\000\000\000\000\000\000\260\372 \360\006\177\000\000\350\361\b\360\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\220 \016\360\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000?\022\360\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000?"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06f0214f80) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06f01a8640
>          opresult = 0
>          normalized_mods = 0x7f06f012bbc0
>          mods = 0x7f06f01040f0
>          mod = 0x7f06f012bbc8
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -266252416, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f070752ca90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f070752ca90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f070752ca90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f070752ca90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06f0179ba0
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06f0216d10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06f01b24d0 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06f0179ba0
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\360\006\177\000\000\200\311R\a\a\177\000\000\220\311R\a\a\177\000\000\356\306R\a\a\177\000\000\354\306R\a\a\177\000\000\360\306R\a\a\177\000\000\261\070\255\370\350\003\000\000\000\000\000\000\237?\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000~\000\000\000\001\000\001\000\020\235\033\360\006\177\000\000(\000\000\000\000\000\000\000~", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\300\037j.\a\177\000\000\020\235\033\360\006\177\000\000y\000\000\000\000\000\000\000~\000\000\000\000\000\000\000\300\037j.\a\177\000\000y\000\000\000\000\000\000\000\300\037j.\a\177\000\000\302"...
>          bind_target_entry = 0x7f06f0163c20
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06f0176900
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f070752ca90, op=0x7f072e691680, conn=0x7f0707539140) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707539140, pb_op = 0x7f072e691680, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06f02527a0, op_stack_elem = 0x7f072e799ca0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f070752ca90
>          conn = 0x7f0707539140
>          op = 0x7f072e691680
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54e8f0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54e8f0
>          detached = 1
>          id = 139668164368128
>          tid = 26143
> #15 0x00007f072982edc5 in start_thread (arg=0x7f070752d700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f070752d700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668164368128, -8975886148032001126, 0, 139668164368832, 139668164368128, 1, 9034557025265388442, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 36 (Thread 0x7f0706d2c700 (LWP 26144)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139667639601072, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4002, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
>          mtxmgr = <optimized out>
>          mtxregion = 0x7f0719f71138
>          ip = 0x0
>          timespec = {tv_sec = 806, tv_nsec = 139668155914328}
>          ret = <optimized out>
>          dbenv = 0x7f072e1d66a0
>          mutexp = 0x7f071a005a08
>          now = {tv_sec = 1310720, tv_nsec = 139668814232560}
>          nspins = 0
> #4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4002, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
> No locals.
> #5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e73d8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0706d1db00) at ../../src/lock/lock.c:983
>          newl = <optimized out>
>          lp = <optimized out>
>          env = <optimized out>
>          sh_obj = 0x7f071a2db2b8
>          region = <optimized out>
>          ip = 0x0
>          ndx = 806
>          part_id = <optimized out>
>          did_abort = 114416024
>          ihold = 0
>          grant_dirty = <optimized out>
>          no_dd = 1
>          ret = 0
>          t_ret = <optimized out>
>          holder = <optimized out>
>          sh_off = <optimized out>
>          action = <optimized out>
> #6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e73d8, flags=0, obj=obj at entry=0x7f072e197860, lock_mode=<optimized out>, lock=lock at entry=0x7f0706d1db00) at ../../src/lock/lock.c:463
>          lt = 0x7f072dfafc70
>          ret = <optimized out>
> #7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f072e197770, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0706d1db00) at ../../src/db/db_meta.c:1255
>          dbp = 0x7f072e2b8f50
>          couple = {{op = 114416024, mode = 32519, timeout = 114416020, obj = 0x7f072e197770, lock = {off = 139668628338413, ndx = 774606672, gen = 32519, mode = DB_LOCK_NG}}, {op = 114416032, mode = 32519, timeout = 774648544, obj = 0x7f0706d1dad4, lock = {off = 139666028307872, ndx = 1409, gen = 0, mode = 774606672}}, {op = 114416012, mode = 32519, timeout = 1, obj = 0x12e2cb6d0, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
>          reqp = 0x0
>          txn = 0x0
>          env = 0x7f072e0efbf0
>          has_timeout = <optimized out>
>          i = 0
>          ret = <optimized out>
> #8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f072e197770, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0706d1dde0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0706d1dc24) at ../../src/btree/bt_search.c:723
>          t = 0x7f072e2cb6d0
>          cp = 0x7f06880125a0
>          dbp = 0x7f072e2b8f50
>          lock = {off = 0, ndx = 806, gen = 0, mode = 3226}
>          saved_lock = {off = 0, ndx = 806, gen = 32519, mode = 771423344}
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          h = 0x0
>          parent_h = 0x0
>          base = <optimized out>
>          i = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          lock_mode = DB_LOCK_READ
>          pg = 13
>          saved_pg = 0
>          start_pgno = 0
>          recno = 0
>          adjust = <optimized out>
>          cmp = 3
>          deloffset = <optimized out>
>          ret = <optimized out>
>          set_stack = 1
>          stack = 0
>          t_ret = <optimized out>
>          getlock = 0
>          was_next = 0
>          get_mode = 0
>          wait = 4
>          level = 2 '\002'
>          saved_level = 255 '\377'
> #9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f072e197770, root_pgno=root_pgno at entry=0, key=0x7f0706d1dde0, flags=<optimized out>, exactp=0x7f0706d1dc24) at ../../src/btree/bt_cursor.c:2804
>          t = <optimized out>
>          cp = <optimized out>
>          dbp = <optimized out>
>          h = <optimized out>
>          base = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          bt_lpgno = 771423344
>          recno = 771423344
>          sflags = <optimized out>
>          bulk = <optimized out>
>          cmp = 0
>          ret = 0
>          t_ret = <optimized out>
> #10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f072e197770, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0706d1dcc4) at ../../src/btree/bt_cursor.c:1099
>          cp = 0x7f06880125a0
>          dbp = 0x7f072e2b8f50
>          mpf = <optimized out>
>          orig_pgno = 0
>          orig_indx = 0
>          exact = 32519
>          newopd = <optimized out>
>          ret = <optimized out>
> #11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06f0035460, key=0x7f0706d1dde0, data=0x7f0706d1de10, flags=26) at ../../src/db/db_cam.c:952
>          dbp = 0x7f072e2b8f50
>          ddbc = <optimized out>
>          dbc_n = 0x7f072e197770
>          opd = 0x0
>          cp = <optimized out>
>          cp_n = <optimized out>
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          pgno = 0
>          indx_off = <optimized out>
>          multi = 2048
>          orig_ulen = 0
>          tmp_flags = <optimized out>
>          tmp_read_locking = 0
>          tmp_rmw = 0
>          type = <optimized out>
>          key_small = 0
>          ret = <optimized out>
>          t_ret = <optimized out>
> #12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06f0035460, key=key at entry=0x7f0706d1dde0, data=data at entry=0x7f0706d1de10, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
> No locals.
> #13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06f0035460, key=0x7f0706d1dde0, data=0x7f0706d1de10, flags=2074) at ../../src/db/db_iface.c:2359
>          dbp = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0706d1ff60, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
>          ret = 0
>          idl_rc = 0
>          cursor = 0x7f06f0035460
>          idl = 0x0
>          key = {data = 0x7f0706d200c0, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
>          data = {data = 0x7f0706d1de70, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          id = 0
>          count = 0
>          buffer = "\000\000\000\000\000\000\000\000\020e\022\200\006\177\000\000\000\000\000\000\000\000\000\000\360\373\016.\a\177\000\000\000\000\000\000\000\000\000\000\350\253\364\"\a\177\000\000\220s\022\200\006\177\000\000\060\337\000\210\006\177\000\000\000\000\000\000\000\000\000\000\240v\022\200\006\177\000\000\240\320\a\200\006\177\000\000\020e\022\200\006\177\000\000@\t\a\344\006\177\000\000?\364\"\a\177\000\000\230k.\032\364\206\377\377$D\373\"\a\177\000\000\240v\022\200\006\177\000\000\060\337\000\210\006\177\000\000tT\000\032\a\177\000\000>\205\350\"\a\177\000\000\020e\022\200\000\000\000\000\070\021\367\031\a\177\000\000\230\017\000\000\000\000\000\000`\337\321\006\a\177\000\000P\337\321\006\a\177\000\000H"...
>          ptr = <optimized out>
>          dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
>          s_txn = {back_txn_txn = 0x0}
>          li = <optimized out>
> #15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0706d1ff60, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
> No locals.
> #16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06e8188e20 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0706d24230, err=err at entry=0x7f0706d26c8c, unindexed=unindexed at entry=0x7f0706d24224, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
>          interval = <optimized out>
>          db = 0x7f072e2b8f50
>          db_txn = 0x0
>          key = {data = 0x7f0706d200c0, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          idl = 0x0
>          prefix = <optimized out>
>          tmpbuf = 0x0
>          buf = "=referral\000\000\000\253\001\000\000\004\000\000\000\263\001\000\000\004\000\000\000\273\001\000\000\004\000\000\000\303\001\000\000\004\000\000\000\313\001\000\000\004\000\000\000\323\001\000\000\004\000\000\000\333\001\000\000\004\000\000\000\343\001\000\000\004\000\000\000\353\001\000\000\004\000\000\000\363\001\000\000\002\270 \036\a\177\000\000\004\000\000\000\003\002", '\000' <repeats 19 times>, "^\261\363\257M\331e\b\002\322\006\a\177\000\000 \002\322\006\a\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000\037\205\353Q\000\000\000\000l\337H\036\a\177\000\000 \002\322\006\a\177\000\000\237\241\"\036\a\177\000\000\240\206\001\000\001\000\000\000"...
>          typebuf = "objectclass\000\253\000\000\000\004\000\000\000\263\000\000\000\004\000\000\000\273\000\000\000\004\000\000\000\303\000\000\000\004\000\000\000\313\000\000\000\004\000\000\000\323\000\000\000\004\000\000\000\333\000\000\000\004\000\000\000\343\000\000\000\004\000\000\000\353\000\000\000\004\000\000\000\363\000\000\000\004\000\000\000\373\000\000\000\004\000\000\000\003\001\000\000\004\000\000\000\v\001\000\000\004\000\000\000\023\001\000\000\004\000\000\000\033\001\000\000\004\000\000\000#\001\000\000\004\000\000\000+\001\000\000\004\000\000\000\063\001\000\000\004\000\000\000;\001\000\000\004\000\000\000C\001\000\000\004\000\000\000K\001\000\000\004\000\000\000S\001\000\000\004\000\000\000[\001\000\000\004\000\000\000c\001\000\000"...
>          ai = 0x7f072e1be6c0
>          basetmp = 0x0
>          basetype = <optimized out>
>          retry_count = 0
>          encrypted_val = 0x0
>          is_and = 1
>          ai_flags = 1
> #17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, type=0x7f06e8188e20 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0706d26c8c, unindexed=unindexed at entry=0x7f0706d24224, txn=txn at entry=0x7f0706d24230, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
>          idl2 = 0x7f0706d22460
>          i = 0
> #18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06e81b93a0, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
>          tmp = {bv = {bv_len = 8, bv_val = 0x7f06e802d1d0 "referral"}, v_csnset = 0x0, v_flags = 0}
>          ptr = {0x7f0706d24280, 0x0}
>          fake = {bv = {bv_len = 8, bv_val = 0x7f0706d24320 "referral"}, v_csnset = 0x7f0706d242a8, v_flags = 1536}
>          buf = "referral\000-\372\"\a\177\000\000Pi\373-\a\177\000\000\340U\032.\a\177\000\000\034E\322\006\a\177\000\000\000\000\000\000\000\000\000\000\030:\t\000\000\000\000\000{ \303\000\000\000\000\000(E\322\006\a\177", '\000' <repeats 22 times>, "\a\177\000\000\000\000\000\000\a\177\000\000\355v\372\"\a\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\001\000\000\000\001\000\000\000\000\000\000\000$D\373\"\a\177\000\000\002\000\000\000\a\177\000\000\000:\t\000\a\177\000\000\330\234-\032\a\177\000\000\001\000\000\000\a\177\000\000\334C\322\006\000\000\000\000\064D\322\006\a\177\000\000A\b\000\000\000\000\000\000\200"...
>          type = 0x7f06e8188e20 "objectclass"
>          indextype = 0x7f071e271c87 "eq"
>          sv = {bv = {bv_len = 8, bv_val = 0x7f0706d24320 "referral"}, v_csnset = 0x7f0706d242a8, v_flags = 1536}
>          bval = 0x7f06e81b93c8
>          ivals = 0x7f0706d24250
>          idl = 0x0
>          unindexed = 0
>          sattr = {a_type = 0x7f06e8148950 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
>          txn = {back_txn_txn = 0x0}
>          pr_idx = 0
> #19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e81b93a0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e813f7a0, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x7f06e811e680
>          tmp = 0x7f06e811e680
>          tmp2 = 0x0
>          f = 0x7f06e81b93a0
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 0
> #21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e813f7a0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #22 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e81a3080, ftype=<optimized out>, err=0x7f0706d26c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x0
>          tmp = 0x3
>          tmp2 = 0x7f072e0f5f20
>          f = 0x7f06e813f7a0
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 1
> #23 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06e81a3080, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c, allidslimit=100000, allidslimit at entry=0) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #24 0x00007f071e21667a in filter_candidates (pb=pb at entry=0x7f0706d2ba90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=<optimized out>, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0706d26c8c) at ldap/servers/slapd/back-ldbm/filterindex.c:175
> No locals.
> #25 0x00007f071e252c36 in onelevel_candidates (err=0x7f0706d26c8c, lookup_returned_allidsp=0x7f0706d26c7c, managedsait=<optimized out>, filter=<optimized out>, e=0x7f06e40c7e70, base=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", be=0x7f072e0f5f20, pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1143
>          fid2kids = 0x7f06e81572c0
>          candidates = <optimized out>
>          focref = 0x7f06e81b93a0
>          fand = 0x7f06e81a3080
>          forr = 0x7f06e813f7a0
>          ftop = <optimized out>
> #26 build_candidate_list (candidates=0x7f0706d26cb8, lookup_returned_allidsp=0x7f0706d26c7c, scope=<optimized out>, base=0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=0x7f072e0f5f20, pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1010
>          filter = 0x7f06e81031d0
>          err = 0
>          li = 0x7f072df49930
>          managedsait = 0
>          r = 0
> #27 ldbm_back_search (pb=0x7f0706d2ba90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
>          rc = <optimized out>
>          time_up = 0
>          vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
>          vlv_rc = 32519
>          lookthrough_limit = 0
>          abandoned = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x7f06e40c7e70
>          candidates = 0x0
>          base = 0x7f06e814ca30 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          basesdn = 0x7f06e81bc1f0
>          scope = 1
>          controls = 0x7f06e81c50d0
>          operation = 0x7f072e609210
>          addr = 0x7f072e6092e8
>          estimate = 0
>          sort = 0
>          vlv = <optimized out>
>          sort_spec = 0x0
>          is_sorting_critical = <optimized out>
>          is_sorting_critical_orig = 0
>          sort_control = 0x0
>          virtual_list_view = 0
>          vlv_spec = 0x0
>          is_vlv_critical = 0
>          vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
>          sr = <optimized out>
>          tmp_err = -1
>          tmp_desc = 0x0
>          lookup_returned_allids = 0
>          backend_count = 0
>          print_once = 1
>          txn = {back_txn_txn = 0x0}
>          rc = <optimized out>
> #28 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f0706d2ba90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
>          be_suffix = 0x7f072de73fa0
>          err = 0
>          next_be = 0x0
>          base = 0x7f06e8168c70 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normbase = <optimized out>
>          fstr = 0x7f06e806c8c0 "(objectClass=*)"
>          scope = 1
>          be = 0x7f072e0f5f20
>          be_single = 0x0
>          be_list = {0x7f072e0f5f20, 0x0, 0x7f0706d26fc0, 0x7f0706d26ff0, 0x7f0706d27010, 0x7f0706d27070, 0x7f06e817bc10, 0x7f07075343e8, 0x0, 0x7f0706d27028, 0x90, 0x7f0706d27070, 0x7f06e817bc10, 0x7f0706d27048, 0x90, 0x7f0706d27070, 0x7f06e817bc10, 0x7f07075343e8, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06e80f2580, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06e817bc10, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f07075343e8, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0706d270d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e6dc780, 0x65d94daff3b15e00, 0x1, 0x7f07075343e8, 0x0, 0x7f072c1a4c90, 0x1, 0x7f072bcae93d <bind_credentials_set_nolock+237>, 0x7f072e7e7310, 0x7f072c1a4c90, 0x0, 0x7f072bf4a820 <global_slapdFrontendConfig>, 0x8, 0x0, 0x0, 0x7f0706d27140, 0x7f07075343e8, 0x0, 0x0, 0x80, 0x7f072e7e7310, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f0706d27210, 0x7f072c183b8e <handle_handshake_done+750>, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0706d27298, 0xc02f030300000050, 0x10000000800, 0x5873c0c85873c0c8, 0x2058751248, 0x134705c925c81266, 0x5f075a5f0ebf1679, 0xcb7e4d560a396afd, 0xc1cf5d3d29d8c0c1, 0x7f072aa08259, 0x0, 0xc02f0060, 0x7f072aa0dfa0, 0x7f072aa0d911, 0x1, 0x7f072aa0dab9, 0x4, 0x7f072aa0d915, 0x8000800000000a, 0x80, 0x7f072aa0d91d, 0x1008000000006, 0x0, 0x322e31534c54, 0x0, 0x0, 0x7f0706d2725c, 0x7f0706d2735c, 0x7f0700000001, 0x6d27650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06e8174bd0, 0x7f072bd09f50, 0x7f06e8069390, 0x0, 0x0, 0x7f06e8217850, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f0706d27380, 0x7f0706d27370, 0x7f0706d27368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06e821d990, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472
>> , 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f0706d27570, 0x7f072e0efbf0, 0x7f0706d27650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f0706d27438, 0x7f0706d27440, 0xffff86ee06d27578, 0x7f0722fb4424 <__os_id+36>, 0x0, 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f0706d276c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06e821d990, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f0706d27650, 0x7f072e0efbf0, 0x7f0706d27650, 0x7f0706d27570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06e821d990, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f0706d27650, 0x7f072e1b8d80, 0x1, 0x7f06e8205278, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f0706d2756c, 0x100000001, 0x7f0706d2756c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
>          referral_list = {0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f06e80dda80, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f0706d29068, 0x0, 0x7f072bc5d851 <slapi_attr_type2plugin+113>, 0x7f072e1cbfd0, 0x0, 0x75676e6974736964, 0x6d614e6465687369, 0x7f072e1d0065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0706d290c8, 0x7f071a1b9328, 0x16d7f6, 0x7f0706d29150, 0x7f0722f9a289 <__log_putr+809>, 0x373533353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06e8112235, 0x7f06e8112232, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06e8112236, 0x65d94daff3b15e00, 0x7f06e8112235, 0x7f0706d28ff0, 0x7f0706d29080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06e81b13b2, 0x65d94daff3b15e00, 0x0, 0xffffffff, 0x7f0706d29078, 0x7f072bcbb6f7 <slapi_entry_syntax_check+615>, 0x7f06e803dd60, 0x7f06e81fff00, 0xe803dda6, 0x7f0706d29070, 0x7f0706d2ba90, 0x7f0706d2ba90, 0x7f0706d29080, 0x7f0706d2906c, 0x6d29080, 0x100000000, 0x0, 0x0, 0x7f06e80a2980, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x0, 0x0, 0x0, 0x0, 0x3857a93900000000, 0x4639581261a56b43, 0x2f81badc6bcb3892, 0x27f942064672ea95, 0xe36eef13a943143, 0x65d94daff3b15e00, 0xffae2e9d775adf1, 0x105b46d6, 0xdec59cf, 0x7f071b13664a <felem_mul+1098>, 0x1266fdde, 0xfb6f6e8, 0x1f6dedd0, 0x32d8957e, 0x24cdfbbc, 0x105b46d6, 0x20b68dac, 0x330cfb89, 0xdec59cf, 0x7f0706d29430, 0x76df9df7cf7e8, 0x326db2e71979b8, 0x27a165dc7f80d42, 0x3e23dd649d812ca, 0x9784e14c81b7e5c, 0x8694a223ef32e5a, 0x0, 0x0, 0x0, 0x0, 0x45d7cd6a00000000, 0x3134d111811a9e55, 0x3dc8088f60dea349, 0x306fc079551c486e, 0x0, 0x0, 0x0, 0x0, 0x415179a500000000, 0x31c21015694185ef, 0x3b2c80213c9d2eda, 0x39f8bf904f546387, 0xbec4f5f35b0a41a, 0x65d94daff3b15e00, 0x532d42e03be9bb4, 0x1323507b241bf60, 0x17a25752097d0d0, 0x7f071b1361c9 <felem_square+601>, 0x4725978, 0x1c8b86a0, 0x23a771b8f1100, 0x14ee056e95b280, 0xbaeab42a5e9800, 0x1ac9e4951184af8, 0x3e72d38666b42b1, 0x112ac437aa8b732, 0x113c262118848ee, 0x209f3027df6ffbc, 0x2e04eb98ec57484, 0x39fa7c5b0e5fa52, 0x532d42e0
> 3be9bb4, 0xdc0d98f0827b3c, 0x1567e6de91f9b80, 0x15af6713f619590, 0x182e52c1f8a2ac2, 0x17a25752097d0d0, 0x136a9cbd4ebe240, 0x65d94daff3b15e00, 0x7f0717eb2496, 0x7f0706d29400, 0x7f0706d29430, 0x7f0706d293d0, 0x7f0706d2a080, 0x7f0706d29400, 0x7f0706d29430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x46b2566a00000000, 0x3fe1ca10924cbb28, 0x2c269c674b55664c, 0x20157f364861ca00, 0x115b1f4d330f9481, 0x65d94daff3b15e00, 0x363d55c7ab6541e, 0xb79c49f, 0x40aa860, 0x7f071b13664a <felem_mul+1098>, 0x9ade004, 0x3c7ad8d, 0x78f5b1a, 0x1308e14d, 0x135bc008, 0xb79c49f, 0x16f3893e, 0x13498845, 0x40aa860, 0x7f0706d29920, 0x10206978a349fe, 0x3e1685b7e6987, 0x149d2493ce4eaf2, 0x1a223267f19e512, 0x323fef5295dfd41, 0x20203366733adfd, 0x431dd120c47cc5a, 0x3ecc64498306e30, 0x679f9386bce1839, 0x32304db1757905b, 0x586100ae78493f5, 0x3f6486dccb008e4, 0x4f5690111f6295d, 0x1bb8b31c9dde6e1, 0x1bd93c6904761a6, 0x18b5196826a383a, 0x2288c02392e0f52, 0x65d94daff3b15e00, 0x7f06e821c1c0, 0x7f0706d295c0, 0x7f0706d29590, 0x7f0706d2a0e0, 0x7f0706d2a0b0, 0x7f0706d295c0, 0x7f0706d29590, 0x7f071b137c2d <scalar_mult+1901>, 0x7f0706d2a170, 0x7f0706d2a1a0, 0x7f0706d29920, 0x7f0706d295f0, 0x7f0706d29620, 0x7f0706d29830, 0x7f0706d29890, 0x7f0706d29800, 0x402e0e9fa8, 0x7f0706d296e0, 0x7f0706d298f0, 0x7f0706d29680, 0x7f0706d297a0, 0x7f0706d29860, 0x7f0706d29740, 0x7f0706d29770...}
>          attrlistbuf = "\"objectClass\"", '\000' <repeats 51 times>, "conn=13372 op=2 UNBIND\n", '\000' <repeats 41 times>, "X\000\000\000\200", '\000' <repeats 11 times>, "?`.\a\177\000\000\000^\261\363\257M\331e\000\000\000\000\000\000\000\000\240V\031\350\006\177\000\000N\273\317+\a\177\000\000\020H\v\350\006\177\000\000\216\000\000\000\000\000\000\000\025"...
>          attrliststr = <optimized out>
>          attrs = 0x7f06e8106eb0
>          rc = -1
>          internal_op = <optimized out>
>          basesdn = 0x7f06e81cff20
>          sdn = 0x7f06e81bc1f0
>          operation = 0x7f072e609210
>          referral = 0x0
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          nentries = 0
>          pnentries = 0
>          flag_search_base_found = 0
>          flag_no_such_object = 0
>          flag_referral = 0
>          flag_psearch = <optimized out>
>          err_code = 0
>          ctrlp = 0x7f06e81c50d0
>          ctl_value = 0x7f06e8174f38
>          iscritical = -1
>          be_name = <optimized out>
>          index = -1
>          sent_result = 0
>          pr_stat = 0
>          pagesize = 100
>          estimate = 0
>          curr_search_count = <optimized out>
>          pr_be = <optimized out>
>          pr_search_result = <optimized out>
>          pr_idx = 0
>          orig_sdn = 0x0
>          free_sdn = 1
> #29 0x00007f072c19e11e in do_search (pb=pb at entry=0x7f0706d2ba90) at ldap/servers/slapd/search.c:349
>          operation = 0x7f072e609210
>          ber = <optimized out>
>          i = <optimized out>
>          err = <optimized out>
>          attrsonly = 0
>          scope = 1
>          deref = 0
>          sizelimit = 0
>          timelimit = 60
>          rawbase = 0x7f06e8168c70 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          rawbase_set_in_pb = 1
>          fstr = 0x7f06e806c8c0 "(objectClass=*)"
>          filter = 0x7f06e81031d0
>          attrs = 0x7f06e8106eb0
>          gerattrs = 0x0
>          psearch = 0
>          psbvp = 0x0
>          changetypes = 32518
>          send_entchg_controls = 772485200
>          changesonly = 0
>          rc = -1
>          strict = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          filter_normalized = 0
> #30 0x00007f072c18bc17 in connection_dispatch_operation (pb=0x7f0706d2ba90, op=0x7f072e609210, conn=0x7f07075369e0) at ldap/servers/slapd/connection.c:651
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 1
> #31 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075369e0, pb_op = 0x7f072e609210, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 3, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 0, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = -1, pwdpolicy = 0x0, op_stack_elem = 0x7f072e60bce0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0706d2ba90
>          conn = 0x7f07075369e0
>          op = 0x7f072e609210
>          tag = 99
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #32 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54ed40) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54ed40
>          detached = 1
>          id = 139668155975424
>          tid = 26144
> #33 0x00007f072982edc5 in start_thread (arg=0x7f0706d2c700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0706d2c700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668155975424, -8975886148032001126, 0, 139668155976128, 139668155975424, 1, 9034558126387628954, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #34 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 35 (Thread 0x7f070652b700 (LWP 26145)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668147582720
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0706529e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06ec1ec800
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06ec1ed6b0
>          addr = 0x7f06ec1ed788
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06ec222dc0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f070652a060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06ec221aa0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06ec142ee0
>          passin_sdn = 0
>          mods = 0x7f06ec1ec800
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06ec00cd20
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06ec1ed6b0
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000m\036\203)\a\177\000\000 \000\000\354\006\177\000\000[\000\000\000\000\000\000\000p} \354\006\177\000\000\000\000\000\000\000\000\000\000\060~\v\354\006\177\000\000\230\001\005\354\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000pc\026\354\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000(\315\000\354\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06ec222dc0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06ec1ed6b0
>          opresult = 0
>          normalized_mods = 0x7f06ec00cd20
>          mods = 0x7f06ec0a3ca0
>          mod = 0x7f06ec00cd28
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -333304384, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f070652aa90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f070652aa90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f070652aa90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f070652aa90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06ec1e3e60
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06ec0c6d90 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06ec12c9d0 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06ec1e3e60
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\354\006\177\000\000\200\251R\006\a\177\000\000\220\251R\006\a\177\000\000\356\246R\006\a\177\000\000\354\246R\006\a\177\000\000\360\246R\006\a\177\000\000\261X\255\371\350\003\000\000\000\000\000\000XV\207\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000w\000\000\000\001\000\001\000P%$\354\006\177\000\000(\000\000\000\000\000\000\000w", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\220)s.\a\177\000\000P%$\354\006\177\000\000y\000\000\000\000\000\000\000w\000\000\000\000\000\000\000\220)s.\a\177\000\000y\000\000\000\000\000\000\000\220)s.\a\177\000\000"...
>          bind_target_entry = 0x7f06ec234770
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06ec05ee20
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f070652aa90, op=0x7f072e612a90, conn=0x7f0707538768) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538768, pb_op = 0x7f072e612a90, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06ec0bf5f0, op_stack_elem = 0x7f072e60d900, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f070652aa90
>          conn = 0x7f0707538768
>          op = 0x7f072e612a90
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54f190) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54f190
>          detached = 1
>          id = 139668147582720
>          tid = 26145
> #15 0x00007f072982edc5 in start_thread (arg=0x7f070652b700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f070652b700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668147582720, -8975886148032001126, 0, 139668147583424, 139668147582720, 1, 9034559225362385818, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 34 (Thread 0x7f0705d2a700 (LWP 26146)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139667506784256, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3997, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
>          mtxmgr = <optimized out>
>          mtxregion = 0x7f0719f71138
>          ip = 0x0
>          timespec = {tv_sec = 806, tv_nsec = 139668139127416}
>          ret = <optimized out>
>          dbenv = 0x7f072e1d66a0
>          mutexp = 0x7f071a005710
>          now = {tv_sec = 0, tv_nsec = 139668814232560}
>          nspins = 0
> #4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=3997, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
> No locals.
> #5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e6fb8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0705d1b520) at ../../src/lock/lock.c:983
>          newl = <optimized out>
>          lp = <optimized out>
>          env = <optimized out>
>          sh_obj = 0x7f071a2db2b8
>          region = <optimized out>
>          ip = 0x0
>          ndx = 806
>          part_id = <optimized out>
>          did_abort = 97629112
>          ihold = 0
>          grant_dirty = <optimized out>
>          no_dd = 1
>          ret = 0
>          t_ret = <optimized out>
>          holder = <optimized out>
>          sh_off = <optimized out>
>          action = <optimized out>
> #6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e6fb8, flags=0, obj=obj at entry=0x7f06e400b330, lock_mode=<optimized out>, lock=lock at entry=0x7f0705d1b520) at ../../src/lock/lock.c:463
>          lt = 0x7f072dfafc70
>          ret = <optimized out>
> #7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06e400b240, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0705d1b520) at ../../src/db/db_meta.c:1255
>          dbp = 0x7f072e2b8f50
>          couple = {{op = 97629112, mode = 32519, timeout = 97629108, obj = 0x7f06e400b240, lock = {off = 139668628338413, ndx = 5, gen = 32519, mode = DB_LOCK_NG}}, {op = 97629120, mode = 32519, timeout = 774648544, obj = 0x7f0705d1b4f4, lock = {off = 139665895223472, ndx = 1409, gen = 0, mode = 774606672}}, {op = 97629100, mode = 32519, timeout = 1, obj = 0x12e0efbf0, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
>          reqp = 0x0
>          txn = 0x0
>          env = 0x7f072e0efbf0
>          has_timeout = <optimized out>
>          i = 0
>          ret = <optimized out>
> #8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06e400b240, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0705d1b800, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0705d1b644) at ../../src/btree/bt_search.c:723
>          t = 0x7f072e2cb6d0
>          cp = 0x7f06801270b0
>          dbp = 0x7f072e2b8f50
>          lock = {off = 0, ndx = 806, gen = 0, mode = 3759947232}
>          saved_lock = {off = 0, ndx = 806, gen = 1708740015, mode = 3759437616}
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          h = 0x0
>          parent_h = 0x0
>          base = <optimized out>
>          i = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          lock_mode = DB_LOCK_READ
>          pg = 13
>          saved_pg = 0
>          start_pgno = 0
>          recno = 0
>          adjust = <optimized out>
>          cmp = 1
>          deloffset = <optimized out>
>          ret = <optimized out>
>          set_stack = 1
>          stack = 0
>          t_ret = <optimized out>
>          getlock = 0
>          was_next = 0
>          get_mode = 0
>          wait = 4
>          level = 2 '\002'
>          saved_level = 255 '\377'
> #9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06e400b240, root_pgno=root_pgno at entry=0, key=0x7f0705d1b800, flags=<optimized out>, exactp=0x7f0705d1b644) at ../../src/btree/bt_cursor.c:2804
>          t = <optimized out>
>          cp = <optimized out>
>          dbp = <optimized out>
>          h = <optimized out>
>          base = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          bt_lpgno = 97638592
>          recno = 97638592
>          sflags = <optimized out>
>          bulk = <optimized out>
>          cmp = 0
>          ret = 0
>          t_ret = <optimized out>
> #10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06e400b240, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0705d1b6e4) at ../../src/btree/bt_cursor.c:1099
>          cp = 0x7f06801270b0
>          dbp = 0x7f072e2b8f50
>          mpf = <optimized out>
>          orig_pgno = 0
>          orig_indx = 0
>          exact = 32519
>          newopd = <optimized out>
>          ret = <optimized out>
> #11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f0680126e80, key=0x7f0705d1b800, data=0x7f0705d1b830, flags=26) at ../../src/db/db_cam.c:952
>          dbp = 0x7f072e2b8f50
>          ddbc = <optimized out>
>          dbc_n = 0x7f06e400b240
>          opd = 0x0
>          cp = <optimized out>
>          cp_n = <optimized out>
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          pgno = 0
>          indx_off = <optimized out>
>          multi = 2048
>          orig_ulen = 0
>          tmp_flags = <optimized out>
>          tmp_read_locking = 0
>          tmp_rmw = 0
>          type = <optimized out>
>          key_small = 0
>          ret = <optimized out>
>          t_ret = <optimized out>
> #12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f0680126e80, key=key at entry=0x7f0705d1b800, data=data at entry=0x7f0705d1b830, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
> No locals.
> #13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f0680126e80, key=0x7f0705d1b800, data=0x7f0705d1b830, flags=2074) at ../../src/db/db_iface.c:2359
>          dbp = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0705d1d980, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
>          ret = 0
>          idl_rc = 0
>          cursor = 0x7f0680126e80
>          idl = 0x0
>          key = {data = 0x7f0705d1dae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
>          data = {data = 0x7f0705d1b890, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          id = 0
>          count = 0
>          buffer = "\000\000\000\000\000\000\000\000\215\230\350\"\a\177\000\000\200\333\321\005\a\177\000\000\000\000\000\000\000\000\000\000\203\337\334\031\a\177\000\000\000\000\000\000\000\000\000\000\032\000\000\000\000\000\000\000\001", '\000' <repeats 15 times>, " ;\001\330\006\177\000\000\360\017\006\360\006\177\000\000\357]\352\"\a\177\000\000\000\b\000\000\000\000\000\000\364\206\377\377\a\177\000\000\360\226\350\"\a\177\000\000?\321\005\a\177\000\000\000\000\000\000\201\005\000\000 ;\001\330\006\177\000\000\070\300\334\031\a\177\000\000\340\062,.\a\177\000\000\032", '\000' <repeats 11 times>, "\001\000\000\000P\217+.\a\177\000\000\000\000\000\000\002\000\000\000\001\000\000\000\001\000\000\000?"...
>          ptr = <optimized out>
>          dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
>          s_txn = {back_txn_txn = 0x0}
>          li = <optimized out>
> #15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0705d1d980, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
> No locals.
> #16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06e010dff0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0705d21c50, err=err at entry=0x7f0705d2474c, unindexed=unindexed at entry=0x7f0705d21c44, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
>          interval = <optimized out>
>          db = 0x7f072e2b8f50
>          db_txn = 0x0
>          key = {data = 0x7f0705d1dae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          idl = 0x0
>          prefix = <optimized out>
>          tmpbuf = 0x0
>          buf = "=posixaccount\000\000\000\004\000\000\000\333\n\000\000\004\000\000\000\343\n\000\000\004\000\000\000\353\n\000\000\004\000\000\000\363\n\000\000\004\000\000\000\373\n\000\000\004\000\000\000\003\v\000\000\004\000\000\000\v\v\000\000\004\000\000\000\023\v\000\000\004\000\000\000\033\v\000\000\004\000\000\000#\v\000\000\004\000\000\000+\v\000\000\004\000\000\000\063\v\000\000\004\000\000\000;\v\000\000\004\000\000\000C\v\000\000\004\000\000\000K\v\000\000\004\000\000\000S\v\000\000\004\000\000\000[\v\000\000\004\000\000\000c\v\000\000\004\000\000\000k\v\000\000\004\000\000\000s\v\000\000\004\000\000\000{\v\000\000\004\000\000\000\203\v\000\000\004\000\000\000\213\v\000\000"...
>          typebuf = "objectClass\000\323\t\000\000\004\000\000\000\333\t\000\000\004\000\000\000\343\t\000\000\004\000\000\000\353\t\000\000\004\000\000\000\363\t\000\000\004\000\000\000\373\t\000\000\004\000\000\000\003\n\000\000\004\000\000\000\v\n\000\000\004\000\000\000\023\n\000\000\004\000\000\000\033\n\000\000\004\000\000\000#\n\000\000\004\000\000\000+\n\000\000\004\000\000\000\063\n\000\000\004\000\000\000;\n\000\000\004\000\000\000C\n\000\000\004\000\000\000K\n\000\000\004\000\000\000S\n\000\000\004\000\000\000[\n\000\000\004\000\000\000c\n\000\000\004\000\000\000k\n\000\000\004\000\000\000s\n\000\000\004\000\000\000{\n\000\000\004\000\000\000\203\n\000\000\004\000\000\000\213\n\000\000"...
>          ai = 0x7f072e1be6c0
>          basetmp = 0x0
>          basetype = <optimized out>
>          retry_count = 0
>          encrypted_val = 0x0
>          is_and = 1
>          ai_flags = 1
> #17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, type=0x7f06e010dff0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0705d2474c, unindexed=unindexed at entry=0x7f0705d21c44, txn=txn at entry=0x7f0705d21c50, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
>          idl2 = 0x0
>          i = 0
> #18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06e0312a00, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
>          tmp = {bv = {bv_len = 12, bv_val = 0x7f06e0198b80 "posixAccount"}, v_csnset = 0x0, v_flags = 0}
>          ptr = {0x7f0705d21ca0, 0x0}
>          fake = {bv = {bv_len = 12, bv_val = 0x7f0705d21d40 "posixaccount"}, v_csnset = 0x7f06e032efc0, v_flags = 1536}
>          buf = "posixaccount\000\177\000\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\225\317-\a\177\000\000\323\325\351%\a\177", '\000' <repeats 11 times>, "^\261\363\257M\331e4\340\363+\a\177\000\000\252\000\000\000\000\000\000\000\300\035\322\005\a\177\000\000P!\322\005\a\177\000\000\070!\322\005\a\177\000\000\315\301\313+\a\177\000\000\370\035\322\005\a\177\000\000\220\200\351%\a\177", '\000' <repeats 26 times>, "\300\225\317-\a\177", '\000' <repeats 634 times>...
>          type = 0x7f06e010dff0 "objectClass"
>          indextype = 0x7f071e271c87 "eq"
>          sv = {bv = {bv_len = 12, bv_val = 0x7f0705d21d40 "posixaccount"}, v_csnset = 0x7f06e032efc0, v_flags = 1536}
>          bval = 0x7f06e0312a28
>          ivals = 0x7f0705d21c70
>          idl = 0x0
>          unindexed = 0
>          sattr = {a_type = 0x7f06e017a410 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
>          txn = {back_txn_txn = 0x0}
>          pr_idx = -1
> #19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e0312a00, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e032ec00, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x0
>          tmp = 0x65d94daff3b15e00
>          tmp2 = 0x0
>          f = 0x7f06e0312a00
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 1
> #21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06e032ec00, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #22 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06e02a6040, ftype=<optimized out>, err=0x7f0705d2474c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x0
>          tmp = 0x0
>          tmp2 = 0x0
>          f = 0x7f06e032ec00
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 0
> #23 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06e0262a50, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06e02a6040, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0705d2474c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #24 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06e0262a50, be=0x7f072e0f5f20, base=base at entry=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06e032ec00, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0705d2473c, err=err at entry=0x7f0705d2474c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
>          focref = 0x7f06e00d7100
>          forr = 0x7f06e02a6040
>          ftop = <optimized out>
>          candidates = <optimized out>
>          has_tombstone_filter = <optimized out>
>          isroot = 0
>          allidslimit = 100000
>          op = 0x0
>          is_bulk_import = 0
> #25 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0705d24778, lookup_returned_allidsp=0x7f0705d2473c, scope=<optimized out>, base=0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06e0262a50) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
>          filter = 0x7f06e032ec00
>          err = 0
>          li = 0x7f072df49930
>          managedsait = 0
>          r = 0
> #26 ldbm_back_search (pb=0x7f06e0262a50) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
>          rc = <optimized out>
>          time_up = 0
>          vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
>          vlv_rc = 32519
>          lookthrough_limit = 0
>          abandoned = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x7f06a051d150
>          candidates = 0x0
>          base = 0x7f06e00e0ef0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          basesdn = 0x7f06e01f7380
>          scope = 2
>          controls = 0x0
>          operation = 0x7f06e01a1020
>          addr = 0x7f06e01a10f8
>          estimate = 0
>          sort = 0
>          vlv = <optimized out>
>          sort_spec = 0x0
>          is_sorting_critical = <optimized out>
>          is_sorting_critical_orig = 0
>          sort_control = 0x0
>          virtual_list_view = 0
>          vlv_spec = 0x0
>          is_vlv_critical = 0
>          vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
>          sr = <optimized out>
>          tmp_err = -1
>          tmp_desc = 0x0
>          lookup_returned_allids = 0
>          backend_count = 0
>          print_once = 1
>          txn = {back_txn_txn = 0x0}
>          rc = <optimized out>
> #27 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06e0262a50, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
>          be_suffix = 0x7f072de73fa0
>          err = 0
>          next_be = 0x0
>          base = 0x7f072e2b7d00 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normbase = <optimized out>
>          fstr = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
>          scope = 2
>          be = 0x7f072e0f5f20
>          be_single = 0x0
>          be_list = {0x7f072e0f5f20, 0x0, 0x0, 0x65, 0x0, 0x7f06e01572b0, 0x7f072e6e5f50, 0x7f072a9f80cc <ssl_DefSend+76>, 0x7f06e02652f0, 0xf3b15e00, 0x24, 0xe, 0x0, 0x7f06e02931ae, 0x0, 0x0, 0x7f072e6c6bb0, 0x7f072bcabaa8 <slapi_pblock_get+56>, 0x7f070000000e, 0x7f0705d24b90, 0x7f0705d24b14, 0x7f072e48bb40, 0x7f0705d29a90, 0x7f072bcc751d <log_result+1037>, 0x0, 0x7f0705d24bc0, 0x7f072bd01e5d, 0x7f0705d24bf0, 0x7f072bd01e5d, 0x65d94daff3b15e00, 0x65, 0x65, 0xe, 0x0, 0x7f06e02931a0, 0x0, 0x0, 0x7f0700000000, 0x0, 0xffffffff00000000, 0x7f0700000000, 0x7f0729e8952f <PR_ExitMonitor+159>, 0x0, 0x7f072e6c6bb0, 0x0, 0x7f072bd01e5d, 0x7f06e0290030, 0x7f072a9fe39c <ssl_SecureSend+428>, 0x7f072e6c6bb0, 0x7f06e02931a0, 0xe, 0x7f0729e89100 <PR_Unlock+80>, 0x0, 0x7f072aa0204b <ssl_Write+91>, 0x0, 0x7f072e76dde0, 0xe, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x0, 0x0, 0x7f072bccad8d <set_db_default_result_handlers+77>, 0x7f0705d29a90, 0x7f0705d29a90, 0xa, 0x7f072bcb3ca0 <plugin_call_func+256>, 0x7f072e0ee7a0, 0x11800000002, 0xffffffd60000003a, 0x7f0700000000, 0x0, 0x65d94daff3b15e00, 0x7f06e01572b0, 0x7f0705d29a90, 0x200, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x0, 0x2, 0x7f072bcb3fe2 <plugin_call_plugins+418>, 0x7f072df4b040, 0x65d94daff3b15e00, 0x0, 0x7f0705d29a90, 0xe, 0x7f072bcc6e26 <flush_ber+230>, 0x0, 0x7f0705d29a90, 0xe, 0x65d94daff3b15e00, 0x7f06e01572b0, 0x0, 0x7f0705d29a90, 0x7f06e01572b0, 0x9, 0x65d94daff3b15e00, 0x65, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x7f072bd01e5d, 0x7f072dfb0a60, 0x0, 0x6622, 0x7f0707536cb0, 0x0, 0x0, 0x65, 0x2e48bb40, 0x10f01000002, 0xffffffcd00000031, 0x7f072e48bb40, 0x0, 0x7f06e01c90c8, 0x1, 0x0, 0x7f0705d24f88, 0x7f0705d24f38, 0x0, 0x7f0705d24f38, 0x7f0705d24f40, 0x0, 0x7f0705d24f88, 0x65d94daff3b15e00, 0x7f0705d29a90, 0x7f0705d24f40, 0x7f0705d29a90, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f06e0345ff0, 0x7f072bd03a2e, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0705d24f50, 0x0, 0x7f0705d24f40, 0x100000001, 0x0, 0x7f0705d24f80, 0x0, 0x0, 0x7f0705d24f80, 0x7f0705d24f78, 0x7f0705d24ef4, 0x0, 0x0,
> 0x7f0705d24efc, 0x7f072dcd1e30, 0x1, 0x205d25000, 0x0, 0x200000001, 0xffffffff, 0xe10ffffffff, 0x7d0, 0xe10, 0x7d0, 0x7f06e00b75f0, 0x7f06e0345ff0, 0x0, 0x0, 0x0, 0x7f072e48bb40, 0x0, 0x0, 0x0, 0x7f06e0298fe0, 0x0, 0x0, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x7f0705d24fc0, 0x7f0705d24ff0, 0x7f0705d25010, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0707536cb0, 0x0, 0x7f0705d25028, 0x90, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0705d25048, 0x90, 0x7f0705d25070, 0x7f06e032ed10, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06e0313730, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06e032ed10, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f0707536cb0, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0705d250d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e659320, 0x65d94daff3b15e00, 0x1, 0x7f0707536cb0...}
>          referral_list = {0x0 <repeats 48 times>, 0xffff80f8fa2d9461, 0x37, 0xd, 0x1, 0x5c0000003d, 0x7f0705d26ba0, 0x0, 0x0, 0x770000006e, 0x0, 0x7f0705d26b9f, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f06e0000020, 0x0, 0x7f06e003c830, 0x0, 0x10, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f0705d26c88, 0x35d, 0x0, 0x7f072bc61ce3 <slapi_ch_malloc+19>, 0x7f0705d26c88, 0x7f06e0000020, 0x0, 0x35c, 0x7f06e0226e00, 0x7f072bcec38e <ber_bvcpy+46>, 0x7f06e0226e00, 0x7f06e003c830, 0x0, 0x7f072bcec5a1 <slapi_value_set_berval+49>, 0x0, 0x7f06e0226e00, 0x7f06e003c830, 0x7f072bcec5f6 <value_init+70>, 0x7f06e00ae6e0, 0x7f06e0226e00, 0x7f06e003c830, 0x7f072bcec652 <value_new+50>, 0x0, 0x65d94daff3b15e00, 0xffffffff00000001, 0x65d94daff3b15e00, 0x0, 0x7f06e0353278, 0x1, 0x0, 0x7f06e00ae6e0, 0x7f072bcee42a <slapi_valueset_add_attr_valuearray_ext+250>, 0x7f06e01a57f0, 0x7f06e0353270, 0x7f06e0163f40, 0x7f0705d26d7c, 0xffffffff00000001, 0x7f06e0353270, 0x7f06e017c350, 0x7f06e00ae6e0, 0x7f0705d28fd0, 0x7f06e0348b20, 0x7f0705d28f90, 0x7f072bc5b4d4 <attr_add_valuearray+148>, 0x7f06e019a220, 0x7f06e034f9f0, 0x0, 0x7f072b7a3085 <profile_update_file_data_locked+85>, 0xfd00, 0x1035277, 0x1, 0x81a4, 0x0, 0x0, 0x354, 0x1000, 0x8, 0x5872a492, 0xdc6d3e, 0x587152bb, 0x2f44381a, 0x587152bb, 0x2f44381a, 0x0, 0x0, 0x0, 0x0, 0x65d94daff3b15e00, 0xf, 0x7f06d40030d0, 0x0, 0x7f06d40030d8, 0x7f06e0206730, 0x7f0705d28f48, 0x7f0705d28f50, 0x7f06d40030d0, 0x0, 0x1, 0x7f06e0206730, 0x7f0705d28f48, 0x7f0705d28f50, 0x7f072b7a3a20 <profile_open_file+432>, 0x7f06e019a220, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06e010dff0, 0x7f07219e6eb5, 0x7f06e02652f0, 0x7f0722f99e78 <__log_fill+120>, 0x7f0705d27020, 0x7d00, 0x7f0705d27030, 0x7f072e0efbf0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06e01b9b30, 0x8267a4, 0x7f0705d270e0, 0x7f0722f9a289 <__log_putr+809>, 0x7f0719f71364, 0x0, 0x1870, 0x7f07219e4bbd <aclutil_print_aci+45>, 0xe100000002, 0x7f0700825e50, 0x7f0705d26f60, 0xc, 0x7f072dec6670, 0x7f0722f99e78 <__log_fill+120>, 0x7f0705d270c0, 0x7
> d00, 0x7f0705d27150, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0705d270f8, 0x7f071a1b9328, 0x8267a4, 0x7f0705d27180, 0x7f0722f9a289 <__log_putr+809>, 0x7f0719f71364, 0x7f0705d270c0, 0x18c0, 0x7f0705d270f0, 0xe100000002, 0x7f0700825e50, 0x7f0705d27000, 0xc, 0x7f0705d27220, 0x7f06e0000020, 0x20, 0x0, 0x0, 0x7f0705d27108, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f06e01f1970, 0x7f072bcec58a <slapi_value_set_berval+26>, 0x0, 0x7f06e01f1970, 0x0, 0x7f072bcec5f6 <value_init+70>, 0x7f0705d27080, 0x7f06e01f1970, 0x0, 0x7f072bcec652 <value_new+50>, 0x7f06e01f1970, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x7f06e00be900, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06e00be900, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06e0182b48, 0x7f0705d274d8, 0x7f0705d274e8, 0x7f0725e9ceed <string_values2keys+509>, 0x7f0705d27110, 0x7f0705d274e0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06e01b9b30, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06e0182b48, 0x0...}
>          attrlistbuf = "\037\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\216\322\005\a\177\000\000\311n\347)\a\177\000\000\273\212\320+\a\177\000\000\300\215\322\005\a\177\000\000\000\000\000\000\000\000\000\000?\320+\a\177\000\000?\320+\a\177\000\000\356q\347)\a\177\000\000\060\214\322\005\a\177\000\000\000\000\000\000\000\000\000\000\060\231\363-\a\177\000\000\237\213\322\005\a\177\000\000\240\213\322\005\a\177\000\000\016\000\000\000\006\177\000\000\360\214\322\005\a\177\000\000\361\214\322\005\a\177\000\000\000\000\000\000\006\177\000\000\bRN)\000\000\000\000\060\231\363-\a\177\000\000@\324\036\340\006\177\000 \200\314\371-\a\177\000\000\370\213\322\005\a\177\000\000\064\340\363+\a\177\000\000\060\200"...
>          attrliststr = <optimized out>
>          attrs = 0x7f06e00fffa0
>          rc = -1
>          internal_op = <optimized out>
>          basesdn = 0x7f06e014b550
>          sdn = 0x7f06e01f7380
>          operation = 0x7f06e01a1020
>          referral = 0x0
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          nentries = 0
>          pnentries = 0
>          flag_search_base_found = 0
>          flag_no_such_object = 0
>          flag_referral = 0
>          flag_psearch = <optimized out>
>          err_code = 0
>          ctrlp = 0x0
>          ctl_value = 0x0
>          iscritical = 0
>          be_name = <optimized out>
>          index = -1
>          sent_result = 0
>          pr_stat = 0
>          pagesize = -1
>          estimate = 0
>          curr_search_count = <optimized out>
>          pr_be = <optimized out>
>          pr_search_result = <optimized out>
>          pr_idx = -1
>          orig_sdn = 0x7f072dfb06d0
>          free_sdn = 1
> #28 0x00007f072bcb8ede in search_internal_callback_pb (pb=pb at entry=0x7f06e0262a50, callback_data=callback_data at entry=0x7f0705d29010, prc=prc at entry=0x7f072bcb8030 <internal_plugin_result_callback>, psec=psec at entry=0x7f072bcb8080 <internal_plugin_search_entry_callback>, prec=prec at entry=0x7f072bcb8040 <internal_plugin_search_referral_callback>) at ldap/servers/slapd/plugin_internal_op.c:783
>          controls = 0x0
>          op = 0x7f06e01a1020
>          filter = 0x7f06e032ec00
>          fstr = 0x7f06e034b2f0 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
>          callback_handler_data = {p_res_callback = 0x7f072bcb8030 <internal_plugin_result_callback>, p_srch_entry_callback = 0x7f072bcb8080 <internal_plugin_search_entry_callback>, p_ref_entry_callback = 0x7f072bcb8040 <internal_plugin_search_referral_callback>, callback_data = 0x7f0705d29010}
>          scope = 2
>          ifstr = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
>          opresult = 734756912
>          rc = 0
>          tmp_attrs = 0x0
> #29 0x00007f072bcb9178 in search_internal_pb (pb=pb at entry=0x7f06e0262a50) at ldap/servers/slapd/plugin_internal_op.c:636
>          psid = {rc = -1, num_entries = 0, num_referrals = 0, entry_list_head = 0x0, referral_list_head = 0x0}
>          iterator = <optimized out>
>          tmp = 0x7f072dfb06d0
>          ref_iterator = <optimized out>
>          ref_tmp = 0x7f072df9cba0
>          i = <optimized out>
>          opresult = 0
>          pb_search_entries = 0x0
>          pb_search_referrals = 0x0
> #30 0x00007f072bcb93d3 in slapi_search_internal_pb (pb=pb at entry=0x7f06e0262a50) at ldap/servers/slapd/plugin_internal_op.c:545
> No locals.
> #31 0x00007f0721ffde80 in search_one_berval (baseDN=baseDN at entry=0x7f072dfb06d0, attrNames=attrNames at entry=0x7f072e199380, value=<optimized out>, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", target=target at entry=0x7f06e033c2c0, excludes=excludes at entry=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:668
>          err = <optimized out>
>          sres = -534605168
>          entries = 0x0
>          attrs = {0x7f0721fffc1c "1.1", 0x0}
>          result = 0
>          filter = 0x7f06e0229290 "(&(objectClass=posixAccount)(|(uid=BP-281164)))"
>          spb = 0x7f06e0262a50
> #32 0x00007f0721ffe232 in search (baseDN=0x7f072dfb06d0, attrNames=0x7f072e199380, attr=0x7f06e03450c0, values=<optimized out>, requiredObjectClass=0x7f072dfb4bd0 "posixAccount", target=0x7f06e033c2c0, excludes=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:607
>          v = 0x7f06e035a640
>          vhint = 0
>          result = 0
>          values = <optimized out>
>          attrNames = 0x7f072e199380
>          excludes = 0x7f072e1a27d0
>          target = 0x7f06e033c2c0
>          requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
>          attr = 0x7f06e03450c0
>          baseDN = 0x7f072dfb06d0
> #33 0x00007f0721ffe53c in searchAllSubtrees (subtrees=<optimized out>, exclude_subtrees=0x7f072e1a27d0, attrNames=attrNames at entry=0x7f072e199380, attr=0x7f06e03450c0, values=values at entry=0x0, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", dn=0x7f06e033c2c0, unique_in_all_subtrees=1) at ldap/servers/plugins/uiduniq/uid.c:816
>          sufdn = 0x7f072dfb06d0
>          result = 0
>          i = <optimized out>
> #34 0x00007f0721fff005 in preop_add (pb=0x7f0705d29a90) at ldap/servers/plugins/uiduniq/uid.c:1040
>          err = <optimized out>
>          markerObjectClass = 0x0
>          sdn = 0x7f06e033c2c0
>          e = 0x7f06e022dd00
>          config = 0x7f072e2b3390
>          i = <optimized out>
>          requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
>          isupdatedn = 0
>          attr = 0x7f06e03450c0
>          result = 0
>          errtext = 0x0
>          attrNames = 0x7f072e199380
>          attr_friendly = 0x7f072e2b6b50 "uid "
> #35 0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df9cfa0, operation=operation at entry=407, pb=pb at entry=0x7f0705d29a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0721ffedf0 <preop_add>
>          rc = <optimized out>
>          return_value = 0
>          count = 22
> #36 0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0705d29a90, operation=407, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #37 plugin_call_plugins (pb=pb at entry=0x7f0705d29a90, whichfunction=whichfunction at entry=407) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 1
>          rc = 0
>          do_op = <optimized out>
> #38 0x00007f072bc57e49 in op_shared_add (pb=pb at entry=0x7f0705d29a90) at ldap/servers/slapd/add.c:680
>          operation = 0x7f072e609530
>          e = 0x7f06e022dd00
>          pse = 0xf
>          be = 0x7f072e0f5f20
>          err = <optimized out>
>          internal_op = 0
>          repl_op = 0
>          legacy_op = 0
>          lastmod = 1
>          pwdtype = 0x0
>          attr = 0x0
>          referral = 0x0
>          errorbuf = "\000\224`.\a\177\000\000\360x5\340\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000?`.\a\177\000\000\000\225\322\005\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\225\322\005\a\177\000\000P\337\301*\a\177\000\000\200(\f\340\006\177\000\000?`.\a\177\000\000\037,\317+\a\177\000\000\220\225\322\005\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000@\333\031\340\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\225\322\005\a\177\000\000`\225\322\005\a\177\000\000\r\000\000\000\000\000\000\000\024j"...
>          p = <optimized out>
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          sdn = 0x7f06e033c2c0
>          pwpolicy = <optimized out>
> #39 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f0705d29a90) at ldap/servers/slapd/add.c:226
>          operation = 0x7f072e609530
>          ber = <optimized out>
>          last = 0x7f06e03578ea "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
>          len = 18446744073709551615
>          tag = 18446744073709551615
>          e = 0x7f06e022dd00
>          err = 0
>          rc = <optimized out>
>          searchsubentry = <optimized out>
> #40 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f0705d29a90, op=0x7f072e609530, conn=0x7f07075370e8) at ldap/servers/slapd/connection.c:612
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #41 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075370e8, pb_op = 0x7f072e609530, pb_plugin = 0x7f072df9cfa0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06e0161630, op_stack_elem = 0x7f072e6094b0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0705d29a90
>          conn = 0x7f07075370e8
>          op = 0x7f072e609530
>          tag = 104
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #42 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54f5e0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54f5e0
>          detached = 1
>          id = 139668139190016
>          tid = 26146
> #43 0x00007f072982edc5 in start_thread (arg=0x7f0705d2a700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0705d2a700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668139190016, -8975886148032001126, 0, 139668139190720, 139668139190016, 1, 9034560326484626330, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #44 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 33 (Thread 0x7f0705529700 (LWP 26147)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668130797312
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0705527e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06e412a580
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06e410f630
>          addr = 0x7f06e410f708
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06e41e1eb0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0705528060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06e41deb10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06e40c6ca0
>          passin_sdn = 0
>          mods = 0x7f06e412a580
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06e41c2250
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06e410f630
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\b0%\344\006\177\000\000 \000\000\344\006\177\000\000[\000\000\000\000\000\000\000p\202\000\344\006\177", '\000' <repeats 11 times>, "\244\030\344\006\177\000\000?\022\344\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000P\030\005\344\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000X\"\034\344\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000?"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06e41e1eb0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06e410f630
>          opresult = 0
>          normalized_mods = 0x7f06e41c2250
>          mods = 0x7f06e4172c60
>          mod = 0x7f06e41c2258
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -467788112, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0705528a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0705528a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0705528a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0705528a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06e413b0d0
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06e41d2d10 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06e41b1c80 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06e413b0d0
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\344\006\177\000\000\200\211R\005\a\177\000\000\220\211R\005\a\177\000\000\356\206R\005\a\177\000\000\354\206R\005\a\177\000\000\360\206R\005\a\177\000\000\261x\255\372\350\003\000\000\000\000\000\000\260\355\200\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000p\000\000\000\001\000\001\000p\247\030\344\006\177\000\000(\000\000\000\000\000\000\000p", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\200\005z.\a\177\000\000p\247\030\344\006\177\000\000y\000\000\000\000\000\000\000p\000\000\000\000\000\000\000\200\005z.\a\177\000\000y\000\000\000\000\000\000\000\200\005z.\a\177\000\000"...
>          bind_target_entry = 0x7f06e4006690
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06e41e1170
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0705528a90, op=0x7f072e671520, conn=0x7f0707537d90) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537d90, pb_op = 0x7f072e671520, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06e41826b0, op_stack_elem = 0x7f072e64c1c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0705528a90
>          conn = 0x7f0707537d90
>          op = 0x7f072e671520
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54fa30) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54fa30
>          detached = 1
>          id = 139668130797312
>          tid = 26147
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0705529700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0705529700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668130797312, -8975886148032001126, 0, 139668130798016, 139668130797312, 1, 9034561425459383194, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 32 (Thread 0x7f0704d28700 (LWP 26148)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=4294936308, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4063, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
>          mtxmgr = <optimized out>
>          mtxregion = 0x7f0719f71138
>          ip = 0x0
>          timespec = {tv_sec = 806, tv_nsec = 139668122344216}
>          ret = <optimized out>
>          dbenv = 0x7f072e1d66a0
>          mutexp = 0x7f071a007e40
>          now = {tv_sec = 2048, tv_nsec = 139668814232560}
>          nspins = 0
> #4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4063, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
> No locals.
> #5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2ea1f8, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f0704d19dc0) at ../../src/lock/lock.c:983
>          newl = <optimized out>
>          lp = <optimized out>
>          env = <optimized out>
>          sh_obj = 0x7f071a2db2b8
>          region = <optimized out>
>          ip = 0x0
>          ndx = 806
>          part_id = <optimized out>
>          did_abort = 80845912
>          ihold = 0
>          grant_dirty = <optimized out>
>          no_dd = 1
>          ret = 0
>          t_ret = <optimized out>
>          holder = <optimized out>
>          sh_off = <optimized out>
>          action = <optimized out>
> #6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2ea1f8, flags=0, obj=obj at entry=0x7f06da28e900, lock_mode=<optimized out>, lock=lock at entry=0x7f0704d19dc0) at ../../src/lock/lock.c:463
>          lt = 0x7f072dfafc70
>          ret = <optimized out>
> #7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06da28e810, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f0704d19dc0) at ../../src/db/db_meta.c:1255
>          dbp = 0x7f072e2b8f50
>          couple = {{op = 80845912, mode = 32519, timeout = 80845908, obj = 0x7f06da28e810, lock = {off = 139668628338413, ndx = 0, gen = 3070296068, mode = DB_LOCK_NG}}, {op = 80845920, mode = 32519, timeout = 774648544, obj = 0x7f0704d19d94, lock = {off = 139667420332256, ndx = 1409, gen = 0, mode = 774606672}}, {op = 80845900, mode = 32519, timeout = 1, obj = 0x100000000, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
>          reqp = 0x0
>          txn = 0x0
>          env = 0x7f072e0efbf0
>          has_timeout = <optimized out>
>          i = 0
>          ret = <optimized out>
> #8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06da28e810, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f0704d1a0a0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f0704d19ee4) at ../../src/btree/bt_search.c:723
>          t = 0x7f072e2cb6d0
>          cp = 0x7f06daf9c0e0
>          dbp = 0x7f072e2b8f50
>          lock = {off = 0, ndx = 806, gen = 25955, mode = 1677787140}
>          saved_lock = {off = 0, ndx = 806, gen = 0, mode = 620822532}
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          h = 0x0
>          parent_h = 0x0
>          base = <optimized out>
>          i = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          lock_mode = DB_LOCK_READ
>          pg = 13
>          saved_pg = 0
>          start_pgno = 0
>          recno = 0
>          adjust = <optimized out>
>          cmp = 3
>          deloffset = <optimized out>
>          ret = <optimized out>
>          set_stack = 1
>          stack = 0
>          t_ret = <optimized out>
>          getlock = 0
>          was_next = 0
>          get_mode = 0
>          wait = 4
>          level = 2 '\002'
>          saved_level = 255 '\377'
> #9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06da28e810, root_pgno=root_pgno at entry=0, key=0x7f0704d1a0a0, flags=<optimized out>, exactp=0x7f0704d19ee4) at ../../src/btree/bt_cursor.c:2804
>          t = <optimized out>
>          cp = <optimized out>
>          dbp = <optimized out>
>          h = <optimized out>
>          base = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          bt_lpgno = 1935765609
>          recno = 1935765609
>          sflags = <optimized out>
>          bulk = <optimized out>
>          cmp = 0
>          ret = 0
>          t_ret = <optimized out>
> #10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06da28e810, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f0704d19f84) at ../../src/btree/bt_cursor.c:1099
>          cp = 0x7f06daf9c0e0
>          dbp = 0x7f072e2b8f50
>          mpf = <optimized out>
>          orig_pgno = 0
>          orig_indx = 0
>          exact = 32519
>          newopd = <optimized out>
>          ret = <optimized out>
> #11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06dadc9530, key=0x7f0704d1a0a0, data=0x7f0704d1a0d0, flags=26) at ../../src/db/db_cam.c:952
>          dbp = 0x7f072e2b8f50
>          ddbc = <optimized out>
>          dbc_n = 0x7f06da28e810
>          opd = 0x0
>          cp = <optimized out>
>          cp_n = <optimized out>
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          pgno = 0
>          indx_off = <optimized out>
>          multi = 2048
>          orig_ulen = 0
>          tmp_flags = <optimized out>
>          tmp_read_locking = 0
>          tmp_rmw = 0
>          type = <optimized out>
>          key_small = 0
>          ret = <optimized out>
>          t_ret = <optimized out>
> #12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06dadc9530, key=key at entry=0x7f0704d1a0a0, data=data at entry=0x7f0704d1a0d0, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
> No locals.
> #13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06dadc9530, key=0x7f0704d1a0a0, data=0x7f0704d1a0d0, flags=2074) at ../../src/db/db_iface.c:2359
>          dbp = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f0704d1c220, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f0704d22c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
>          ret = 0
>          idl_rc = 0
>          cursor = 0x7f06dadc9530
>          idl = 0x0
>          key = {data = 0x7f0704d1c380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
>          data = {data = 0x7f0704d1a130, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          id = 0
>          count = 0
>          buffer = "\004\000\001\371\224\000\000u\004\000\001\367\224\000\000\063\004\000\001\365\224\000\000e\004\000\001\363\224\000\000m\004\000\001\361\224\000\000e\004\000\001\357\224\000\000n\004\000\001\355\224\000\000l\004\000\001\353\224\000\000=\004\000\001\351\224\000\000,\004\000\001\347\224\000\000i\004\000\001\345\224\000\000i\004\000\001\343\224\000\000:\004\000\001\341\224\000\000r\004\000\001?\000\000e\004\000\001?\000\000g\004\000\001?\000\000l\004\000\001?\000\000n\004\000\001?\000\000\n\004\000\001?\000\000i\004\000\001?\000\000:\004\000\001?\000\000\060\004\000\001?\000\000Z\004\000\001?\000\000T\004\000\001?\000\000p\004\000\001?\000\000\061\004\000\001?\000\000\060\004\000\001?\000\000"...
>          ptr = <optimized out>
>          dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
>          s_txn = {back_txn_txn = 0x0}
>          li = <optimized out>
> #15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0704d1c220, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
> No locals.
> #16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06d870ff40 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0704d204f0, err=err at entry=0x7f0704d22c8c, unindexed=unindexed at entry=0x7f0704d204e4, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
>          interval = <optimized out>
>          db = 0x7f072e2b8f50
>          db_txn = 0x0
>          key = {data = 0x7f0704d1c380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          idl = 0x0
>          prefix = <optimized out>
>          tmpbuf = 0x0
>          buf = "=referral", '\000' <repeats 2672 times>...
>          typebuf = "objectclass", '\000' <repeats 244 times>
>          ai = 0x7f072e1be6c0
>          basetmp = 0x0
>          basetype = <optimized out>
>          retry_count = 0
>          encrypted_val = 0x0
>          is_and = 0
>          ai_flags = 0
> #17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, type=0x7f06d870ff40 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0704d22c8c, unindexed=unindexed at entry=0x7f0704d204e4, txn=txn at entry=0x7f0704d204f0, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
>          idl2 = 0x74656e2e616a2e76
>          i = 0
> #18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06d9727b30, ftype=<optimized out>, err=0x7f0704d22c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
>          tmp = {bv = {bv_len = 8, bv_val = 0x7f06db3ab610 "referral"}, v_csnset = 0x0, v_flags = 0}
>          ptr = {0x7f0704d20540, 0x0}
>          fake = {bv = {bv_len = 8, bv_val = 0x7f0704d205e0 "referral"}, v_csnset = 0x7f06da3662a0, v_flags = 1536}
>          buf = "referral\000\000\000\000\000\000\000\000`\033\370-\a\177\000\000\274_N)\a\177\000\000\001\000\000\000\000\000\000\000\314m\315+\a\177\000\000 \264\315-\a\177\000\000O-\317+\a\177\000\000\000\000\000\000\000\000\000\000O-\317+\a\177\000\000\004\000\000\000\000\000\000\000\377m\315+\a\177\000\000\004\000\000\000\000\000\000\000P~b\334\006\177\000\000\001\000\000\000\000\000\000\000\226\312\305+\a\177\000\000\000\000\000\000\000\000\000\000_\313\305+\a\177\000\000P~b\334\006\177\000\000 \000\000\330\006\177\000\000\a\000\000\000\000\000\000\000 \237\340\333\006\177", '\000' <repeats 26 times>...
>          type = 0x7f06d870ff40 "objectclass"
>          indextype = 0x7f071e271c87 "eq"
>          sv = {bv = {bv_len = 8, bv_val = 0x7f0704d205e0 "referral"}, v_csnset = 0x7f06da3662a0, v_flags = 1536}
>          bval = 0x7f06d9727b58
>          ivals = 0x7f0704d20510
>          idl = 0x0
>          unindexed = 0
>          sattr = {a_type = 0x7f06d8cc8fa0 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
>          txn = {back_txn_txn = 0x0}
>          pr_idx = -1
> #19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06d9727b30, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06d97048d0, ftype=<optimized out>, err=0x7f0704d22c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x7f06d97513d0
>          tmp = 0x7f06d97513d0
>          tmp2 = 0x0
>          f = 0x7f06d9727b30
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 0
> #21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f0704d27a90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06d97048d0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0704d22c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #22 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f0704d27a90, be=0x7f072e0f5f20, base=base at entry=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06d976dff0, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0704d22c7c, err=err at entry=0x7f0704d22c8c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
>          focref = 0x7f06d9727b30
>          forr = 0x7f06d97048d0
>          ftop = <optimized out>
>          candidates = <optimized out>
>          has_tombstone_filter = <optimized out>
>          isroot = 0
>          allidslimit = 100000
>          op = 0x0
>          is_bulk_import = 0
> #23 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0704d22cb8, lookup_returned_allidsp=0x7f0704d22c7c, scope=<optimized out>, base=0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f0704d27a90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
>          filter = 0x7f06d976dff0
>          err = 0
>          li = 0x7f072df49930
>          managedsait = 0
>          r = 0
> #24 ldbm_back_search (pb=0x7f0704d27a90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
>          rc = <optimized out>
>          time_up = 0
>          vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
>          vlv_rc = 32519
>          lookthrough_limit = 0
>          abandoned = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x7f06a051d150
>          candidates = 0x0
>          base = 0x7f06dc7301c0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          basesdn = 0x7f06dbcdf9f0
>          scope = 2
>          controls = 0x0
>          operation = 0x7f072e4c10d0
>          addr = 0x7f072e4c11a8
>          estimate = 0
>          sort = 0
>          vlv = <optimized out>
>          sort_spec = 0x0
>          is_sorting_critical = <optimized out>
>          is_sorting_critical_orig = 0
>          sort_control = 0x0
>          virtual_list_view = 0
>          vlv_spec = 0x0
>          is_vlv_critical = 0
>          vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
>          sr = <optimized out>
>          tmp_err = -1
>          tmp_desc = 0x0
>          lookup_returned_allids = 0
>          backend_count = 0
>          print_once = 1
>          txn = {back_txn_txn = 0x0}
>          rc = <optimized out>
> #25 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f0704d27a90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
>          be_suffix = 0x7f072de73fa0
>          err = 0
>          next_be = 0x0
>          base = 0x7f06dbab5150 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normbase = <optimized out>
>          fstr = 0x7f06da47c4c0 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
>          scope = 2
>          be = 0x7f072e0f5f20
>          be_single = 0x0
>          be_list = {0x7f072e0f5f20, 0x0, 0x7f0704d23008, 0x7f0704d22fcc, 0x7f0704d23010, 0xdb298a90, 0x100000000, 0xffffffffffffffff, 0x1, 0xffffffff00000000, 0x0, 0x7f072e0f5f20, 0x7f072df49930, 0x7f06a4074d80, 0x7f06d97546f0, 0x0, 0x1, 0x5873c403, 0x0, 0x7f06dad9e790, 0x0, 0x0, 0x7f06db298a90, 0x65d94daff3b15e00, 0x7f0704d23254, 0x7f06da412180, 0x0, 0x7f072bcb114c <plugin_matches_operation+204>, 0x7f0704d23254, 0x65d94daff3b15e00, 0x0, 0x0, 0x7f06da412180, 0x0, 0x0, 0x65d94daff3b15e00, 0x0, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x0, 0x7f072dfb0a60, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x1db298a90, 0x10f00010002, 0xffffffcd00000031, 0x7f06db298a90, 0x0, 0x7f06dbad4d00, 0x1, 0x0, 0x7f0704d232e8, 0x7f0704d23298, 0x0, 0x7f0704d23298, 0x7f0704d232a0, 0x0, 0x7f0704d232e8, 0x65d94daff3b15e00, 0x7f06da412180, 0x7f0704d232a0, 0x7f06da412180, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f0704d27390, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0704d232b0, 0x1, 0x7f0704d232a0, 0x100000001, 0x7f0700000000, 0x7f0704d232e0, 0x0, 0x0, 0x7f0704d232e0, 0x7f0704d232d8, 0x7f0704d23254, 0x0, 0x0, 0x7f0704d2325c, 0x7f0704d2335c, 0x7f0700000001, 0x4d23650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06db3d3f10, 0x7f072bd09f50, 0x7f06d9047e20, 0x0, 0x0, 0x7f06db298a90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f0704d23380, 0x7f0704d23370, 0x7f0704d23368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06d9719500, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472>, 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f0704d23570, 0x7f072e0efbf0, 0x7f0704d23650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f0704d23438, 0x7f0704d23440, 0xffff86ee04d23578, 0x7f0722fb4424 <__os_id+36>, 0x0
> , 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f0704d236c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06d9719500, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f0704d23650, 0x7f072e0efbf0, 0x7f0704d23650, 0x7f0704d23570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06d9719500, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f0704d23650, 0x7f072e1b8d80, 0x1, 0x7f06db1b5368, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f0704d2356c, 0x100000001, 0x7f0704d2356c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
>          referral_list = {0x0, 0x0, 0x6e73757972746e65, 0x706d6174736500, 0x73694c6e6f697461, 0x74, 0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f0719f71364, 0x7f0722f99e78 <__log_fill+120>, 0x7f0704d25090, 0x7d00, 0xdf00000065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f072bcd6dcc <PL_HashTableRawLookup_const+76>, 0x7f072dcdb420, 0x7f0704d24ff0, 0x0, 0x7f0704d24ff0, 0x7f06d95d4940, 0x7f0725e9eddb <keystring_validate+27>, 0x515d, 0x7f06dbe8e86e, 0x7f06dbe8e869, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06dbe8e86f, 0x65d94daff3b15e00, 0x7f06dbe8e86e, 0x7f0704d24ff0, 0x0, 0x0, 0x7f06d8e9d760, 0x7f0725e9a545 <int_validate+69>, 0x7f06dbe8e86e, 0x0, 0x7f0704d25080, 0x0, 0x0, 0x7f072bcbb8fb <slapi_mods_syntax_check+379>, 0x7f0719f71364, 0x1, 0x7f0704d27a90, 0x2000, 0x7f0704d25080, 0x7f0704d25080, 0x7f06dba59f20, 0x7f0704d25078, 0x7f0704d25290, 0x0, 0x7f06daf00490, 0x7f072dd060d0, 0x7f0704d251e0, 0x7f0725e9eddb <keystring_validate+27>, 0x0, 0x7f06d95d496d, 0x7f06d95d4968, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06d95d496e, 0x65d94daff3b15e00, 0x7f06d95d496d, 0x7f0704d250f0, 0x1, 0x0, 0x7f06d95d4940, 0x7f0725e9f4bc <distinguishedname_validate+92>, 0x7f06d95d496d, 0x65d94daff3b15e00, 0x91077ce, 0x7f0704d27a90, 0x1, 0x7f072bcbb408 <slapi_dn_syntax_check+264>, 0x1220ef9c, 0x7f072dcfe270, 0x2e, 0x7f06d95d4940, 0xdc7740, 0x7f0704d25430, 0x23412cb248b34aa, 0x1408519e191c12b, 0x31fe71007d47b40, 0x3b7c9b09b451a3f, 0x720007507dcb687, 0x6437cb2e9126634, 0x0, 0x0, 0x0, 0x0, 0x38b6fe7200000000, 0x339d09768553136b, 0x1b5b2f6a59ce33c1, 0x259f6ed835ce1dfb, 0x0, 0x0, 0x0, 0x0, 0x3650378000000000, 0x3b49744d90cd756a, 0x2e051ced6393d496, 0x2ab0901b6d285c55, 0xefb02d83e0f350a, 0x65d94daff3b15e00, 0x1f095d460962a938, 0x1668f4e0f22d730, 0x687ecba674fafc, 0x7f071b1361c9 <felem_square+601>, 0x331dde5a, 0x6357ef10, 0x0, 0x62c465f66e3fce, 0x165cc9c7995b4c8, 0x256506e137707c0, 0x7190c298cc48679, 0x7d425500ef0e796, 0x122b5d71bcbc555a, 0x112229786001987a, 0x1e8aadb3817bb540, 0x15f47a91ae8dfbae, 0x1f095d460962a938, 0xe3fba0a4ea61b88, 0x1210e8c44fb3c5cc, 0x440
> 081ddcd6fcec, 0x5e1f867f025521a, 0x687ecba674fafc, 0xd18cfc2d2613e4, 0x65d94daff3b15e00, 0x7f070485a55a, 0x7f0704d25400, 0x7f0704d25430, 0x7f0704d253d0, 0x7f0704d26080, 0x7f0704d25400, 0x7f0704d25430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x24a2f66e00000000, 0x3c8a154c5ac0ec0e, 0x28257a1c5897de7d, 0x1d539da268fbc9ed, 0x5e3fe1734bcc95c, 0x65d94daff3b15e00, 0x304b5144f85f7ee, 0xa45fde4, 0x2295dc, 0x7f071b13664a <felem_mul+1098>, 0x3787316, 0xbb0d144, 0x1761a288, 0x1a2ee607, 0x6f0e62c, 0xa45fde4, 0x148bfbc8, 0x1516ffea, 0x2295dc, 0x7f0704d25920, 0xb29a89c305480d, 0x105a1b7cda0966c, 0x156e878d554ac20, 0xd39aaeb87425ce, 0x39fc8c12cd5b157, 0x2c540320caceff7, 0x5516096e14d1727, 0x2ff904fe0a6b09f, 0x513921c9c413680, 0x39c17ae9e029433, 0x6379185312ec89d, 0x1ebfe1d87a8bf77, 0x4e3c852b7391c49, 0xd9444abd550def, 0x288460ba58c6515, 0x2e16321941175, 0x2c13902af652ab, 0x65d94daff3b15e00, 0x7f06db43ceb0, 0x7f0704d255c0, 0x7f0704d25590, 0x7f0704d260e0, 0x7f0704d260b0, 0x7f0704d255c0, 0x7f0704d25590, 0x7f071b137c2d <scalar_mult+1901>, 0x7f0704d26170, 0x7f0704d261a0, 0x7f0704d25920, 0x7f0704d255f0, 0x7f0704d25620, 0x7f0704d25830, 0x7f0704d25890, 0x7f0704d25800, 0x402e0e9fa8, 0x7f0704d256e0, 0x7f0704d258f0, 0x7f0704d25680, 0x7f0704d257a0, 0x7f0704d25860, 0x7f0704d25740, 0x7f0704d25770...}
>          attrlistbuf = "\"krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdCha"...
>          attrliststr = <optimized out>
>          attrs = 0x7f06db315600
>          rc = -1
>          internal_op = <optimized out>
>          basesdn = 0x7f06dc68b2b0
>          sdn = 0x7f06dbcdf9f0
>          operation = 0x7f072e4c10d0
>          referral = 0x0
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          nentries = 0
>          pnentries = 0
>          flag_search_base_found = 0
>          flag_no_such_object = 0
>          flag_referral = 0
>          flag_psearch = <optimized out>
>          err_code = 0
>          ctrlp = 0x0
>          ctl_value = 0x0
>          iscritical = 0
>          be_name = <optimized out>
>          index = -1
>          sent_result = 0
>          pr_stat = 0
>          pagesize = -1
>          estimate = 0
>          curr_search_count = <optimized out>
>          pr_be = <optimized out>
>          pr_search_result = <optimized out>
>          pr_idx = -1
>          orig_sdn = 0x0
>          free_sdn = 1
> #26 0x00007f072c19e11e in do_search (pb=pb at entry=0x7f0704d27a90) at ldap/servers/slapd/search.c:349
>          operation = 0x7f072e4c10d0
>          ber = <optimized out>
>          i = <optimized out>
>          err = <optimized out>
>          attrsonly = 0
>          scope = 2
>          deref = 0
>          sizelimit = 0
>          timelimit = 300
>          rawbase = 0x7f06dbab5150 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          rawbase_set_in_pb = 1
>          fstr = 0x7f06da47c4c0 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
>          filter = 0x7f06d976dff0
>          attrs = 0x7f06db315600
>          gerattrs = 0x0
>          psearch = 0
>          psbvp = 0x0
>          changetypes = 32519
>          send_entchg_controls = 80901904
>          changesonly = 0
>          rc = -1
>          strict = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          filter_normalized = 0
> #27 0x00007f072c18ba73 in connection_dispatch_operation (pb=0x7f0704d27a90, op=0x7f072e4c10d0, conn=0x7f07075388d0) at ldap/servers/slapd/connection.c:651
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #28 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075388d0, pb_op = 0x7f072e4c10d0, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 1, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 0, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x0, op_stack_elem = 0x7f072e6681d0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0704d27a90
>          conn = 0x7f07075388d0
>          op = 0x7f072e4c10d0
>          tag = 99
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #29 0x00007f0729e8e96b in _pt_root (arg=0x7f072e54fe80) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e54fe80
>          detached = 1
>          id = 139668122404608
>          tid = 26148
> #30 0x00007f072982edc5 in start_thread (arg=0x7f0704d28700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0704d28700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668122404608, -8975886148032001126, 0, 139668122405312, 139668122404608, 1, 9034562517991689114, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #31 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 31 (Thread 0x7f0704527700 (LWP 26149)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668114011904
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0704525e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06d0005240
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06d01ea670
>          addr = 0x7f06d01ea748
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06d01fc3a0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0704526060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06d013a590 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06d01e1ef0
>          passin_sdn = 0
>          mods = 0x7f06d0005240
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06d0104110
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06d01ea670
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\210\316 \320\006\177\000\000 \000\000\320\006\177\000\000[\000\000\000\000\000\000\000\000[ \320\006\177\000\000\000\000\000\000\000\000\000\000\200Y\036\320\006\177\000\000xO\037\320\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\000\346\035\320\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\030A\020\320\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06d01fc3a0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06d01ea670
>          opresult = 0
>          normalized_mods = 0x7f06d0104110
>          mods = 0x7f06d018ac10
>          mod = 0x7f06d0104118
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -803224672, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0704526a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0704526a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0704526a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0704526a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06d00f9080
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06d02017b0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06d004cf20 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06d00f9080
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\320\006\177\000\000\200iR\004\a\177\000\000\220iR\004\a\177\000\000\356fR\004\a\177\000\000\354fR\004\a\177\000\000\360fR\004\a\177\000\000\261\230\255\373\350\003\000\000\000\000\000\000\017?\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000q\000\000\000\001\000\001\000\300\323 \320\006\177\000\000(\000\000\000\000\000\000\000q", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000 8z.\a\177\000\000\300\323 \320\006\177\000\000y\000\000\000\000\000\000\000q\000\000\000\000\000\000\000 8z.\a\177\000\000y\000\000\000\000\000\000\000 8z.\a\177\000\000\302"...
>          bind_target_entry = 0x7f06d01fb920
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06d00ed000
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0704526a90, op=0x7f072e1c1680, conn=0x7f0707537ef8) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537ef8, pb_op = 0x7f072e1c1680, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06d00a6930, op_stack_elem = 0x7f072e501390, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0704526a90
>          conn = 0x7f0707537ef8
>          op = 0x7f072e1c1680
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e5502d0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e5502d0
>          detached = 1
>          id = 139668114011904
>          tid = 26149
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0704527700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0704527700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668114011904, -8975886148032001126, 0, 139668114012608, 139668114011904, 1, 9034563616966445978, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 30 (Thread 0x7f0703d26700 (LWP 26150)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668105619200
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0703d24e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06d4099cd0
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06d42e0210
>          addr = 0x7f06d42e02e8
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06d4230aa0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0703d25060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06d4295310 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06d40fb710
>          passin_sdn = 0
>          mods = 0x7f06d4099cd0
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06d4183300
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06d42e0210
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000x#2\324\006\177\000\000 \000\000\324\006\177\000\000[\000\000\000\000\000\000\000\060\271\b\324\006\177\000\000\000\000\000\000\000\000\000\000 at V-\324\006\177\000\000H\035-\324\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000pa\n\324\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\b3\030\324\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06d4230aa0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06d42e0210
>          opresult = 0
>          normalized_mods = 0x7f06d4183300
>          mods = 0x7f06d42fd770
>          mod = 0x7f06d4183308
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -735901024, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0703d25a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0703d25a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0703d25a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0703d25a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06d42e0b30
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06d42e1cb0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06d410d2e0 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06d42e0b30
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\324\006\177\000\000\200Y\322\003\a\177\000\000\220Y\322\003\a\177\000\000\356V\322\003\a\177\000\000\354V\322\003\a\177\000\000\360V\322\003\a\177\000\000\261\250-\374\350\003\000\000\000\000\000\000\064\227\204\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000t\000\000\000\001\000\001\000\340\216!\324\006\177\000\000(\000\000\000\000\000\000\000t", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000`d\036.\a\177\000\000\340\216!\324\006\177\000\000y\000\000\000\000\000\000\000t\000\000\000\000\000\000\000`d\036.\a\177\000\000y\000\000\000\000\000\000\000`d\036.\a\177\000\000"...
>          bind_target_entry = 0x7f06d4189980
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06d42b6f60
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0703d25a90, op=0x7f072e6493c0, conn=0x7f0707538330) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538330, pb_op = 0x7f072e6493c0, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06d41de340, op_stack_elem = 0x7f072e60fda0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0703d25a90
>          conn = 0x7f0707538330
>          op = 0x7f072e6493c0
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527410) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e527410
>          detached = 1
>          id = 139668105619200
>          tid = 26150
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0703d26700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0703d26700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668105619200, -8975886148032001126, 0, 139668105619904, 139668105619200, 1, 9034564718088686490, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 29 (Thread 0x7f0703525700 (LWP 26151)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668097226496
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0703523e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06c8139850
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06c81f7ee0
>          addr = 0x7f06c81f7fb8
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06c81fdfd0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0703524060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06c80c7230 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06c8100a80
>          passin_sdn = 0
>          mods = 0x7f06c8139850
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06c804c9d0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06c81f7ee0
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000hi(\310\006\177\000\000 \000\000\310\006\177\000\000[\000\000\000\000\000\000\000\360\370\026\310\006\177\000\000\000\000\000\000\000\000\000\000\340\243\031\310\006\177\000\000xB\017\310\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\320+\003\310\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\330\311\004\310\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06c81fdfd0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06c81f7ee0
>          opresult = 0
>          normalized_mods = 0x7f06c804c9d0
>          mods = 0x7f06c8153620
>          mod = 0x7f06c804c9d8
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -937435184, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0703524a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0703524a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0703524a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0703524a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06c8040a10
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06c802f8e0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06c80ffc20 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06c8040a10
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\310\006\177\000\000\200IR\003\a\177\000\000\220IR\003\a\177\000\000\356FR\003\a\177\000\000\354FR\003\a\177\000\000\360FR\003\a\177\000\000\261\270\255\374\350\003\000\000\000\000\000\000a\251\216\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000\200\000\000\000\001\000\001\000? \310\006\177\000\000(\000\000\000\000\000\000\000\200", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\360\347d.\a\177\000\000? \310\006\177\000\000y\000\000\000\000\000\000\000\200\000\000\000\000\000\000\000\360\347d.\a\177\000\000y\000\000\000\000\000\000\000\360\347d.\a\177\000\000\302\306"...
>          bind_target_entry = 0x7f06c827a5b0
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06c813b890
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0703524a90, op=0x7f072e7fa9d0, conn=0x7f0707539410) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707539410, pb_op = 0x7f072e7fa9d0, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c8135e70, op_stack_elem = 0x7f072e4f7250, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0703524a90
>          conn = 0x7f0707539410
>          op = 0x7f072e7fa9d0
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527860) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e527860
>          detached = 1
>          id = 139668097226496
>          tid = 26151
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0703525700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0703525700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668097226496, -8975886148032001126, 0, 139668097227200, 139668097226496, 1, 9034565817063443354, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 28 (Thread 0x7f0702d24700 (LWP 26152)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668088833792
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0702d22e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06cc09cb70
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06cc22cfd0
>          addr = 0x7f06cc22d0a8
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06cc0144d0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0702d23060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06cc0b52f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06cc161400
>          passin_sdn = 0
>          mods = 0x7f06cc09cb70
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06cc153ee0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06cc22cfd0
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000h\310\v\314\006\177\000\000 \000\000\314\006\177\000\000[\000\000\000\000\000\000\000\240\317\002\314\006\177\000\000\000\000\000\000\000\000\000\000 n\024\314\006\177\000\000\370\355\037\314\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\200\377\n\314\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\350>\025\314\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06cc0144d0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06cc22cfd0
>          opresult = 0
>          normalized_mods = 0x7f06cc153ee0
>          mods = 0x7f06cc1728a0
>          mod = 0x7f06cc153ee8
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -872332080, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0702d23a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0702d23a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0702d23a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0702d23a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06cc153350
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06cc134670 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06cc117240 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06cc153350
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\314\006\177\000\000\200\071\322\002\a\177\000\000\220\071\322\002\a\177\000\000\356\066\322\002\a\177\000\000\354\066\322\002\a\177\000\000\360\066\322\002\a\177\000\000\261\310-\375\350\003\000\000\000\000\000\000?\203\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000s\000\000\000\001\000\001\000\340\332#\314\006\177\000\000(\000\000\000\000\000\000\000s", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\200\023f.\a\177\000\000\340\332#\314\006\177\000\000y\000\000\000\000\000\000\000s\000\000\000\000\000\000\000\200\023f.\a\177\000\000y\000\000\000\000\000\000\000\200\023f.\a\177\000\000\302"...
>          bind_target_entry = 0x7f06cc139c50
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06cc1d6d50
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0702d23a90, op=0x7f072e60fb40, conn=0x7f07075381c8) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075381c8, pb_op = 0x7f072e60fb40, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06cc100dd0, op_stack_elem = 0x7f072e65bb70, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0702d23a90
>          conn = 0x7f07075381c8
>          op = 0x7f072e60fb40
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e527cb0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e527cb0
>          detached = 1
>          id = 139668088833792
>          tid = 26152
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0702d24700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0702d24700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668088833792, -8975886148032001126, 0, 139668088834496, 139668088833792, 1, 9034566918185683866, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 27 (Thread 0x7f0702523700 (LWP 26153)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668080441088
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0702521e30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06c0378040
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06c004ac40
>          addr = 0x7f06c004ad18
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06c001fec0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0702522060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06c027c790 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06c021c160
>          passin_sdn = 0
>          mods = 0x7f06c0378040
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06c02a8db0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06c004ac40
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000H\266\004\300\006\177\000\000 \000\000\300\006\177\000\000[\000\000\000\000\000\000\000\360\001+\300\006\177\000\000\000\000\000\000\000\000\000\000\060%7\300\006\177\000\000X\313\002\300\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\360\313:\300\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\270\215*\300\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06c001fec0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06c004ac40
>          opresult = 0
>          normalized_mods = 0x7f06c02a8db0
>          mods = 0x7f06c02aa200
>          mod = 0x7f06c02a8db8
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1073611072, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0702522a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0702522a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0702522a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0702522a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06c032ac70
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06c02837c0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06c022c6a0 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06c032ac70
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\300\006\177\000\000\200)R\002\a\177\000\000\220)R\002\a\177\000\000\356&R\002\a\177\000\000\354&R\002\a\177\000\000\360&R\002\a\177\000\000\261?\375\350\003\000\000\000\000\000\000q\302\202\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000r\000\000\000\001\000\001\000\220Z\006\300\006\177\000\000(\000\000\000\000\000\000\000r", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\340\334m.\a\177\000\000\220Z\006\300\006\177\000\000y\000\000\000\000\000\000\000r\000\000\000\000\000\000\000\340\334m.\a\177\000\000y\000\000\000\000\000\000\000\340\334m.\a\177\000\000\302\306"...
>          bind_target_entry = 0x7f06c002c300
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06c0052660
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0702522a90, op=0x7f072e5fe570, conn=0x7f0707538060) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538060, pb_op = 0x7f072e5fe570, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c005c700, op_stack_elem = 0x7f072e5fe4f0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0702522a90
>          conn = 0x7f0707538060
>          op = 0x7f072e5fe570
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528100) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e528100
>          detached = 1
>          id = 139668080441088
>          tid = 26153
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0702523700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0702523700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668080441088, -8975886148032001126, 0, 139668080441792, 139668080441088, 1, 9034568017160440730, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 26 (Thread 0x7f0701d22700 (LWP 26154)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=0, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3703, timespec=timespec at entry=0x0, exclusive=exclusive at entry=0) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88b37 in __db_tas_mutex_readlock_int (nowait=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:438
>          dbenv = 0x7f072e1d66a0
>          mtxregion = 0x7f0719f71138
>          ret = <optimized out>
>          mutexp = 0x7f0719ffa880
>          mtxmgr = <optimized out>
>          ip = 0x1
>          lock = <optimized out>
>          nspins = <optimized out>
> #4  __db_tas_mutex_readlock (env=env at entry=0x7f072e0efbf0, mutex=3703) at ../../src/mutex/mut_tas.c:472
> No locals.
> #5  0x00007f0722fa2d35 in __memp_fget (dbmfp=dbmfp at entry=0x7f072e2c32e0, pgnoaddr=pgnoaddr at entry=0x7f0688034610, ip=0x0, txn=0x0, flags=flags at entry=0, addrp=addrp at entry=0x7f0688034600) at ../../src/mp/mp_fget.c:317
>          state = <optimized out>
>          alloc_bhp = 0x0
>          bhp = 0x7f0719dcbfe0
>          oldest_bhp = <optimized out>
>          env = 0x7f072e0efbf0
>          read_lsnp = <optimized out>
>          vlsn = <optimized out>
>          dbmp = 0x7f072e1a55e0
>          hp = 0x7f07193937e8
>          c_mp = 0x7f0719383138
>          mfp = <optimized out>
>          list = 0x16
>          lp = <optimized out>
>          renv = <optimized out>
>          infop = 0x7f072e0f11d0
>          t_infop = 0x7f071a2e6e68
>          reginfo = <optimized out>
>          td = 0x0
>          list_off = <optimized out>
>          mf_offset = 595832
>          bucket = 1173
>          pinmax = <optimized out>
>          st_hsearch = <optimized out>
>          b_incr = 1
>          b_lock = 0
>          h_locked = 0
>          dirty = 0
>          extending = 0
>          makecopy = 0
>          mvcc = 0
>          need_free = <optimized out>
>          ret = 0
> #6  0x00007f0722f4c333 in __dbc_iget (dbc=0x7f0688038430, key=0x7f0701d13800, data=<optimized out>, flags=17) at ../../src/db/db_cam.c:1050
>          dbp = <optimized out>
>          ddbc = <optimized out>
>          dbc_n = 0x0
>          opd = 0x7f068800b080
>          cp = <optimized out>
>          cp_n = 0x7f06880345f0
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          pgno = 32519
>          indx_off = <optimized out>
>          multi = 2048
>          orig_ulen = 0
>          tmp_flags = <optimized out>
>          tmp_read_locking = <optimized out>
>          tmp_rmw = 0
>          type = <optimized out>
>          key_small = 0
>          ret = 0
>          t_ret = <optimized out>
> #7  0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f0688038430, key=key at entry=0x7f0701d13800, data=data at entry=0x7f0701d13830, flags=flags at entry=2065) at ../../src/db/db_cam.c:770
> No locals.
> #8  0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f0688038430, key=0x7f0701d13800, data=0x7f0701d13830, flags=2065) at ../../src/db/db_iface.c:2359
>          dbp = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #9  0x00007f071e21ba42 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=<optimized out>, txn=<optimized out>, a=0x7f072e1be6c0, flag_err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:280
>          lastid = 38557
>          ret = 0
>          idl_rc = <optimized out>
>          cursor = 0x7f0688038430
>          idl = 0x7f06c4256550
>          key = {data = 0x7f0701d15ae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          data = {data = 0x7f0701d13890, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          id = <optimized out>
>          count = 8378
>          buffer = "\004\000\001\071\227\000\000Q\004\000\001\067\227\000\000p\004\000\001\065\227\000\000N\004\000\001\063\227\000\000R\004\000\001\061\227\000\000p\004\000\001/\227\000\000V\004\000\001-\227\000\000M\004\000\001+\227\000\000C\004\000\001)\227\000\000\n\004\000\001'\227\000\000s\004\000\001%\227\000\000n\004\000\001#\227\000\000C\004\000\001!\227\000\000g\004\000\001\037\227\000\000,\004\000\001\035\227\000\000i\004\000\001\033\227\000\000o\004\000\001\031\227\000\000d\004\000\001\027\227\000\000a\004\000\001\025\227\000\000R\004\000\001\023\227\000\000a\004\000\001\021\227\000\000P\004\000\001\017\227\000\000n\004\000\001\r\227\000\000s\004\000\001\v\227\000\000f\004\000\001\t\227\000\000t"...
>          ptr = <optimized out>
>          dataret = {data = 0x0, size = 4, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
>          s_txn = {back_txn_txn = 0x0}
>          li = <optimized out>
> #10 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f0701d15980, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
> No locals.
> #11 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06c42238f0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f0701d19c50, err=err at entry=0x7f0701d1c74c, unindexed=unindexed at entry=0x7f0701d19c44, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
>          interval = <optimized out>
>          db = 0x7f072e2b8f50
>          db_txn = 0x0
>          key = {data = 0x7f0701d15ae0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          idl = 0x0
>          prefix = <optimized out>
>          tmpbuf = 0x0
>          buf = "=posixaccount\000\000\000\004\000\000\000\243\t\000\000\004\000\000\000\253\t\000\000\004\000\000\000\263\t\000\000\004\000\000\000\273\t\000\000\004\000\000\000\303\t\000\000\004\000\000\000\313\t\000\000\004\000\000\000\323\t\000\000\004\000\000\000\333\t\000\000\004\000\000\000\343\t\000\000\004\000\000\000\353\t\000\000\004\000\000\000\363\t\000\000\004\000\000\000\373\t\000\000\004\000\000\000\003\n\000\000\004\000\000\000\v\n\000\000\004\000\000\000\023\n\000\000\004\000\000\000\033\n\000\000\004\000\000\000#\n\000\000\004\000\000\000+\n\000\000=referral\000\000\000;\n\000\000\004\000\000\000C\n\000\000\004\000\000\000K\n\000\000\004\000\000\000S\n\000\000"...
>          typebuf = "objectClass\000\000\000\000\000P\217+.\a\177", '\000' <repeats 18 times>, "\300\346\033.\a\177", '\000' <repeats 18 times>, "\200[\321\001\a\177\000\000\n\000\000\000\n", '\000' <repeats 20 times>, "\b\000\000\000\000\000\000\004\000\000\000\373\b\000\000\004\000\000\000\003\t\000\000\004\000\000\000\v\t\000\000\004\000\000\000\023\t\000\000\004\000\000\000\033\t\000\000\004\000\000\000#\t\000\000\004\000\000\000+\t\000\000objectclass\000;\t\000\000\004\000\000\000C\t\000\000\004\000\000\000K\t\000\000\004\000\000\000S\t\000\000"...
>          ai = 0x7f072e1be6c0
>          basetmp = 0x0
>          basetype = <optimized out>
>          retry_count = 0
>          encrypted_val = 0x0
>          is_and = 1
>          ai_flags = 1
> #12 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, type=0x7f06c42238f0 "objectClass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f0701d1c74c, unindexed=unindexed at entry=0x7f0701d19c44, txn=txn at entry=0x7f0701d19c50, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
>          idl2 = 0x0
>          i = 0
> #13 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06c42375b0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
>          tmp = {bv = {bv_len = 12, bv_val = 0x7f06c41288e0 "posixAccount"}, v_csnset = 0x0, v_flags = 0}
>          ptr = {0x7f0701d19ca0, 0x0}
>          fake = {bv = {bv_len = 12, bv_val = 0x7f0701d19d40 "posixaccount"}, v_csnset = 0x7f06c4236c40, v_flags = 1536}
>          buf = "posixaccount\000\177\000\000\b\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\225\317-\a\177\000\000\323\325\351%\a\177", '\000' <repeats 11 times>, "^\261\363\257M\331e4\340\363+\a\177\000\000\252\000\000\000\000\000\000\000\300\235\321\001\a\177\000\000P\241\321\001\a\177\000\000\070\241\321\001\a\177\000\000\315\301\313+\a\177\000\000\370\235\321\001\a\177\000\000\220\200\351%\a\177", '\000' <repeats 26 times>, "\300\225\317-\a\177", '\000' <repeats 634 times>...
>          type = 0x7f06c42238f0 "objectClass"
>          indextype = 0x7f071e271c87 "eq"
>          sv = {bv = {bv_len = 12, bv_val = 0x7f0701d19d40 "posixaccount"}, v_csnset = 0x7f06c4236c40, v_flags = 1536}
>          bval = 0x7f06c42375d8
>          ivals = 0x7f0701d19c70
>          idl = 0x0
>          unindexed = 0
>          sattr = {a_type = 0x7f06c41c2bd0 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
>          txn = {back_txn_txn = 0x0}
>          pr_idx = -1
> #14 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06c42375b0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #15 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06c42376c0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x0
>          tmp = 0x65d94daff3b15e00
>          tmp2 = 0x0
>          f = 0x7f06c42375b0
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 1
> #16 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06c42376c0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #17 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06c4238fd0, ftype=<optimized out>, err=0x7f0701d1c74c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x0
>          tmp = 0x0
>          tmp2 = 0x0
>          f = 0x7f06c42376c0
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 0
> #18 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06c42280d0, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06c4238fd0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f0701d1c74c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #19 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06c42280d0, be=0x7f072e0f5f20, base=base at entry=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06c42376c0, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f0701d1c73c, err=err at entry=0x7f0701d1c74c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
>          focref = 0x7f06c4225510
>          forr = 0x7f06c4238fd0
>          ftop = <optimized out>
>          candidates = <optimized out>
>          has_tombstone_filter = <optimized out>
>          isroot = 0
>          allidslimit = 100000
>          op = 0x0
>          is_bulk_import = 0
> #20 0x00007f071e252b9f in build_candidate_list (candidates=0x7f0701d1c778, lookup_returned_allidsp=0x7f0701d1c73c, scope=<optimized out>, base=0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06c42280d0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
>          filter = 0x7f06c42376c0
>          err = 0
>          li = 0x7f072df49930
>          managedsait = 0
>          r = 0
> #21 ldbm_back_search (pb=0x7f06c42280d0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
>          rc = <optimized out>
>          time_up = 0
>          vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
>          vlv_rc = 32519
>          lookthrough_limit = 0
>          abandoned = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x7f06a051d150
>          candidates = 0x0
>          base = 0x7f06c42335d0 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          basesdn = 0x7f06c41e6200
>          scope = 2
>          controls = 0x0
>          operation = 0x7f06c41dc7f0
>          addr = 0x7f06c41dc8c8
>          estimate = 0
>          sort = 0
>          vlv = <optimized out>
>          sort_spec = 0x0
>          is_sorting_critical = <optimized out>
>          is_sorting_critical_orig = 0
>          sort_control = 0x0
>          virtual_list_view = 0
>          vlv_spec = 0x0
>          is_vlv_critical = 0
>          vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
>          sr = <optimized out>
>          tmp_err = -1
>          tmp_desc = 0x0
>          lookup_returned_allids = 0
>          backend_count = 0
>          print_once = 1
>          txn = {back_txn_txn = 0x0}
>          rc = <optimized out>
> #22 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06c42280d0, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
>          be_suffix = 0x7f072de73fa0
>          err = 0
>          next_be = 0x0
>          base = 0x7f072e2b7d00 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normbase = <optimized out>
>          fstr = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
>          scope = 2
>          be = 0x7f072e0f5f20
>          be_single = 0x0
>          be_list = {0x7f072e0f5f20, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x30, 0x1c422ebc0, 0x10f00010002, 0xffffffcd00000031, 0x7f06c422ebc0, 0x0, 0x7f06c41ee890, 0x1, 0x0, 0x7f0701d1cc78, 0x7f0701d1cc28, 0x0, 0x7f0701d1cc28, 0x7f0701d1cc30, 0x0, 0x7f0701d1cc78, 0x65d94daff3b15e00, 0x7f06c42245c0, 0x7f0701d1cc30, 0x7f06c42245c0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f0701d1ccd8, 0x7f0701d1cc88, 0x0, 0x7f0701d1cc88, 0x7f0701d1cc40, 0x1, 0x7f0701d1cc30, 0x100000001, 0x7f0600000000, 0x7f0701d1cc70, 0x0, 0x0, 0x7f0701d1cc70, 0x7f0701d1cc68, 0x7f0701d1cbe4, 0x0, 0x0, 0x7f0701d1cbec, 0x7f0701d1cc90, 0x100000001, 0x0, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06c4102320, 0x7f072bd09f50, 0x0, 0x0, 0x0, 0x7f06c422ebc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x0, 0x7f06c421bb60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x1, 0x0, 0x7f0701d1cea8, 0x7f0701d1ce58, 0x0, 0x7f0701d1ce58, 0x7f0701d1ce60, 0x0, 0x7f0701d1cea8, 0x65d94daff3b15e00, 0x7f06c42280d0, 0x7f0701d1ce60, 0x7f06c42280d0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f072bd03a2e, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f0701d1ce70, 0x1, 0x7f0701d1ce60, 0x100000001, 0x0, 0x7f0701d1cea0, 0x0, 0x0, 0x7f0701d1cea0, 0x7f0701d1ce98, 0x7f0701d1ce14, 0x0, 0x0, 0x7f0701d1ce1c, 0x7f0701d1d008, 0x7f0600000001, 0xc41ad150, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06c40b9c00, 0x7f072bd09f50, 0x0, 0x0, 0x0, 0x7f06c41dc7f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x7f06c41d73c8, 0x7f0701d1cf18, 0x7f072dcd1e30, 0x30, 0x7f0701d1d000, 0x7f0701d1cff4, 0x1c423bfb0, 0x7f0701d1cf28, 0x7f06c4238f90, 0x7f06c42245c0, 0x7f06c423bfb0, 0x0, 0x5, 0x7f06c41d8ea8, 0x7f06c40c1fe8, 0x7f06c400f750, 0x7f06c40c1fe8, 0x7f06c40c1fe8, 0x7f06c40c1fe8, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0
> x10, 0x7f072bced4fe <valuearray_free_ext+78>, 0x7f06c4057580, 0x7f06c40c1fd8, 0x7f0701d1cfc0, 0x7f0701d1cff0, 0x7f0701d1d010, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f0701d1d028, 0x90, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0701d1d048, 0x90, 0x7f0701d1d070, 0x7f06c4057580, 0x7f0707536cb0, 0x0, 0x7f072bc621b6 <slapi_ch_free+22>, 0x7f06c422b000, 0x7f072bc71454 <slapi_entry_free+228>, 0x7f06c4057580, 0x7f072bcc6214 <reslimit_get_ext+52>, 0x7f0707536cb0, 0x7f072bf3e034 <slapd_ldap_debug>, 0x7f0701d1d0d4, 0x7f072bcc6b8d <slapi_reslimit_get_integer_limit+445>, 0x7f072e2b7640, 0x65d94daff3b15e00, 0x1, 0x7f0707536cb0...}
>          referral_list = {0x0 <repeats 48 times>, 0xffff80f8fe2e1461, 0x37, 0xd, 0x1, 0x5c0000003d, 0x7f0701d1eba0, 0x0, 0x0, 0x770000006e, 0x0, 0x7f0701d1eb9f, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f06c4000020, 0x0, 0x7f06c41b3e10, 0x0, 0x10, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f0701d1ec88, 0x35d, 0x0, 0x7f072bc61ce3 <slapi_ch_malloc+19>, 0x7f0701d1ec88, 0x7f06c4000020, 0x0, 0x35c, 0x7f06c4237e60, 0x7f072bcec38e <ber_bvcpy+46>, 0x7f06c4237e60, 0x7f06c41b3e10, 0x0, 0x7f072bcec5a1 <slapi_value_set_berval+49>, 0x0, 0x7f06c4237e60, 0x7f06c41b3e10, 0x7f072bcec5f6 <value_init+70>, 0x7f06c414d040, 0x7f06c4237e60, 0x7f06c41b3e10, 0x7f072bcec652 <value_new+50>, 0x0, 0x65d94daff3b15e00, 0xffffffff00000001, 0x65d94daff3b15e00, 0x0, 0x7f06c418f3e8, 0x1, 0x0, 0x7f06c414d040, 0x7f072bcee42a <slapi_valueset_add_attr_valuearray_ext+250>, 0x7f06c40fc460, 0x7f06c418f3e0, 0x7f06c41b6c80, 0x7f0701d1ed7c, 0xffffffff00000001, 0x7f06c418f3e0, 0x7f06c422a800, 0x7f06c414d040, 0x7f0701d20fd0, 0x7f06c41d1380, 0x7f0701d20f90, 0x7f072bc5b4d4 <attr_add_valuearray+148>, 0x7f06c4234ba0, 0x7f06c420d690, 0x0, 0x7f072b7a3085 <profile_update_file_data_locked+85>, 0xfd00, 0x1035277, 0x1, 0x81a4, 0x0, 0x0, 0x354, 0x1000, 0x8, 0x5872a492, 0xdc6d3e, 0x587152bb, 0x2f44381a, 0x587152bb, 0x2f44381a, 0x0, 0x0, 0x0, 0x0, 0x65d94daff3b15e00, 0xf, 0x7f06d40030d0, 0x0, 0x7f06d40030d8, 0x7f06c422f3d0, 0x7f0701d20f48, 0x7f0701d20f50, 0x7f06d40030d0, 0x0, 0x1, 0x7f06c422f3d0, 0x7f0701d20f48, 0x7f0701d20f50, 0x7f072b7a3a20 <profile_open_file+432>, 0x7f06c4234ba0, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06c42238f0, 0x7f07219e6eb5, 0x7f06c4156720, 0x7f0701d1ef30, 0x7f06c41e1f60, 0x7f072bcd6dff <PL_HashTableLookup_const+31>, 0x0, 0x0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06c41e3a10, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f0701d1f068, 0x0, 0x0, 0x7f06c4028f90, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x75676e6974736964, 0x6d614e6465687369, 0x7f06c4010065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f0
> 701d1f0c8, 0x7f071a1b9328, 0x241840, 0x7f0701d1f150, 0x7f0722f9a289 <__log_putr+809>, 0x343633353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06c41d7e25, 0x7f06c41d7e22, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06c41d7e26, 0x65d94daff3b15e00, 0x7f06c41d7e25, 0x7f0701d1eff0, 0x7f0701d1f080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06c41e3762, 0x7f06c4000020, 0x20, 0x0, 0x0, 0x7f0701d1f108, 0x0, 0x7f07294e5fbc <__GI___libc_malloc+76>, 0x7f06c42336b0, 0x7f072bcec58a <slapi_value_set_berval+26>, 0x0, 0x7f06c42336b0, 0x0, 0x7f072bcec5f6 <value_init+70>, 0x7f0701d1f080, 0x7f06c42336b0, 0x0, 0x7f072bcec652 <value_new+50>, 0x7f06c42336b0, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x7f06c413d320, 0x7f07219cdb68 <print_access_control_summary+120>, 0x7f06c413d320, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06c415c388, 0x7f0701d1f4d8, 0x7f0701d1f4e8, 0x7f0725e9ceed <string_values2keys+509>, 0x7f0701d1f110, 0x7f0701d1f4e0, 0x7f07219e9bee, 0x7f07219e6eb5, 0x7f06c41e3a10, 0x7f072bcec7e2 <slapi_value_new_string_passin+34>, 0x7f06c415c388, 0x0...}
>          attrlistbuf = "\037\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\020\016\322\001\a\177\000\000\311n\347)\a\177\000\000\273\212\320+\a\177\000\000\300\r\322\001\a\177\000\000\000\000\000\000\000\000\000\000?\320+\a\177\000\000?\320+\a\177\000\000\356q\347)\a\177\000\000\060\f\322\001\a\177\000\000\000\000\000\000\000\000\000\000\060\231\363-\a\177\000\000\237\v\322\001\a\177\000\000\240\v\322\001\a\177\000\000\016\000\000\000\006\177\000\000\360\f\322\001\a\177\000\000\361\f\322\001\a\177\000\000\000\000\000\000\006\177\000\000\bRN)\000\000\000\000\060\231\363-\a\177\000\000\060 \v\304\006\177\000 \200\314\371-\a\177\000\000\370\v\322\001\a\177\000\000\064\340\363+\a\177\000\000\060\200"...
>          attrliststr = <optimized out>
>          attrs = 0x7f06c41e36a0
>          rc = -1
>          internal_op = <optimized out>
>          basesdn = 0x7f06c4029ad0
>          sdn = 0x7f06c41e6200
>          operation = 0x7f06c41dc7f0
>          referral = 0x0
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          nentries = 0
>          pnentries = 0
>          flag_search_base_found = 0
>          flag_no_such_object = 0
>          flag_referral = 0
>          flag_psearch = <optimized out>
>          err_code = 0
>          ctrlp = 0x0
>          ctl_value = 0x0
>          iscritical = 0
>          be_name = <optimized out>
>          index = -1
>          sent_result = 0
>          pr_stat = 0
>          pagesize = -1
>          estimate = 0
>          curr_search_count = <optimized out>
>          pr_be = <optimized out>
>          pr_search_result = <optimized out>
>          pr_idx = -1
>          orig_sdn = 0x7f072dfb06d0
>          free_sdn = 1
> #23 0x00007f072bcb8ede in search_internal_callback_pb (pb=pb at entry=0x7f06c42280d0, callback_data=callback_data at entry=0x7f0701d21010, prc=prc at entry=0x7f072bcb8030 <internal_plugin_result_callback>, psec=psec at entry=0x7f072bcb8080 <internal_plugin_search_entry_callback>, prec=prec at entry=0x7f072bcb8040 <internal_plugin_search_referral_callback>) at ldap/servers/slapd/plugin_internal_op.c:783
>          controls = 0x0
>          op = 0x7f06c41dc7f0
>          filter = 0x7f06c42376c0
>          fstr = 0x7f06c4234de0 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
>          callback_handler_data = {p_res_callback = 0x7f072bcb8030 <internal_plugin_result_callback>, p_srch_entry_callback = 0x7f072bcb8080 <internal_plugin_search_entry_callback>, p_ref_entry_callback = 0x7f072bcb8040 <internal_plugin_search_referral_callback>, callback_data = 0x7f0701d21010}
>          scope = 2
>          ifstr = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
>          opresult = 734756912
>          rc = 0
>          tmp_attrs = 0x0
> #24 0x00007f072bcb9178 in search_internal_pb (pb=pb at entry=0x7f06c42280d0) at ldap/servers/slapd/plugin_internal_op.c:636
>          psid = {rc = -1, num_entries = 0, num_referrals = 0, entry_list_head = 0x0, referral_list_head = 0x0}
>          iterator = <optimized out>
>          tmp = 0x7f072dfb06d0
>          ref_iterator = <optimized out>
>          ref_tmp = 0x7f072df9cba0
>          i = <optimized out>
>          opresult = 0
>          pb_search_entries = 0x0
>          pb_search_referrals = 0x0
> #25 0x00007f072bcb93d3 in slapi_search_internal_pb (pb=pb at entry=0x7f06c42280d0) at ldap/servers/slapd/plugin_internal_op.c:545
> No locals.
> #26 0x00007f0721ffde80 in search_one_berval (baseDN=baseDN at entry=0x7f072dfb06d0, attrNames=attrNames at entry=0x7f072e199380, value=<optimized out>, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", target=target at entry=0x7f06c41d8ea0, excludes=excludes at entry=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:668
>          err = <optimized out>
>          sres = -1004781968
>          entries = 0x0
>          attrs = {0x7f0721fffc1c "1.1", 0x0}
>          result = 0
>          filter = 0x7f06c41c3e70 "(&(objectClass=posixAccount)(|(uid=BP-281161)))"
>          spb = 0x7f06c42280d0
> #27 0x00007f0721ffe232 in search (baseDN=0x7f072dfb06d0, attrNames=0x7f072e199380, attr=0x7f06c4205150, values=<optimized out>, requiredObjectClass=0x7f072dfb4bd0 "posixAccount", target=0x7f06c41d8ea0, excludes=0x7f072e1a27d0) at ldap/servers/plugins/uiduniq/uid.c:607
>          v = 0x7f06c4147910
>          vhint = 0
>          result = 0
>          values = <optimized out>
>          attrNames = 0x7f072e199380
>          excludes = 0x7f072e1a27d0
>          target = 0x7f06c41d8ea0
>          requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
>          attr = 0x7f06c4205150
>          baseDN = 0x7f072dfb06d0
> #28 0x00007f0721ffe53c in searchAllSubtrees (subtrees=<optimized out>, exclude_subtrees=0x7f072e1a27d0, attrNames=attrNames at entry=0x7f072e199380, attr=0x7f06c4205150, values=values at entry=0x0, requiredObjectClass=requiredObjectClass at entry=0x7f072dfb4bd0 "posixAccount", dn=0x7f06c41d8ea0, unique_in_all_subtrees=1) at ldap/servers/plugins/uiduniq/uid.c:816
>          sufdn = 0x7f072dfb06d0
>          result = 0
>          i = <optimized out>
> #29 0x00007f0721fff005 in preop_add (pb=0x7f0701d21a90) at ldap/servers/plugins/uiduniq/uid.c:1040
>          err = <optimized out>
>          markerObjectClass = 0x0
>          sdn = 0x7f06c41d8ea0
>          e = 0x7f06c4234980
>          config = 0x7f072e2b3390
>          i = <optimized out>
>          requiredObjectClass = 0x7f072dfb4bd0 "posixAccount"
>          isupdatedn = 0
>          attr = 0x7f06c4205150
>          result = 0
>          errtext = 0x0
>          attrNames = 0x7f072e199380
>          attr_friendly = 0x7f072e2b6b50 "uid "
> #30 0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df9cfa0, operation=operation at entry=407, pb=pb at entry=0x7f0701d21a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0721ffedf0 <preop_add>
>          rc = <optimized out>
>          return_value = 0
>          count = 22
> #31 0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0701d21a90, operation=407, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #32 plugin_call_plugins (pb=pb at entry=0x7f0701d21a90, whichfunction=whichfunction at entry=407) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 1
>          rc = 0
>          do_op = <optimized out>
> #33 0x00007f072bc57e49 in op_shared_add (pb=pb at entry=0x7f0701d21a90) at ldap/servers/slapd/add.c:680
>          operation = 0x7f072e5f6f00
>          e = 0x7f06c4234980
>          pse = 0xf
>          be = 0x7f072e0f5f20
>          err = <optimized out>
>          internal_op = 0
>          repl_op = 0
>          legacy_op = 0
>          lastmod = 1
>          pwdtype = 0x0
>          attr = 0x0
>          referral = 0x0
>          errorbuf = "\000\023k.\a\177\000\000\220\034\034\304\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000\000\023k.\a\177\000\000\000\025\322\001\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\025\322\001\a\177\000\000P\337\301*\a\177\000\000\340.\027\304\006\177\000\000\000\023k.\a\177\000\000\037,\317+\a\177\000\000\220\025\322\001\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000\060\200#\304\006\177\000\000\062\000\000\000[\000\000\000\000^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\025\322\001\a\177\000\000`\025\322\001\a\177\000\000\r\000\000\000\000\000\000\000"...
>          p = <optimized out>
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          sdn = 0x7f06c41d8ea0
>          pwpolicy = <optimized out>
> #34 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f0701d21a90) at ldap/servers/slapd/add.c:226
>          operation = 0x7f072e5f6f00
>          ber = <optimized out>
>          last = 0x7f06c41c1c8a "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
>          len = 18446744073709551615
>          tag = 18446744073709551615
>          e = 0x7f06c4234980
>          err = 0
>          rc = <optimized out>
>          searchsubentry = <optimized out>
> #35 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f0701d21a90, op=0x7f072e5f6f00, conn=0x7f07075343e8) at ldap/servers/slapd/connection.c:612
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #36 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f07075343e8, pb_op = 0x7f072e5f6f00, pb_plugin = 0x7f072df9cfa0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06c421b850, op_stack_elem = 0x7f072e60c9c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0701d21a90
>          conn = 0x7f07075343e8
>          op = 0x7f072e5f6f00
>          tag = 104
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #37 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528550) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e528550
>          detached = 1
>          id = 139668072048384
>          tid = 26154
> #38 0x00007f072982edc5 in start_thread (arg=0x7f0701d22700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0701d22700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668072048384, -8975886148032001126, 0, 139668072049088, 139668072048384, 1, 9034569118282681242, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #39 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 25 (Thread 0x7f0701521700 (LWP 26155)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668063655680
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f070151fe30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06b805e640
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06b8287cf0
>          addr = 0x7f06b8287dc8
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06b837a570, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0701520060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06b80eaef0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06b80e2100
>          passin_sdn = 0
>          mods = 0x7f06b805e640
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06b80bb6b0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06b8287cf0
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\210\320.\270\006\177\000\000 \000\000\270\006\177\000\000[\000\000\000\000\000\000\000\240\005\005\270\006\177\000\000\000\000\000\000\000\000\000\000\240\311G\270\006\177\000\000X\252n\270\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\060\255+\270\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000\270\266\v\270\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06b837a570) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06b8287cf0
>          opresult = 0
>          normalized_mods = 0x7f06b80bb6b0
>          mods = 0x7f06b80caf80
>          mod = 0x7f06b80bb6b8
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1204312720, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0701520a90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0701520a90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0701520a90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0701520a90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06b801f4b0
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06b80f12f0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06b8675420 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06b801f4b0
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\270\006\177\000\000\200\tR\001\a\177\000\000\220\tR\001\a\177\000\000\356\006R\001\a\177\000\000\354\006R\001\a\177\000\000\360\006R\001\a\177\000\000\261\370\255\376\350\003\000\000\000\000\000\000\224\201\205\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000u\000\000\000\001\000\001\000P\201w\270\006\177\000\000(\000\000\000\000\000\000\000u", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000`\232q.\a\177\000\000P\201w\270\006\177\000\000y\000\000\000\000\000\000\000u\000\000\000\000\000\000\000`\232q.\a\177\000\000y\000\000\000\000\000\000\000`\232q.\a\177\000\000"...
>          bind_target_entry = 0x7f06b8034a40
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06b8134990
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0701520a90, op=0x7f072e65b980, conn=0x7f0707538498) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538498, pb_op = 0x7f072e65b980, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b866eb00, op_stack_elem = 0x7f072e674110, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0701520a90
>          conn = 0x7f0707538498
>          op = 0x7f072e65b980
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e5289a0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e5289a0
>          detached = 1
>          id = 139668063655680
>          tid = 26155
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0701521700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0701521700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668063655680, -8975886148032001126, 0, 139668063656384, 139668063655680, 1, 9034570217257438106, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 24 (Thread 0x7f0700d20700 (LWP 26156)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668055262976
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f0700d1ee30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06bc0c1cf0
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06bc26e000
>          addr = 0x7f06bc26e0d8
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06bc2660f0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f0700d1f060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06bc23e240 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06bc17b470
>          passin_sdn = 0
>          mods = 0x7f06bc0c1cf0
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06bc0edc20
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06bc26e000
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000H\v$\274\006\177\000\000 \000\000\274\006\177\000\000[\000\000\000\000\000\000\000 \372\004\274\006\177\000\000\000\000\000\000\000\000\000\000\360\266\021\274\006\177\000\000\230\254\r\274\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000 e\023\274\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000(\334\016\274\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06bc2660f0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06bc26e000
>          opresult = 0
>          normalized_mods = 0x7f06bc0edc20
>          mods = 0x7f06bc24bbb0
>          mod = 0x7f06bc0edc28
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1138335504, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f0700d1fa90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f0700d1fa90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f0700d1fa90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f0700d1fa90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06bc08d090
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06bc171200 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06bc02f700 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06bc08d090
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\274\006\177\000\000\200\371\321\000\a\177\000\000\220\371\321\000\a\177\000\000\356\366\321\000\a\177\000\000\354\366\321\000\a\177\000\000\360\366\321\000\a\177\000\000\261\b.\377\350\003\000\000\000\000\000\000=\352\213\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000}\000\000\000\001\000\001\000@\214'\274\006\177\000\000(\000\000\000\000\000\000\000}", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000p\nL.\a\177\000\000@\214'\274\006\177\000\000y\000\000\000\000\000\000\000}\000\000\000\000\000\000\000p\nL.\a\177\000\000y\000\000\000\000\000\000\000p\nL.\a\177\000\000"...
>          bind_target_entry = 0x7f06bc15a530
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06bc0f5a50
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f0700d1fa90, op=0x7f072e4c0880, conn=0x7f0707538fd8) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707538fd8, pb_op = 0x7f072e4c0880, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06bc1427f0, op_stack_elem = 0x7f072e63de90, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f0700d1fa90
>          conn = 0x7f0707538fd8
>          op = 0x7f072e4c0880
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e528df0) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e528df0
>          detached = 1
>          id = 139668055262976
>          tid = 26156
> #15 0x00007f072982edc5 in start_thread (arg=0x7f0700d20700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f0700d20700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668055262976, -8975886148032001126, 0, 139668055263680, 139668055262976, 1, 9034571292609874842, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 23 (Thread 0x7f070051f700 (LWP 26157)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=139668046852768, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=3881, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
>          mtxmgr = <optimized out>
>          mtxregion = 0x7f0719f71138
>          ip = 0x0
>          timespec = {tv_sec = 0, tv_nsec = 139668041498625}
>          ret = <optimized out>
>          dbenv = 0x7f072e1d66a0
>          mutexp = 0x7f071a001230
>          now = {tv_sec = 139668477207320, tv_nsec = 139668627163795}
>          nspins = 0
> #4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=3881, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
> No locals.
> #5  0x00007f0722fa2e1b in __memp_fget (dbmfp=dbmfp at entry=0x7f072e2c32e0, pgnoaddr=pgnoaddr at entry=0x7f070051b5bc, ip=0x0, txn=0x7f06b02372a0, flags=0, flags at entry=2, addrp=addrp at entry=0x7f070051b5c8) at ../../src/mp/mp_fget.c:311
>          state = <optimized out>
>          alloc_bhp = 0x0
>          bhp = 0x7f0719f35e70
>          oldest_bhp = <optimized out>
>          env = 0x7f072e0efbf0
>          read_lsnp = <optimized out>
>          vlsn = <optimized out>
>          dbmp = 0x7f072e1a55e0
>          hp = 0x7f071938aef8
>          c_mp = 0x7f0719383138
>          mfp = <optimized out>
>          list = 0x0
>          lp = <optimized out>
>          renv = <optimized out>
>          infop = 0x7f072e0f11d0
>          t_infop = 0x0
>          reginfo = <optimized out>
>          td = 0x0
>          list_off = <optimized out>
>          mf_offset = 595832
>          bucket = 547
>          pinmax = <optimized out>
>          st_hsearch = <optimized out>
>          b_incr = 1
>          b_lock = 0
>          h_locked = 0
>          dirty = 2
>          extending = 0
>          makecopy = 0
>          mvcc = 0
>          need_free = <optimized out>
>          ret = 0
> #6  0x00007f0722ea6211 in __bam_search (dbc=dbc at entry=0x7f06d80008c0, root_pgno=root_pgno at entry=15, key=key at entry=0x7f070051b990, flags=12802, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f070051b77c) at ../../src/btree/bt_search.c:806
>          t = 0x7f072e2cb6d0
>          cp = 0x7f072e198350
>          dbp = 0x7f072e2b8f50
>          lock = {off = 0, ndx = 585668749, gen = 32519, mode = DB_LOCK_NG}
>          saved_lock = {off = 0, ndx = 5355032, gen = 32519, mode = 435622756}
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          h = 0x0
>          parent_h = 0x0
>          base = <optimized out>
>          i = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          lock_mode = DB_LOCK_WRITE
>          pg = 187
>          saved_pg = 15
>          start_pgno = 15
>          recno = 0
>          adjust = <optimized out>
>          cmp = 1100
>          deloffset = <optimized out>
>          ret = <optimized out>
>          set_stack = 1
>          stack = 1
>          t_ret = <optimized out>
>          getlock = 1
>          was_next = 0
>          get_mode = 2
>          wait = 4
>          level = 2 '\002'
>          saved_level = 255 '\377'
> #7  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06d80008c0, root_pgno=15, key=key at entry=0x7f070051b990, flags=flags at entry=19, exactp=exactp at entry=0x7f070051b77c) at ../../src/btree/bt_cursor.c:2804
>          t = <optimized out>
>          cp = <optimized out>
>          dbp = <optimized out>
>          h = <optimized out>
>          base = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          bt_lpgno = 0
>          recno = 0
>          sflags = <optimized out>
>          bulk = <optimized out>
>          cmp = 0
>          ret = 0
>          t_ret = <optimized out>
> #8  0x00007f0722e956c4 in __bamc_put (dbc=0x7f06d80008c0, key=0x7f070051ba70, data=0x7f070051b990, flags=19, pgnop=0x0) at ../../src/btree/bt_cursor.c:2114
>          t = <optimized out>
>          cp = 0x7f072e198350
>          dbp = 0x7f072e2b8f50
>          dbt = {data = 0x0, size = 5355520, ulen = 32519, dlen = 5356144, doff = 32519, app_data = 0x7f070051b990, flags = 0}
>          mpf = 0x7f072e2c32e0
>          root_pgno = 15
>          cmp = -671008528
>          exact = 32518
>          own = 0
>          ret = 0
>          stack = 0
>          iiop = <optimized out>
>          arg = <optimized out>
> #9  0x00007f0722f4c6d5 in __dbc_iput (dbc=0x7f06d80138f0, key=0x7f070051ba70, data=0x7f070051b990, flags=19) at ../../src/db/db_cam.c:2155
>          dbc_n = 0x7f06d80138f0
>          oldopd = <optimized out>
>          opd = 0x7f06d80008c0
>          pgno = 15
>          ret = 0
>          t_ret = 0
>          tmp_flags = <optimized out>
> #10 0x00007f0722f4e6cd in __dbc_put (dbc=<optimized out>, key=key at entry=0x7f070051ba70, data=data at entry=0x7f070051b990, flags=<optimized out>, flags at entry=19) at ../../src/db/db_cam.c:2049
>          dbp = <optimized out>
>          ret = 0
> #11 0x00007f0722f47a0e in __db_put (dbp=dbp at entry=0x7f072e2b8f50, ip=<optimized out>, txn=<optimized out>, key=key at entry=0x7f070051ba70, data=data at entry=0x7f070051b990, flags=flags at entry=19) at ../../src/db/db_am.c:583
>          rid = {pgno = 2, indx = 32519}
>          dbc = 0x7f06d80138f0
>          tdata = {data = 0x7f0719c25168, size = 771451216, ulen = 32519, dlen = 5355676, doff = 32519, app_data = 0x2bb00000001, flags = 0}
>          tkey = {data = 0x0, size = 585668749, ulen = 32519, dlen = 4294967295, doff = 0, app_data = 0x7f070051b9e0, flags = 432173491}
>          env = 0x7f072e0efbf0
>          bulk_kptr = <optimized out>
>          bulk_ptr = <optimized out>
>          recno = 32519
>          cursor_flags = 40
>          ret = 0
>          t_ret = <optimized out>
> #12 0x00007f0722f5cfa4 in __db_put_pp (dbp=0x7f072e2b8f50, txn=0x7f06b02372a0, key=0x7f070051ba70, data=0x7f070051b990, flags=<optimized out>) at ../../src/db/db_iface.c:1661
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          handle_check = <optimized out>
>          ret = 0
>          txn_local = 0
>          t_ret = <optimized out>
> #13 0x00007f071e21c9df in idl_new_insert_key (be=<optimized out>, db=<optimized out>, key=<optimized out>, id=38715, txn=<optimized out>, a=<optimized out>, disposition=0x0) at ldap/servers/slapd/back-ldbm/idl_new.c:864
>          ret = 0
>          data = {data = 0x7f070051b98c, size = 4, ulen = 4, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
> #14 0x00007f071e21b575 in idl_insert_key (be=be at entry=0x7f072e0f5f20, db=db at entry=0x7f072e2b8f50, key=key at entry=0x7f070051ba70, id=id at entry=38715, txn=txn at entry=0x7f06b02372a0, a=a at entry=0x7f072e1be6c0, disposition=disposition at entry=0x0) at ldap/servers/slapd/back-ldbm/idl_shim.c:115
> No locals.
> #15 0x00007f071e22bc65 in addordel_values_sv (be=be at entry=0x7f072e0f5f20, db=0x7f072e2b8f50, indextype=<optimized out>, vals=<optimized out>, id=id at entry=38715, flags=flags at entry=1, txn=txn at entry=0x7f070051e190, a=0x7f072e1be6c0, idl_disposition=idl_disposition at entry=0x0, buffer_handle=buffer_handle at entry=0x0, type=<optimized out>) at ldap/servers/slapd/back-ldbm/index.c:1932
>          rc = <optimized out>
>          i = <optimized out>
>          key = {data = 0x7f06b001d3b0, size = 14, ulen = 14, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          db_txn = 0x7f06b02372a0
>          plen = 1
>          vlen = <optimized out>
>          len = <optimized out>
>          tmpbuf = 0x7f06b001d3b0 "=posixaccount"
>          tmpbuflen = 14
>          realbuf = <optimized out>
>          prefix = 0x7f071e48df6c <prefix_EQUALITY> "="
>          bvp = <optimized out>
>          encrypted_bvp = 0x0
> #16 0x00007f071e22c90a in index_addordel_values_ext_sv (be=be at entry=0x7f072e0f5f20, type=<optimized out>, vals=0x7f06b013f400, evals=evals at entry=0x0, id=38715, flags=flags at entry=1, txn=txn at entry=0x7f070051e190, idl_disposition=idl_disposition at entry=0x0, buffer_handle=buffer_handle at entry=0x0) at ldap/servers/slapd/back-ldbm/index.c:2069
>          db = 0x7f072e2b8f50
>          ai = 0x7f072e1be6c0
>          err = 0
>          ivals = 0x7f06b0107b10
>          buf = "objectClass\000\006\177\000\000\060\343\021.\a\177\000\000\254= \036\a\177\000\000p\305\006\260\006\177\000\000\316? \036\a\177\000\000\200\342\372-\a\177\000\000/\225\350)\a\177\000\000\230 \373-\a\177\000\000p\305\006\260\006\177\000\000\030\337Q\000\a\177\000\000\240\332$\260\006\177\000\000\000\000\000\000\000\000\000\000\321U \036\a\177\000\000\320\374\"\260\006\177\000\000\320\374\"\260\006\177", '\000' <repeats 18 times>, "p\305\006\260\006\177\000\000\000^\261\363\257M\331e\320\374\"\260\006\177\000\000\000\000\000\000\000\000\000\000p\305\006\260\006\177\000\000\230 \373-\a\177\000\000\000\000\000\000\000\000\000\000"...
>          basetmp = 0x0
>          basetype = 0x7f070051de90 "objectClass"
> #17 0x00007f071e22cd44 in index_addordel_values_sv (be=be at entry=0x7f072e0f5f20, type=<optimized out>, vals=<optimized out>, evals=evals at entry=0x0, id=<optimized out>, flags=flags at entry=1, txn=txn at entry=0x7f070051e190) at ldap/servers/slapd/back-ldbm/index.c:1991
> No locals.
> #18 0x00007f071e22ce0a in index_addordel_entry (be=0x7f072e0f5f20, e=0x7f06b006c570, flags=flags at entry=1, txn=0x7f070051e190) at ldap/servers/slapd/back-ldbm/index.c:445
>          entryrdn_done = 0
>          type = 0x7f06b0039970 "objectClass"
>          svals = <optimized out>
>          rc = 0
>          result = 0
>          attr = 0x7f06b0109810
> #19 0x00007f071e22fcca in ldbm_back_add (pb=0x7f070051ea90) at ldap/servers/slapd/back-ldbm/ldbm_add.c:986
>          be = 0x7f072e0f5f20
>          li = 0x7f072df49930
>          inst = 0x7f072dfb2010
>          dn = 0x7f06b0113900 "uid=BP-281162,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          e = 0x7f06b022fcd0
>          tombstoneentry = 0x0
>          addingentry = 0x7f06b006c570
>          parententry = 0x0
>          originalentry = 0x7f06b0125bd0
>          tmpentry = 0x0
>          pid = <optimized out>
>          isroot = 0
>          errbuf = 0x0
>          txn = {back_txn_txn = 0x7f06b02372a0}
>          parent_txn = 0x0
>          retval = 0
>          msg = <optimized out>
>          managedsait = 1
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          ldap_result_matcheddn = 0x0
>          retry_count = <optimized out>
>          disk_full = 0
>          parent_modify_c = {old_entry = 0x7f06e40c7e70, new_entry = 0x7f06b0143d50, smods = 0x7f06b0059120, attr_encrypt = 1}
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          parent_found = 1
>          ruv_c_init = 0
>          rc = 0
>          addingentry_id_assigned = 1
>          sdn = 0x7f06b00b7350
>          parentsdn = {flag = 6 '\006', udn = 0x0, dn = 0x7f06b001be20 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", ndn = 0x7f06b00cfbf0 "cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", ndn_len = 57}
>          operation = 0x7f072e48bb40
>          is_replicated_operation = 0
>          is_resurect_operation = 0
>          is_tombstone_operation = 0
>          is_fixup_operation = 0
>          is_remove_from_cache = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          addr = {udn = 0x0, uniqueid = 0x0, sdn = 0x7f070051e280}
>          not_an_error = 0
>          parent_switched = 0
>          noabort = 0
>          myrc = 0
>          conn_id = 13378
>          op_id = 1
>          result_sent = 0
> #20 0x00007f072bc57ee8 in op_shared_add (pb=pb at entry=0x7f070051ea90) at ldap/servers/slapd/add.c:699
>          rc = 0
>          ec = 0x7f06b024a6a0
>          add_target_sdn = 0x7f06b00b7350
>          save_e = 0x0
>          operation = 0x7f072e48bb40
>          e = 0x7f06b022fcd0
>          pse = 0xf
>          be = 0x7f072e0f5f20
>          err = <optimized out>
>          internal_op = 0
>          repl_op = 0
>          legacy_op = 0
>          lastmod = 1
>          pwdtype = 0x0
>          attr = 0x0
>          referral = 0x0
>          errorbuf = "\000\236A.\a\177\000\000pX%\260\006\177\000\000\360J\302*\a\177\000\000\274_N)\a\177\000\000\340\236A.\a\177\000\000\000\345Q\000\a\177\000\000\004\000\000\000\000\000\000\000\265\"\302*\a\177\000\000\000\345Q\000\a\177\000\000P\337\301*\a\177\000\000P\027%\260\006\177\000\000\340\236A.\a\177\000\000\037,\317+\a\177\000\000\220\345Q\000\a\177\000\000!,\317+\a\177\000\000\352\343\301*\a\177\000\000\027\000\000\000\000\000\000\000\000\267\005\260\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331e ,\317+\a\177\000\000\326\353\301*\a\177\000\000X\345Q\000\a\177\000\000`\345Q\000\a\177\000\000\r\000\000\000\000\000\000\000"...
>          p = <optimized out>
>          proxydn = 0x0
>          proxystr = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
>          sdn = 0x0
>          pwpolicy = <optimized out>
> #21 0x00007f072bc591b0 in do_add (pb=pb at entry=0x7f070051ea90) at ldap/servers/slapd/add.c:226
>          operation = 0x7f072e48bb40
>          ber = <optimized out>
>          last = 0x7f06b025586a "\240\033\060\031\004\027\062.16.840.1.113730.3.4.2"
>          len = 18446744073709551615
>          tag = 18446744073709551615
>          e = 0x7f06b022fcd0
>          err = 0
>          rc = <optimized out>
>          searchsubentry = <optimized out>
> #22 0x00007f072c18b9b3 in connection_dispatch_operation (pb=0x7f070051ea90, op=0x7f072e48bb40, conn=0x7f0707536cb0) at ldap/servers/slapd/connection.c:612
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #23 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707536cb0, pb_op = 0x7f072e48bb40, pb_plugin = 0x7f072df4b040, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x7f06b00a0d00, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 1, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x7f06b02372a0, pb_txn_ruv_mods_fn = 0x7f071df89900 <replica_ruv_smods_for_op>, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply
> _mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombstone_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b02443a0, op_stack_elem = 0x7f072e0f2310, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f070051ea90
>          conn = 0x7f0707536cb0
>          op = 0x7f072e48bb40
>          tag = 104
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #24 0x00007f0729e8e96b in _pt_root (arg=0x7f072e529240) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e529240
>          detached = 1
>          id = 139668046870272
>          tid = 26157
> #25 0x00007f072982edc5 in start_thread (arg=0x7f070051f700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f070051f700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668046870272, -8975886148032001126, 0, 139668046870976, 139668046870272, 1, 9034572391584631706, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #26 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 22 (Thread 0x7f06ffd1e700 (LWP 26158)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0729e89463 in PR_EnterMonitor (mon=0x7f072dfb2c70) at ../../../nspr/pr/src/pthreads/ptsynch.c:603
>          self = 139668038477568
> #2  0x00007f071e20a212 in dblayer_lock_backend (be=<optimized out>) at ldap/servers/slapd/back-ldbm/dblayer.c:3734
>          inst = <optimized out>
> #3  0x00007f071e20f2c6 in dblayer_txn_begin (be=0x7f072e0f5f20, parent_txn=0x0, txn=txn at entry=0x7f06ffd1ce30) at ldap/servers/slapd/back-ldbm/dblayer.c:3453
>          li = 0x7f072df49930
>          rc = 0
> #4  0x00007f071e24bc6c in ldbm_back_modify (pb=<optimized out>) at ldap/servers/slapd/back-ldbm/ldbm_modify.c:538
>          cache_rc = 0
>          new_mod_count = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x0
>          ec = 0x0
>          original_entry = 0x0
>          tmpentry = 0x0
>          postentry = 0x0
>          mods = 0x7f06b41bdf40
>          mods_original = 0x0
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          txn = {back_txn_txn = 0x0}
>          parent_txn = 0x0
>          ruv_c = {old_entry = 0x0, new_entry = 0x0, smods = 0x0, attr_encrypt = 0}
>          ruv_c_init = 0
>          retval = -1
>          msg = <optimized out>
>          errbuf = 0x0
>          retry_count = 0
>          disk_full = 0
>          ldap_result_code = 0
>          ldap_result_message = 0x0
>          rc = 0
>          operation = 0x7f06b4155630
>          addr = 0x7f06b4155708
>          is_fixup_operation = 0
>          is_ruv = 0
>          opcsn = <optimized out>
>          repl_op = 0
>          opreturn = 0
>          mod_count = 0
>          not_an_error = 0
>          fixup_tombstone = 0
>          ec_locked = 0
>          result_sent = 0
> #5  0x00007f072bca14db in op_shared_modify (pb=pb at entry=0x7f06b418ccb0, pw_change=pw_change at entry=0, old_pw=0x0) at ldap/servers/slapd/modify.c:1055
>          rc = 0
>          be = 0x7f072e0f5f20
>          pse = 0x7f06ffd1d060
>          referral = 0x0
>          e = 0x0
>          dn = 0x7f06b40c31b0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normdn = <optimized out>
>          sdn = 0x7f06b4054f90
>          passin_sdn = 0
>          mods = 0x7f06b41bdf40
>          pw_mod = <optimized out>
>          tmpmods = 0x7f06b41b9370
>          smods = {mods = 0x0, num_elements = 0, num_mods = 0, iterator = 0, free_mods = 0}
>          repl_op = 0
>          internal_op = 32
>          lastmod = 1
>          skip_modified_attrs = 0
>          unhashed_pw_attr = 0x0
>          operation = 0x7f06b4155630
>          errorbuf = "\000rbLastSuccessfulAuth\000\000\000\000v\364-\a\177\000\000\300*\364-\a\177\000\000\363\037\306+\a\177\000\000\270\004\026\264\006\177\000\000 \000\000\264\006\177\000\000[\000\000\000\000\000\000\000\060w\034\264\006\177\000\000\000\000\000\000\000\000\000\000 D\034\264\006\177\000\000\b\244\016\264\006\177\000\000\274_N)\a\177\000\000entrydn\000[\000\000\000\000\000\000\000\240 \031\264\006\177\000\000\000^\261\363\257M\331e\b\000\000\000\000\000\000\000\060\270\360-\a\177\000\000\060\270\360-\a\177\000\000 \250\364+\a\177\000\000x\223\033\264\006\177\000\000\000\000\000\000\000\000\000\000\005\000\000\000\000\000\000\000"...
>          err = <optimized out>
>          lc_mod = <optimized out>
>          p = <optimized out>
>          i = <optimized out>
>          proxydn = 0x0
>          proxy_err = <optimized out>
>          errtext = 0x0
> #6  0x00007f072bca2014 in modify_internal_pb (pb=0x7f06b418ccb0) at ldap/servers/slapd/modify.c:599
>          controls = 0x0
>          pwpolicy_ctrl = 0
>          op = 0x7f06b4155630
>          opresult = 0
>          normalized_mods = 0x7f06b41b9370
>          mods = 0x7f06b4133a90
>          mod = 0x7f06b41b9378
>          smods = {mods = 0x7f0600000000, num_elements = -206479872, num_mods = 1708740015, iterator = -1273443152, free_mods = 32518}
>          pw_change = <optimized out>
>          old_pw = 0x0
> #7  0x00007f0720112bbb in ipalockout_postop () from /usr/lib64/dirsrv/plugins/libipa_lockout.so
> No symbol table info available.
> #8  0x00007f072bcb3d38 in plugin_call_func (list=0x7f072df0bfb0, operation=operation at entry=501, pb=pb at entry=0x7f06ffd1da90, call_one=call_one at entry=0) at ldap/servers/slapd/plugin.c:2049
>          n = <optimized out>
>          func = 0x7f0720112570 <ipalockout_postop>
>          rc = <optimized out>
>          return_value = 0
>          count = 3
> #9  0x00007f072bcb3fc3 in plugin_call_list (pb=0x7f06ffd1da90, operation=501, list=<optimized out>) at ldap/servers/slapd/plugin.c:1993
> No locals.
> #10 plugin_call_plugins (pb=pb at entry=0x7f06ffd1da90, whichfunction=whichfunction at entry=501) at ldap/servers/slapd/plugin.c:445
>          p = 0x7f072df4b040
>          locked = <optimized out>
>          plugin_list_number = 2
>          rc = 0
>          do_op = <optimized out>
> #11 0x00007f072c18504f in do_bind (pb=pb at entry=0x7f06ffd1da90) at ldap/servers/slapd/bind.c:861
>          sdn_updated = <optimized out>
>          pb_sdn = 0x7f06b413f6a0
>          ber = <optimized out>
>          err = <optimized out>
>          isroot = 0
>          method = 128
>          version = 2
>          auth_response_requested = 0
>          pw_response_requested = 0
>          rawdn = 0x7f06b41f5bb0 "uid=sensu,cn=users,cn=accounts,dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          dn = <optimized out>
>          saslmech = 0x0
>          cred = {bv_len = 16, bv_val = 0x7f06b41af9e0 "mhHdYJhhjh67B58O"}
>          be = 0x7f072e0f5f20
>          ber_rc = <optimized out>
>          rc = 0
>          sdn = 0x7f06b413f6a0
>          bind_sdn_in_pb = 1
>          referral = 0x0
>          errorbuf = '\000' <repeats 511 times>
>          supported = <optimized out>
>          pmech = <optimized out>
>          authtypebuf = "\000\000\000\000\000\000\000\000\027\253\350)\a\177\000\000 \000\000\264\006\177\000\000\200\331\321\377\006\177\000\000\220\331\321\377\006\177\000\000\356\326\321\377\006\177\000\000\354\326\321\377\006\177\000\000\360\326\321\377\006\177\000\000\261(.\000\350\003\000\000\000\000\000\000\355\030\177\t\000\000\000\000\000\000\000\000\026\003\003\000\000\000\000\000n\000\000\000\001\000\001\000\320\361\027\264\006\177\000\000(\000\000\000\000\000\000\000n", '\000' <repeats 14 times>, "\001\027\003\003\000a\177\000\000\240\ny.\a\177\000\000\320\361\027\264\006\177\000\000y\000\000\000\000\000\000\000n\000\000\000\000\000\000\000\240\ny.\a\177\000\000y\000\000\000\000\000\000\000\240\ny.\a\177\000\000"...
>          bind_target_entry = 0x7f06b42052a0
>          auto_bind = <optimized out>
>          minssf = <optimized out>
>          minssf_exclude_rootdse = <optimized out>
>          original_sdn = 0x7f06b41fd1e0
> #12 0x00007f072c18baad in connection_dispatch_operation (pb=0x7f06ffd1da90, op=0x7f072e671840, conn=0x7f0707537ac0) at ldap/servers/slapd/connection.c:602
>          minssf = 0
>          minssf_exclude_rootdse = <optimized out>
>          enable_nagle = 1
>          pop_cork = 0
> #13 connection_threadmain () at ldap/servers/slapd/connection.c:1759
>          is_timedout = 0
>          curtime = <optimized out>
>          local_pb = {pb_backend = 0x7f072e0f5f20, pb_conn = 0x7f0707537ac0, pb_op = 0x7f072e671840, pb_plugin = 0x7f072df0bfb0, pb_opreturn = 0, pb_object = 0x0, pb_destroy_fn = 0x0, pb_requestor_isroot = 0, pb_config_fname = 0x0, pb_config_lineno = 0, pb_config_argc = 0, pb_config_argv = 0x0, plugin_tracking = 0, pb_target_entry = 0x0, pb_existing_dn_entry = 0x0, pb_existing_uniqueid_entry = 0x0, pb_parent_entry = 0x0, pb_newparent_entry = 0x0, pb_pre_op_entry = 0x0, pb_post_op_entry = 0x0, pb_seq_type = 0, pb_seq_attrname = 0x0, pb_seq_val = 0x0, pb_dbverify_dbdir = 0x0, pb_ldif_file = 0x0, pb_removedupvals = 0, pb_db2index_attrs = 0x0, pb_ldif2db_noattrindexes = 0, pb_ldif_printkey = 0, pb_instance_name = 0x0, pb_task = 0x0, pb_task_flags = 0, pb_mr_filter_match_fn = 0x0, pb_mr_filter_index_fn = 0x0, pb_mr_filter_reset_fn = 0x0, pb_mr_index_fn = 0x0, pb_mr_oid = 0x0, pb_mr_type = 0x0, pb_mr_value = 0x0, pb_mr_values = 0x0, pb_mr_keys = 0x0, pb_mr_filter_reusable = 0, pb_mr_query_operator = 0, pb_mr_usage = 0, pb_pwd_storage_scheme_user_passwd = 0x0, pb_pwd_storage_scheme_db_passwd = 0x0, pb_managedsait = 0, pb_internal_op_result = 0, pb_plugin_internal_search_op_entries = 0x0, pb_plugin_internal_search_op_referrals = 0x0, pb_plugin_identity = 0x0, pb_plugin_config_area = 0x0, pb_parent_txn = 0x0, pb_txn = 0x0, pb_txn_ruv_mods_fn = 0x0, pb_dbsize = 0, pb_ldif_files = 0x0, pb_ldif_include = 0x0, pb_ldif_exclude = 0x0, pb_ldif_dump_replica = 0, pb_ldif_dump_uniqueid = 0, pb_ldif_generate_uniqueid = 0, pb_ldif_namespaceid = 0x0, pb_ldif_encrypt = 0, pb_operation_notes = 0, pb_slapd_argc = 0, pb_slapd_argv = 0x0, pb_slapd_configdir = 0x0, pb_ctrls_arg = 0x0, pb_dse_dont_add_write = 0, pb_dse_add_merge = 0, pb_dse_dont_check_dups = 0, pb_dse_is_primary_file = 0, pb_schema_flags = 0, pb_result_code = 0, pb_result_text = 0x0, pb_result_matched = 0x0, pb_nentries = 0, urls = 0x0, pb_import_entry = 0x0, pb_import_state = 0, pb_destroy_content = 0, pb_dse_reapply_mods = 0, pb_urp_naming_collision_dn = 0x0, pb_urp_tombston
> e_uniqueid = 0x0, pb_server_running = 0, pb_backend_count = 1, pb_pwpolicy_ctrl = 0, pb_vattr_context = 0x0, pb_substrlens = 0x0, pb_plugin_enabled = 0, pb_search_ctrls = 0x0, pb_mr_index_sv_fn = 0x0, pb_syntax_filter_normalized = 0, pb_syntax_filter_data = 0x0, pb_paged_results_index = 0, pb_paged_results_cookie = 0, pwdpolicy = 0x7f06b41ee7f0, op_stack_elem = 0x7f072e6717c0, pb_aci_target_check = 0, pb_pw_entry = 0x0}
>          pb = 0x7f06ffd1da90
>          conn = 0x7f0707537ac0
>          op = 0x7f072e671840
>          tag = 96
>          need_wakeup = 1
>          thread_turbo_flag = <optimized out>
>          ret = <optimized out>
>          more_data = 0
>          replication_connection = 0
>          doshutdown = 0
>          maxthreads = 5
>          enable_nunc_stans = 0
>          bypasspollcnt = <optimized out>
> #14 0x00007f0729e8e96b in _pt_root (arg=0x7f072e529690) at ../../../nspr/pr/src/pthreads/ptthread.c:212
>          rv = <optimized out>
>          thred = 0x7f072e529690
>          detached = 1
>          id = 139668038477568
>          tid = 26158
> #15 0x00007f072982edc5 in start_thread (arg=0x7f06ffd1e700) at pthread_create.c:308
>          __res = <optimized out>
>          pd = 0x7f06ffd1e700
>          now = <optimized out>
>          unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668038477568, -8975886148032001126, 0, 139668038478272, 139668038477568, 1, 9034995705171938202, 9034621208169941914}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
>          not_first_call = <optimized out>
>          pagesize_m1 = <optimized out>
>          sp = <optimized out>
>          freesize = <optimized out>
> #16 0x00007f072955d73d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> No locals.
>
> Thread 21 (Thread 0x7f06ff51d700 (LWP 26159)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007f0722e892f3 in __db_pthread_mutex_condwait (env=0x7f072e0efbf0, mutex=4294936308, timespec=0x0, mutexp=<optimized out>) at ../../src/mutex/mut_pthread.c:321
>          ret = <optimized out>
> #2  __db_hybrid_mutex_suspend (env=env at entry=0x7f072e0efbf0, mutex=mutex at entry=4059, timespec=timespec at entry=0x0, exclusive=exclusive at entry=1) at ../../src/mutex/mut_pthread.c:577
>          ret = <optimized out>
>          t_ret = 0
> #3  0x00007f0722e88640 in __db_tas_mutex_lock_int (nowait=0, timeout=0, mutex=<optimized out>, env=0x7f072e0efbf0) at ../../src/mutex/mut_tas.c:271
>          mtxmgr = <optimized out>
>          mtxregion = 0x7f0719f71138
>          ip = 0x0
>          timespec = {tv_sec = 806, tv_nsec = 139668030024472}
>          ret = <optimized out>
>          dbenv = 0x7f072e1d66a0
>          mutexp = 0x7f071a007be0
>          now = {tv_sec = 2048, tv_nsec = 139668814232560}
>          nspins = 0
> #4  __db_tas_mutex_lock (env=env at entry=0x7f072e0efbf0, mutex=4059, timeout=timeout at entry=0) at ../../src/mutex/mut_tas.c:302
> No locals.
> #5  0x00007f0722f32d3a in __lock_get_internal (lt=lt at entry=0x7f072dfafc70, sh_locker=sh_locker at entry=0x7f071a2e8728, flags=flags at entry=0, obj=<optimized out>, lock_mode=<optimized out>, timeout=timeout at entry=0, lock=0x7f06ff50edc0) at ../../src/lock/lock.c:983
>          newl = <optimized out>
>          lp = <optimized out>
>          env = <optimized out>
>          sh_obj = 0x7f071a2db2b8
>          region = <optimized out>
>          ip = 0x0
>          ndx = 806
>          part_id = <optimized out>
>          did_abort = -11473832
>          ihold = 0
>          grant_dirty = <optimized out>
>          no_dd = 1
>          ret = 0
>          t_ret = <optimized out>
>          holder = <optimized out>
>          sh_off = <optimized out>
>          action = <optimized out>
> #6  0x00007f0722f33820 in __lock_get (env=env at entry=0x7f072e0efbf0, locker=0x7f071a2e8728, flags=0, obj=obj at entry=0x7f06a8098670, lock_mode=<optimized out>, lock=lock at entry=0x7f06ff50edc0) at ../../src/lock/lock.c:463
>          lt = 0x7f072dfafc70
>          ret = <optimized out>
> #7  0x00007f0722f5f142 in __db_lget (dbc=dbc at entry=0x7f06a8098580, action=action at entry=0, pgno=13, mode=<optimized out>, mode at entry=DB_LOCK_READ, lkflags=lkflags at entry=0, lockp=lockp at entry=0x7f06ff50edc0) at ../../src/db/db_meta.c:1255
>          dbp = 0x7f072e2b8f50
>          couple = {{op = 4283493464, mode = 32518, timeout = 4283493460, obj = 0x7f06a8098580, lock = {off = 139668628338413, ndx = 0, gen = 3070296068, mode = DB_LOCK_NG}}, {op = 4283493472, mode = 32518, timeout = 774648544, obj = 0x7f06ff50ed94, lock = {off = 139666565918560, ndx = 1409, gen = 0, mode = 774606672}}, {op = 4283493452, mode = 32518, timeout = 1, obj = 0x100000000, lock = {off = 139668466660080, ndx = 0, gen = 0, mode = 585668749}}}
>          reqp = 0x0
>          txn = 0x0
>          env = 0x7f072e0efbf0
>          has_timeout = <optimized out>
>          i = 0
>          ret = <optimized out>
> #8  0x00007f0722ea6605 in __bam_search (dbc=dbc at entry=0x7f06a8098580, root_pgno=1, root_pgno at entry=0, key=key at entry=0x7f06ff50f0a0, flags=1409, slevel=slevel at entry=1, recnop=recnop at entry=0x0, exactp=exactp at entry=0x7f06ff50eee4) at ../../src/btree/bt_search.c:723
>          t = 0x7f072e2cb6d0
>          cp = 0x7f06a80c6f60
>          dbp = 0x7f072e2b8f50
>          lock = {off = 0, ndx = 806, gen = 25955, mode = 1677787140}
>          saved_lock = {off = 0, ndx = 806, gen = 0, mode = 620822532}
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          h = 0x0
>          parent_h = 0x0
>          base = <optimized out>
>          i = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          lock_mode = DB_LOCK_READ
>          pg = 13
>          saved_pg = 0
>          start_pgno = 0
>          recno = 0
>          adjust = <optimized out>
>          cmp = 3
>          deloffset = <optimized out>
>          ret = <optimized out>
>          set_stack = 1
>          stack = 0
>          t_ret = <optimized out>
>          getlock = 0
>          was_next = 0
>          get_mode = 0
>          wait = 4
>          level = 2 '\002'
>          saved_level = 255 '\377'
> #9  0x00007f0722e91256 in __bamc_search (dbc=dbc at entry=0x7f06a8098580, root_pgno=root_pgno at entry=0, key=0x7f06ff50f0a0, flags=<optimized out>, exactp=0x7f06ff50eee4) at ../../src/btree/bt_cursor.c:2804
>          t = <optimized out>
>          cp = <optimized out>
>          dbp = <optimized out>
>          h = <optimized out>
>          base = <optimized out>
>          indx = <optimized out>
>          inp = <optimized out>
>          lim = <optimized out>
>          bt_lpgno = 1935765609
>          recno = 1935765609
>          sflags = <optimized out>
>          bulk = <optimized out>
>          cmp = 0
>          ret = 0
>          t_ret = <optimized out>
> #10 0x00007f0722e92d0f in __bamc_get (dbc=0x7f06a8098580, key=<optimized out>, data=<optimized out>, flags=<optimized out>, pgnop=0x7f06ff50ef84) at ../../src/btree/bt_cursor.c:1099
>          cp = 0x7f06a80c6f60
>          dbp = 0x7f072e2b8f50
>          mpf = <optimized out>
>          orig_pgno = 0
>          orig_indx = 0
>          exact = 32519
>          newopd = <optimized out>
>          ret = <optimized out>
> #11 0x00007f0722f4bca6 in __dbc_iget (dbc=0x7f06a82081e0, key=0x7f06ff50f0a0, data=0x7f06ff50f0d0, flags=26) at ../../src/db/db_cam.c:952
>          dbp = 0x7f072e2b8f50
>          ddbc = <optimized out>
>          dbc_n = 0x7f06a8098580
>          opd = 0x0
>          cp = <optimized out>
>          cp_n = <optimized out>
>          mpf = 0x7f072e2c32e0
>          env = 0x7f072e0efbf0
>          pgno = 0
>          indx_off = <optimized out>
>          multi = 2048
>          orig_ulen = 0
>          tmp_flags = <optimized out>
>          tmp_read_locking = 0
>          tmp_rmw = 0
>          type = <optimized out>
>          key_small = 0
>          ret = <optimized out>
>          t_ret = <optimized out>
> #12 0x00007f0722f4c47d in __dbc_get (dbc=dbc at entry=0x7f06a82081e0, key=key at entry=0x7f06ff50f0a0, data=data at entry=0x7f06ff50f0d0, flags=flags at entry=2074) at ../../src/db/db_cam.c:770
> No locals.
> #13 0x00007f0722f5ab02 in __dbc_get_pp (dbc=0x7f06a82081e0, key=0x7f06ff50f0a0, data=0x7f06ff50f0d0, flags=2074) at ../../src/db/db_iface.c:2359
>          dbp = <optimized out>
>          ip = 0x0
>          env = 0x7f072e0efbf0
>          ret = <optimized out>
> #14 0x00007f071e21b8a0 in idl_new_fetch (be=0x7f072e0f5f20, db=<optimized out>, inkey=0x7f06ff511220, txn=0x0, a=0x7f072e1be6c0, flag_err=0x7f06ff517c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/idl_new.c:202
>          ret = 0
>          idl_rc = 0
>          cursor = 0x7f06a82081e0
>          idl = 0x0
>          key = {data = 0x7f06ff511380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2056}
>          data = {data = 0x7f06ff50f130, size = 8192, ulen = 8192, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          id = 0
>          count = 0
>          buffer = "\004\000\001\071\227\000\000o\004\000\001\067\227\000\000a\004\000\001\065\227\000\000u\004\000\001\063\227\000\000w\004\000\001\061\227\000\000\061\004\000\001/\227\000\000H\004\000\001-\227\000\000m\004\000\001+\227\000\000z\004\000\001)\227\000\000F\004\000\001'\227\000\000F\004\000\001%\227\000\000U\004\000\001#\227\000\000F\004\000\001!\227\000\000=\004\000\001\037\227\000\000r\004\000\001\035\227\000\000u\004\000\001\033\227\000\000s\004\000\001\031\227\000\000u\004\000\001\027\227\000\000=\004\000\001\025\227\000\000s\004\000\001\023\227\000\000i\004\000\001\021\227\000\000i\004\000\001\017\227\000\000v\004\000\001\r\227\000\000\n\004\000\001\v\227\000\000\n\004\000\001\t\227\000\000r"...
>          ptr = <optimized out>
>          dataret = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, app_data = 0x0, flags = 0}
>          s_txn = {back_txn_txn = 0x0}
>          li = <optimized out>
> #15 0x00007f071e21b525 in idl_fetch_ext (be=be at entry=0x7f072e0f5f20, db=<optimized out>, key=key at entry=0x7f06ff511220, txn=txn at entry=0x0, a=<optimized out>, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/idl_shim.c:101
> No locals.
> #16 0x00007f071e22a146 in index_read_ext_allids (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, type=type at entry=0x7f06a8203bf0 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", val=<optimized out>, txn=txn at entry=0x7f06ff5154f0, err=err at entry=0x7f06ff517c8c, unindexed=unindexed at entry=0x7f06ff5154e4, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/index.c:1028
>          interval = <optimized out>
>          db = 0x7f072e2b8f50
>          db_txn = 0x0
>          key = {data = 0x7f06ff511380, size = 10, ulen = 10, dlen = 0, doff = 0, app_data = 0x0, flags = 2048}
>          idl = 0x0
>          prefix = <optimized out>
>          tmpbuf = 0x0
>          buf = "=referral", '\000' <repeats 2672 times>...
>          typebuf = "objectclass", '\000' <repeats 244 times>
>          ai = 0x7f072e1be6c0
>          basetmp = 0x0
>          basetype = <optimized out>
>          retry_count = 0
>          encrypted_val = 0x0
>          is_and = 0
>          ai_flags = 0
> #17 0x00007f071e214234 in keys2idl (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, type=0x7f06a8203bf0 "objectclass", indextype=indextype at entry=0x7f071e271c87 "eq", ivals=<optimized out>, err=err at entry=0x7f06ff517c8c, unindexed=unindexed at entry=0x7f06ff5154e4, txn=txn at entry=0x7f06ff5154f0, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:986
>          idl2 = 0x74656e2e616a2e76
>          i = 0
> #18 0x00007f071e2149d3 in ava_candidates (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, f=f at entry=0x7f06a82a77f0, ftype=<optimized out>, err=0x7f06ff517c8c, allidslimit=100000, range=0, nextf=0x0) at ldap/servers/slapd/back-ldbm/filterindex.c:288
>          tmp = {bv = {bv_len = 8, bv_val = 0x7f06a8207730 "referral"}, v_csnset = 0x0, v_flags = 0}
>          ptr = {0x7f06ff515540, 0x0}
>          fake = {bv = {bv_len = 8, bv_val = 0x7f06ff5155e0 "referral"}, v_csnset = 0x7f06a81d4d00, v_flags = 1536}
>          buf = "referral\000\000Q\377\006\177\000\000\t", '\000' <repeats 39 times>, "\360\322 \250\006\177\000\000@\037\023\250\006\177\000\000\243\000\000\000\000\000\000\000\020ZQ\377\006\177\000\000\000\000\000\000\000\000\000\000\064\340\363+\a\177\000\000\063\201\351%\a\177\000\000\000\000\000\000\000\000\000\000\350YQ\377\006\177", '\000' <repeats 11 times>, "^\261\363\257M\331eP\337\037\250\006\177\000\000\260VQ\377\006\177\000\000\243\000\000\000\000\000\000\000?\313+\a\177\000\000\350YQ\377\006\177\000\000\300\200\351%\a\177", '\000' <repeats 42 times>...
>          type = 0x7f06a8203bf0 "objectclass"
>          indextype = 0x7f071e271c87 "eq"
>          sv = {bv = {bv_len = 8, bv_val = 0x7f06ff5155e0 "referral"}, v_csnset = 0x7f06a81d4d00, v_flags = 1536}
>          bval = 0x7f06a82a7818
>          ivals = 0x7f06ff515510
>          idl = 0x0
>          unindexed = 0
>          sattr = {a_type = 0x7f06a820ed90 "objectClass", a_present_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_flags = 4, a_plugin = 0x7f072dd48570, a_deleted_values = {num = 0, max = 0, sorted = 0x0, va = 0x0}, a_listtofree = 0x0, a_next = 0x0, a_deletioncsn = 0x0, a_mr_eq_plugin = 0x7f072dcf95c0, a_mr_ord_plugin = 0x0, a_mr_sub_plugin = 0x0}
>          txn = {back_txn_txn = 0x0}
>          pr_idx = -1
> #19 0x00007f071e214fc2 in filter_candidates_ext (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=f at entry=0x7f06a82a77f0, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:111
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #20 0x00007f071e216086 in list_candidates (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", flist=flist at entry=0x7f06a801fe40, ftype=<optimized out>, err=0x7f06ff517c8c, allidslimit=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:817
>          idl = 0x7f06a81a4d90
>          tmp = 0x7f06a81a4d90
>          tmp2 = 0x0
>          f = 0x7f06a82a77f0
>          nextf = 0x0
>          isnot = 0
>          f_count = <optimized out>
>          le_count = <optimized out>
>          ge_count = <optimized out>
>          is_bounded_range = <optimized out>
>          low_val = 0x0
>          high_val = 0x0
>          t1 = 0x7f072bc6a6be <slapi_sdn_set_dn_byref+30> "H\211k\b\210\003H\203\304\bH\211\330[]\303f\220UH\211\365SH\211\373H\203\354\b\350\017\254\376\377H\211\356H\211\337\350t\206\376\377H\203\304\bH\211\330[]\303f.\017\037\204"
>          fpairs = {0x0, 0x0}
>          tpairs = {0x0, 0x0}
>          vpairs = {0x0, 0x0}
>          is_and = 0
> #21 0x00007f071e214f30 in filter_candidates_ext (pb=pb at entry=0x7f06ff51ca90, be=be at entry=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", f=0x7f06a801fe40, nextf=nextf at entry=0x0, range=range at entry=0, err=err at entry=0x7f06ff517c8c, allidslimit=allidslimit at entry=100000) at ldap/servers/slapd/back-ldbm/filterindex.c:144
>          li = <optimized out>
>          result = 0x0
>          ftype = <optimized out>
> #22 0x00007f071e2514b8 in subtree_candidates (pb=pb at entry=0x7f06ff51ca90, be=0x7f072e0f5f20, base=base at entry=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=e at entry=0x7f06a051d150, filter=0x7f06a8211550, managedsait=0, allids_before_scopingp=allids_before_scopingp at entry=0x7f06ff517c7c, err=err at entry=0x7f06ff517c8c) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1210
>          focref = 0x7f06a82a77f0
>          forr = 0x7f06a801fe40
>          ftop = <optimized out>
>          candidates = <optimized out>
>          has_tombstone_filter = <optimized out>
>          isroot = 0
>          allidslimit = 100000
>          op = 0x0
>          is_bulk_import = 0
> #23 0x00007f071e252b9f in build_candidate_list (candidates=0x7f06ff517cb8, lookup_returned_allidsp=0x7f06ff517c7c, scope=<optimized out>, base=0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net", e=<optimized out>, be=<optimized out>, pb=0x7f06ff51ca90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1015
>          filter = 0x7f06a8211550
>          err = 0
>          li = 0x7f072df49930
>          managedsait = 0
>          r = 0
> #24 ldbm_back_search (pb=0x7f06ff51ca90) at ldap/servers/slapd/back-ldbm/ldbm_search.c:657
>          rc = <optimized out>
>          time_up = 0
>          vlv_response_control = {targetPosition = 0, contentCount = 0, result = 0}
>          vlv_rc = 32518
>          lookthrough_limit = 0
>          abandoned = 0
>          be = 0x7f072e0f5f20
>          inst = 0x7f072dfb2010
>          li = 0x7f072df49930
>          e = 0x7f06a051d150
>          candidates = 0x0
>          base = 0x7f06a80be460 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          basesdn = 0x7f06a8208490
>          scope = 2
>          controls = 0x0
>          operation = 0x7f072e615b00
>          addr = 0x7f072e615bd8
>          estimate = 0
>          sort = 0
>          vlv = <optimized out>
>          sort_spec = 0x0
>          is_sorting_critical = <optimized out>
>          is_sorting_critical_orig = 0
>          sort_control = 0x0
>          virtual_list_view = 0
>          vlv_spec = 0x0
>          is_vlv_critical = 0
>          vlv_request_control = {beforeCount = 0, afterCount = 0, tag = 0, index = 0, contentCount = 0, value = {bv_len = 0, bv_val = 0x0}}
>          sr = <optimized out>
>          tmp_err = -1
>          tmp_desc = 0x0
>          lookup_returned_allids = 0
>          backend_count = 0
>          print_once = 1
>          txn = {back_txn_txn = 0x0}
>          rc = <optimized out>
> #25 0x00007f072bca82c6 in op_shared_search (pb=pb at entry=0x7f06ff51ca90, send_result=send_result at entry=1) at ldap/servers/slapd/opshared.c:806
>          be_suffix = 0x7f072de73fa0
>          err = 0
>          next_be = 0x0
>          base = 0x7f06a8225d60 "dc=dirsvc,dc=lib,dc=dev,dc=ja,dc=net"
>          normbase = <optimized out>
>          fstr = 0x7f06a8226950 "(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/ldap-001.dirsvc.lib.dev.ja.net at DIRSVC.LIB.DEV.JA.NET)(krbPrincipalName:caseIgnoreI"...
>          scope = 2
>          be = 0x7f072e0f5f20
>          be_single = 0x0
>          be_list = {0x7f072e0f5f20, 0x0, 0x7f06ff518008, 0x7f06ff517fcc, 0x7f06ff518010, 0xa8201d90, 0x100000000, 0xffffffffffffffff, 0x1, 0xffffffff00000000, 0x0, 0x7f072e0f5f20, 0x7f072df49930, 0x7f06a4074d80, 0x7f06a82a77f0, 0x0, 0x1, 0x5873c1c7, 0x0, 0x7f06a8070440, 0x0, 0x0, 0x7f06a8201d90, 0x65d94daff3b15e00, 0x7f06ff518254, 0x7f06a81647e0, 0x0, 0x7f072bcb114c <plugin_matches_operation+204>, 0x7f06ff518254, 0x65d94daff3b15e00, 0x0, 0x0, 0x7f06a81647e0, 0x0, 0x0, 0x65d94daff3b15e00, 0x0, 0x7f072bcc9018 <send_ldap_result_ext+1656>, 0x0, 0x7f072dfb0a60, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x1a8201d90, 0x10f00010002, 0xffffffcd00000031, 0x7f06a8201d90, 0x0, 0x7f06a812d3c0, 0x1, 0x0, 0x7f06ff5182e8, 0x7f06ff518298, 0x0, 0x7f06ff518298, 0x7f06ff5182a0, 0x0, 0x7f06ff5182e8, 0x65d94daff3b15e00, 0x7f06a81647e0, 0x7f06ff5182a0, 0x7f06a81647e0, 0x7f072bca79a0 <op_shared_search+1024>, 0x7f072bd09f50, 0x7f06ff51c390, 0x7f072bd01e5d, 0x7f072bd01e5d, 0x7f06ff5182b0, 0x1, 0x7f06ff5182a0, 0x100000001, 0x7f0600000000, 0x7f06ff5182e0, 0x0, 0x0, 0x7f06ff5182e0, 0x7f06ff5182d8, 0x7f06ff518254, 0x0, 0x0, 0x7f06ff51825c, 0x7f06ff51835c, 0x7f0700000001, 0xff518650, 0x0, 0x200000001, 0xffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1ffffffff, 0x7f06a804a050, 0x7f072bd09f50, 0x7f06a8231af0, 0x0, 0x0, 0x7f06a8201d90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f0700000001, 0x7f0700000000, 0x0, 0x7f072e0f5f20, 0x0, 0x40000, 0x7f0722fb4424 <__os_id+36>, 0x11, 0x7f06dc7e6f60, 0x7f0719fc3b4c, 0x7f0722e8853e <__db_tas_mutex_lock+398>, 0x0, 0x7f0719f71138, 0x8b1, 0x7f06ff518380, 0x7f06ff518370, 0x7f06ff518368, 0x0, 0x0, 0x7f06db9f36f0, 0x22f4b6d0, 0xffff86ee00000000, 0x65d94daff3b15e00, 0x28, 0x65d94daff3b15e00, 0x7f06db9f6510, 0x7f06db9f6510, 0x0, 0x7f06dc7e6f60, 0x7f06a81780f0, 0x7f072e0efbf0, 0x0, 0x7f0722f4abe8 <__dbc_close+472>, 0x7f06db9f6510, 0x7f06dc7e6f60, 0x7f06ff518570, 0x7f072e0efbf0, 0x7f06ff518650, 0x13, 0x0, 0x7f0722f47968 <__db_put+504>, 0x7f06ff518438, 0x7f06ff518440, 0xffff86eeff518578, 0x7f0722fb4424 <__os_id+36>, 0x
> 0, 0x65d94daff3b15e00, 0x7f0719fda0f8, 0x7f06db9f6510, 0x4, 0x7f071a2e8a70, 0x7f06ff5186c0, 0x65d94daff3b15e00, 0x4, 0x7f0719814160, 0x7f06a81780f0, 0x7f0719410238, 0x7f072e0efbf0, 0x7f072e0eb550, 0x0, 0x65d94daff3b15e00, 0x7f072e2c2b60, 0x7f072e0efbf0, 0x7f06ff518650, 0x7f072e0efbf0, 0x7f06ff518650, 0x7f06ff518570, 0x7f06dc7e6f60, 0x7f0722f5cc69 <__db_put_pp+489>, 0x13, 0x7f06a81780f0, 0x0, 0x65d94daff3b15e00, 0x7f0700000000, 0x7f06ff518650, 0x7f072e1b8d80, 0x1, 0x7f06a8104438, 0x7f072dfaef40, 0x0, 0x7f071e21c9df <idl_new_insert_key+127>, 0x7f06ff51856c, 0x100000001, 0x7f06ff51856c, 0x400000004, 0x0, 0x0, 0x800, 0x7f071e48df6e <prefix_PRESENCE>, 0x7f071e271c8a, 0x7f071e22c0b4 <addordel_values_sv+1972>, 0x0, 0x0, 0x7f0719acf878, 0x65d94daff3b15e00...}
>          referral_list = {0x0, 0x7f07219e4bbd <aclutil_print_aci+45>, 0x7f06a820a8a0, 0x7f072bc5cb5f <attr_syntax_return_locking_optional+47>, 0x7f072dcfe270, 0x7f06ff51a068, 0x0, 0x7f072bc5d851 <slapi_attr_type2plugin+113>, 0x7f072dfb6f10, 0x0, 0x75676e6974736964, 0x6d614e6465687369, 0x7f072e1d0065, 0x7f072e0efbf0, 0x7f072dec6670, 0x7f06ff51a0c8, 0x7f071a1b9328, 0x11eabc, 0x7f06ff51a150, 0x7f0722f9a289 <__log_putr+809>, 0x313533353335383d, 0x7f0725e9eddb <keystring_validate+27>, 0x63646137612d3665, 0x7f06a821ede5, 0x7f06a821ede2, 0x7f0725e9f2a9 <rdn_validate+329>, 0x7f06a821ede6, 0x65d94daff3b15e00, 0x7f06a821ede5, 0x7f06ff519ff0, 0x7f06ff51a080, 0x0, 0x2000, 0x7f0725e9f12b <utf8string_validate+123>, 0x7f06a8202402, 0x65d94daff3b15e00, 0x0, 0xffffffff, 0x7f06ff51a078, 0x7f072bcbb6f7 <slapi_entry_syntax_check+615>, 0x7f06a820d380, 0x7f06a821f1a0, 0xa820d3c6, 0x7f06ff51a070, 0x7f06ff51ca90, 0x7f06ff51ca90, 0x7f06ff51a080, 0x7f06ff51a06c, 0xff51a080, 0x100000000, 0x0, 0x0, 0x7f06a813b810, 0x7f072bcec7ad <slapi_value_set_string_passin+45>, 0x0, 0x0, 0x0, 0x0, 0x4172a1de00000000, 0x21a407bd7524998f, 0x3645c82849fde36a, 0x1915757f5009fe9b, 0x10e7015d36895918, 0x65d94daff3b15e00, 0x6d305733e44872b, 0x84c5806, 0x95331d3, 0x7f071b13664a <felem_mul+1098>, 0x75a8c72, 0xa80cf37, 0x15019e6e, 0x18343943, 0xeb518e4, 0x84c5806, 0x1098b00c, 0x29949d46, 0x95331d3, 0x7f06ff51a430, 0x28cade975e3ae09, 0x2910a07c1523f21, 0x5c7e5f59d07be14, 0x585f10ef8b5a560, 0xb5e830978fe5484, 0x874b52541b17aef, 0x0, 0x0, 0x0, 0x0, 0x3213b28500000000, 0x40a3ea9068c400b4, 0x2b1c1bd832cc1691, 0x261eb0de5e58ee01, 0x0, 0x0, 0x0, 0x0, 0x387eb4dd00000000, 0x271a53e38cfca2ae, 0x3771e41d66064fa4, 0x204162ce72e5a60f, 0x25451f8e574a21ab, 0x65d94daff3b15e00, 0x54a50280a2e9b52, 0x208cd256370bda0, 0x28d140029972610, 0x7f071b1361c9 <felem_square+601>, 0xc447e3b, 0x2ec41814, 0x0, 0xadc15b7bef4c14, 0xf02e0c40044ab2, 0x96d5cb2b1153c4, 0x2b02e91bd44260b, 0x2f35c5b280935fe, 0x38712f30eabe338, 0x2f90e7f0ca15abe, 0x7d0fa473a15cb31, 0x558092c6e67dfbe, 0x54a50280a2e9b52, 0x
> 47deeb80793c67e, 0x8dd094192eb937b, 0x3beddd2bf6971aa, 0x3c7740126f6b086, 0x28d140029972610, 0x35bc733134bcff1, 0x65d94daff3b15e00, 0x7f06101437a9, 0x7f06ff51a400, 0x7f06ff51a430, 0x7f06ff51a3d0, 0x7f06ff51b080, 0x7f06ff51a400, 0x7f06ff51a430, 0x7f071b136998 <point_double+792>, 0x0, 0x0, 0x0, 0x0, 0x2e8b02a800000000, 0x4a31b3d86f9fa7c5, 0x24b2582d66927aa9, 0x27b0640c594bc4be, 0x113e066831ad84b7, 0x65d94daff3b15e00, 0x200b1bc7ff0b8e7, 0xf80cabc, 0x5377d9a, 0x7f071b13664a <felem_mul+1098>, 0x1a018ad, 0x1b94be1, 0x37297c2, 0xd45b196, 0x340315a, 0xf80cabc, 0x1f019578, 0x9d57023, 0x5377d9a, 0x7f06ff51a920, 0x1b533c4a4a4a328, 0x97536827a57936, 0x1c261f24ff79f50, 0xfaf12be99989b4, 0x21e00453ba0a64f, 0x2ab575e30562748, 0x57d34dd646c6325, 0x2dc97b84a68d2f0, 0x64c599d92e7fa54, 0x2f41e46d413d79f, 0x478e28091c8976c, 0x36be9bc38a854ee, 0x57eaae295520fb5, 0x3022a28e943a35b, 0x3ae2066a5226c65, 0x12cd1c29578d0fc, 0x11f411f7be8eb2e, 0x65d94daff3b15e00, 0x7f06a812b2c0, 0x7f06ff51a5c0, 0x7f06ff51a590, 0x7f06ff51b0e0, 0x7f06ff51b0b0, 0x7f06ff51a5c0, Quit
>
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander





From nirajkumar.singh at accenture.com  Tue Jan 10 09:37:33 2017
From: nirajkumar.singh at accenture.com (nirajkumar.singh at accenture.com)
Date: Tue, 10 Jan 2017 09:37:33 +0000
Subject: [Freeipa-users] Not able to replicate user keys across master and
	client
Message-ID: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>

Hi Team,

We have Created PPK key for the user on master FreeIPA server  which is there in /home/user/.ssh/authorized_keys file.

But the key are not reflecting in client machine.

Please suggest so that authorized_keys file added automatically in client as soon as it gets created in master server.

Thanks,
Niraj

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170110/9187fd55/attachment.htm>

From sbose at redhat.com  Tue Jan 10 10:01:01 2017
From: sbose at redhat.com (Sumit Bose)
Date: Tue, 10 Jan 2017 11:01:01 +0100
Subject: [Freeipa-users] Not able to replicate user keys across master
 and client
In-Reply-To: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
References: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
Message-ID: <20170110100101.GI19759@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Tue, Jan 10, 2017 at 09:37:33AM +0000, nirajkumar.singh at accenture.com wrote:
> Hi Team,
> 
> We have Created PPK key for the user on master FreeIPA server  which is there in /home/user/.ssh/authorized_keys file.
> 
> But the key are not reflecting in client machine.
> 
> Please suggest so that authorized_keys file added automatically in client as soon as it gets created in master server.

You have to add the public key to the IPA user object with 'ipa user-mod
--sshpubkey=STR'. Then SSSD will take are on IPA client (and the
servers) that the key can be read by sshd with the
sss_ssh_authorizedkeys command. The needed configuration line
'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys' in
/etc/ssh/sshd_config should be already added by ipa-client-install.

HTH

bye,
Sumit

> 
> Thanks,
> Niraj
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
> 
> www.accenture.com

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From Adam.Bishop at jisc.ac.uk  Tue Jan 10 11:58:30 2017
From: Adam.Bishop at jisc.ac.uk (Adam Bishop)
Date: Tue, 10 Jan 2017 11:58:30 +0000
Subject: [Freeipa-users] DirSrv hanging
In-Reply-To: <5874A7C0.7080708@redhat.com>
References: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>
	<67F33439-B7BC-490B-9C09-4D1AC00FF89B@jisc.ac.uk>
	<5874A7C0.7080708@redhat.com>
Message-ID: <DB3DDC7A-7068-466D-A230-F143CA03670C@jisc.ac.uk>

On 10 Jan 2017, at 09:22, Ludwig Krispenz <lkrispen at redhat.com> wrote:
> this is a hang inside BerkeleyDB and we have so far not been able to resolve it, also with Oracle support. The weird thing is that from the code in BDB this should not be possible, but it is happening. Ther is a suspicion that it could be an effect of VMs, where the wrong page is accessed, but no further evidence on this.

I can confirm we're we are running in a VM (ESXi 6.0), which gives me a few ideas. I've migrated our instance to faster storage and to a host topologically closer to the storage array to reduce latency.

> You can try to change the timing pattern of checkpointing, eg by changing the checkpoint interval or the dbcache size, but there is no guarantee it will help.

I'll give that a try.

Is there any additional telemetry you would like me to capture if it occurs again?

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  




From d.mueller2 at rto.de  Tue Jan 10 13:18:53 2017
From: d.mueller2 at rto.de (=?utf-8?B?RGVuaXMgTcO8bGxlcg==?=)
Date: Tue, 10 Jan 2017 13:18:53 +0000
Subject: [Freeipa-users] Question for managing ad-users
Message-ID: <1484054327.15110.51.camel@rto.de>

Hi FreeIpa Community,

i'm actually new to the software and have some basic questions. We have linux users in in active directory.

To be more flexible, we would like to install freeipa, import all users from ad and manage all the stuff like ssh, sudo etc. from ipa.

1. Do i need establish a trust first like mentioned here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-one-two-way

2. Or can we just create a sync to import all "linux-users" from ad into ipa and manage them just like ipa-users:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/managing-sync-agmt.html

3. ipa-replica-manage connect --winsync --binddn  cn=administrator,cn=users,dc=example,dc=com  --bindpw "***" --passsync "***" --cacert /root/dc1.crt dc1.example.com -v

getting an error:

Traceback (most recent call last):
  File "/usr/sbin/ipa-replica-manage", line 1607, in <module>
    main(options, args)
  File "/usr/sbin/ipa-replica-manage", line 1566, in main
    add_link(realm, replica1, replica2, dirman_passwd, options)
  File "/usr/sbin/ipa-replica-manage", line 1118, in add_link
    if not ds.add_ca_cert(options.cacert):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1018, in add_ca_cert
    certdb.load_cacert(cacert_fname, 'C,,')
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 261, in load_cacert
    (rdn, subject_dn) = get_cert_nickname(cert)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 67, in get_cert_nickname
    return (str(dn[0]), dn)
  File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1170, in __getitem__
    return self._get_rdn(self.rdns[key])
IndexError: list index out of range
Unexpected error: list index out of range

[root at ipa01<mailto:root at ipa01> ~]# uname -r
3.10.0-327.el7.x86_64
[root at ipa01<mailto:root at ipa01> ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

We would appreciate any help,

greets,
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170110/38f4f1a6/attachment.htm>

From Adam.Bishop at jisc.ac.uk  Tue Jan 10 17:16:03 2017
From: Adam.Bishop at jisc.ac.uk (Adam Bishop)
Date: Tue, 10 Jan 2017 17:16:03 +0000
Subject: [Freeipa-users] DirSrv hanging
In-Reply-To: <DB3DDC7A-7068-466D-A230-F143CA03670C@jisc.ac.uk>
References: <CA70C99B-E370-40A7-BB41-D3EE3C900F99@jisc.ac.uk>
	<67F33439-B7BC-490B-9C09-4D1AC00FF89B@jisc.ac.uk>
	<5874A7C0.7080708@redhat.com>
	<DB3DDC7A-7068-466D-A230-F143CA03670C@jisc.ac.uk>
Message-ID: <1EE2EC49-8E55-4189-BCD2-2AB8579565F1@jisc.ac.uk>

On 10 Jan 2017, at 11:58, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> On 10 Jan 2017, at 09:22, Ludwig Krispenz <lkrispen at redhat.com> wrote:
>> this is a hang inside BerkeleyDB and we have so far not been able to resolve it, also with Oracle support. The weird thing is that from the code in BDB this should not be possible, but it is happening. Ther is a suspicion that it could be an effect of VMs, where the wrong page is accessed, but no further evidence on this.
> 
> I can confirm we're we are running in a VM (ESXi 6.0), which gives me a few ideas. I've migrated our instance to faster storage and to a host topologically closer to the storage array to reduce latency.

Touch wood, the reduced storage latency and higher IO throughput has mitigated the issue. DirSrv has not hung again so far.

Regards,

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc?s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  




From bob at jackland.demon.co.uk  Tue Jan 10 19:27:04 2017
From: bob at jackland.demon.co.uk (Bob Hinton)
Date: Tue, 10 Jan 2017 19:27:04 +0000
Subject: [Freeipa-users] pki-tomcat failed.
Message-ID: <c94a004b-4233-f30d-b253-85ae496fd675@jackland.demon.co.uk>

Hi,

The pki-tomcatd services on our IPA servers seem to have stopped working.

This seems to be related to the expiry of several certificates -

[root at ipa001 ~]# getcert list | more
Number of certificates and requests being tracked: 8.
Request ID '20161230150048':
        status: MONITORING
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=LOCAL.COM
        subject: CN=CA Audit,O=LOCAL.COM
        expires: 2017-01-09 08:21:45 UTC
        key usage: digitalSignature,nonRepudiation
        pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
        post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20161230150049':
        status: MONITORING
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=LOCAL.COM
        subject: CN=OCSP Subsystem,O=LOCAL.COM
        expires: 2017-01-09 08:21:45 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        eku: id-kp-OCSPSigning
        pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
        post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"ocspSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes

These were originally in CA_WORKING state, but I moved the clock back
and restarted certmonger to try to renew them.


/var/log/pki/pki-tomcat/ca/debug contains

[10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
errorIfDown true
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificateSelectionCB: Setting desired cert nickname to:
subsystemCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
client auth cert nickname subsystemCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificatSelectionCB: Entering!
[10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
caSigningCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
Server-Cert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificateSelectionCB: returning: null
[10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host ipa001.mgmt.local.com port 636
Error netscape.ldap.LDAPException: Authentication failed (48)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
        at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
        at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
        at javax.servlet.GenericServlet.init(GenericServlet.java:158)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
        at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
        at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
        at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
        at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
        at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
        at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
        at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Internal Database Error encountered: Could not connect to LDAP server
host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
Authentication failed (48)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)

The only connection attempt I can find relating to err=48 in the slapd
access log is -


[10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
connection from 10.220.6.250 to 10.220.6.250
[10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
[10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
method=sasl version=3 mech=EXTERNAL
[10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
tag=97 nentries=0 etime=0
[10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"

We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.

 ipa --version
VERSION: 4.4.0, API_VERSION: 2.213

The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
longer exists, I don't know if that's relevant.

Anyway, I'm stumped on how to fix this so could anyone please help.

Many thanks

Bob



From bob at rha-ltd.co.uk  Tue Jan 10 20:31:53 2017
From: bob at rha-ltd.co.uk (Bob Hinton)
Date: Tue, 10 Jan 2017 20:31:53 +0000
Subject: [Freeipa-users] pki-tomcat failure
Message-ID: <98524118-0880-ed42-4f09-0e3d7f349cc2@rha-ltd.co.uk>

Hi,

The pki-tomcatd services on our IPA servers seem to have stopped working.

This seems to be related to the expiry of several certificates -

[root at ipa001 ~]# getcert list | more
Number of certificates and requests being tracked: 8.
Request ID '20161230150048':
        status: MONITORING
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=LOCAL.COM
        subject: CN=CA Audit,O=LOCAL.COM
        expires: 2017-01-09 08:21:45 UTC
        key usage: digitalSignature,nonRepudiation
        pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
        post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20161230150049':
        status: MONITORING
        stuck: no
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=LOCAL.COM
        subject: CN=OCSP Subsystem,O=LOCAL.COM
        expires: 2017-01-09 08:21:45 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        eku: id-kp-OCSPSigning
        pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
        post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
"ocspSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes

These were originally in CA_WORKING state, but I moved the clock back
and restarted certmonger to try to renew them.


/var/log/pki/pki-tomcat/ca/debug contains

[10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
errorIfDown true
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificateSelectionCB: Setting desired cert nickname to:
subsystemCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
client auth cert nickname subsystemCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificatSelectionCB: Entering!
[10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
caSigningCert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
Server-Cert cert-pki-ca
[10/Jan/2017:18:35:37][localhost-startStop-1]:
SSLClientCertificateSelectionCB: returning: null
[10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host ipa001.mgmt.local.com port 636
Error netscape.ldap.LDAPException: Authentication failed (48)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
        at
com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
        at
com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
        at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
        at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
        at
com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
        at javax.servlet.GenericServlet.init(GenericServlet.java:158)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
        at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
        at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
        at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
        at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
        at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
        at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
        at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
        at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
        at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
        at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
        at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Internal Database Error encountered: Could not connect to LDAP server
host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
Authentication failed (48)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)

The only connection attempt I can find relating to err=48 in the slapd
access log is -


[10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
connection from 10.220.6.250 to 10.220.6.250
[10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
[10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
method=sasl version=3 mech=EXTERNAL
[10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
tag=97 nentries=0 etime=0
[10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"

We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.

 ipa --version
VERSION: 4.4.0, API_VERSION: 2.213

The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
longer exists, I don't know if that's relevant.

Anyway, I'm stumped on how to fix this so could anyone please help.

Many thanks

Bob



From adam.tkac at gooddata.com  Tue Jan 10 20:47:30 2017
From: adam.tkac at gooddata.com (Adam Tkac)
Date: Tue, 10 Jan 2017 21:47:30 +0100
Subject: [Freeipa-users] pki-tomcat failed.
In-Reply-To: <c94a004b-4233-f30d-b253-85ae496fd675@jackland.demon.co.uk>
References: <c94a004b-4233-f30d-b253-85ae496fd675@jackland.demon.co.uk>
Message-ID: <20170110204729.GA2367@atkac-gd>

Hello,

we hit similar issue (although due to different conditions - we rotated
root CA cert and then newly issued certificates were wrongly signed), we
were also unable to start tomcat. If I remember correctly, we switched dogtag
to use simple binds instead of TLS to connect to LDAP this way.

1. systemctl stop pki-tomcatd at pki-tomcat.service
2. backup /etc/pki/pki-tomcat/ca/CS.cfg and /etc/pki/pki-tomcat/password.conf
3. add directory manager password into password.conf file, it should be line
like

internaldb=my_directory_manager_password

4. tune CS.cfg a little, take this diff as an example

+internaldb.ldapauth.authtype=BasicAuth
+internaldb.ldapauth.bindDN=cn=Directory Manager
+internaldb.ldapauth.bindPWPrompt=internaldb
-internaldb.ldapauth.authtype=SslClientAuth
-internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
 internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
 internaldb.ldapconn.cloneReplicationPort=389
 internaldb.ldapconn.masterReplicationPort=7389
+internaldb.ldapconn.port=389
-internaldb.ldapconn.port=636
 internaldb.ldapconn.replicationSecurity=TLS
+internaldb.ldapconn.secureConn=false
-internaldb.ldapconn.secureConn=true

5. systemctl start pki-tomcatd at pki-tomcat.service

Now tomcat should run correctly and you should be able to resubmit expired
certs and you can start to experiment with switch dogtag back to TLS auth.
Hope this helps you.

Regards, Adam

On Tue, Jan 10, 2017 at 07:27:04PM +0000, Bob Hinton wrote:
> Hi,
> 
> The pki-tomcatd services on our IPA servers seem to have stopped working.
> 
> This seems to be related to the expiry of several certificates -
> 
> [root at ipa001 ~]# getcert list | more
> Number of certificates and requests being tracked: 8.
> Request ID '20161230150048':
>         status: MONITORING
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=LOCAL.COM
>         subject: CN=CA Audit,O=LOCAL.COM
>         expires: 2017-01-09 08:21:45 UTC
>         key usage: digitalSignature,nonRepudiation
>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
> "auditSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20161230150049':
>         status: MONITORING
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=LOCAL.COM
>         subject: CN=OCSP Subsystem,O=LOCAL.COM
>         expires: 2017-01-09 08:21:45 UTC
>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>         eku: id-kp-OCSPSigning
>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
> "ocspSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> 
> These were originally in CA_WORKING state, but I moved the clock back
> and restarted certmonger to try to renew them.
> 
> 
> /var/log/pki/pki-tomcat/ca/debug contains
> 
> [10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
> errorIfDown true
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
> subsystemCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
> client auth cert nickname subsystemCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificatSelectionCB: Entering!
> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
> caSigningCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
> Server-Cert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: returning: null
> [10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
> Could not connect to LDAP server host ipa001.mgmt.local.com port 636
> Error netscape.ldap.LDAPException: Authentication failed (48)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>         at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>         at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>         at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>         at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>         at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>         at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>         at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>         at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>         at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Internal Database Error encountered: Could not connect to LDAP server
> host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
> Authentication failed (48)
>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
> 
> The only connection attempt I can find relating to err=48 in the slapd
> access log is -
> 
> 
> [10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
> connection from 10.220.6.250 to 10.220.6.250
> [10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
> [10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
> method=sasl version=3 mech=EXTERNAL
> [10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
> tag=97 nentries=0 etime=0
> [10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
> 
> We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.
> 
>  ipa --version
> VERSION: 4.4.0, API_VERSION: 2.213
> 
> The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
> longer exists, I don't know if that's relevant.
> 
> Anyway, I'm stumped on how to fix this so could anyone please help.
> 
> Many thanks
> 
> Bob
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Adam Tkac



From bob at rha-ltd.co.uk  Tue Jan 10 23:39:39 2017
From: bob at rha-ltd.co.uk (Bob Hinton)
Date: Tue, 10 Jan 2017 23:39:39 +0000
Subject: [Freeipa-users] pki-tomcat failed. [SOLVED]
In-Reply-To: <20170110204729.GA2367@atkac-gd>
References: <c94a004b-4233-f30d-b253-85ae496fd675@jackland.demon.co.uk>
	<20170110204729.GA2367@atkac-gd>
Message-ID: <85f82fd6-b20b-5297-4a73-c74101d347a5@rha-ltd.co.uk>

Hi Adam,

With the change to ldap instead of ldaps on the CA master that you
suggested I was able to move the system clock to before the certificate
expiry time then do

ipactl start --ignore-service-failures
systemctl start pki-tomcat at pki-tomcat.service
   then start the pki ca service manually as stated in "systemctl status
pki-tomcat at pki-tomcat.service -l"
service certmonger restart

I then ran "getcert list | more" and waited until all the certificates
had updated

After that "ipactl stop; ipactl start" completed without errors and I
could reenable ntpd and vmware tools timesync.

Finally ipa-certupdate seems to have been needed to propagate the new
certs to the other replicas.

Many thanks

Bob

On 10/01/2017 20:47, Adam Tkac wrote:
> Hello,
>
> we hit similar issue (although due to different conditions - we rotated
> root CA cert and then newly issued certificates were wrongly signed), we
> were also unable to start tomcat. If I remember correctly, we switched dogtag
> to use simple binds instead of TLS to connect to LDAP this way.
>
> 1. systemctl stop pki-tomcatd at pki-tomcat.service
> 2. backup /etc/pki/pki-tomcat/ca/CS.cfg and /etc/pki/pki-tomcat/password.conf
> 3. add directory manager password into password.conf file, it should be line
> like
>
> internaldb=my_directory_manager_password
>
> 4. tune CS.cfg a little, take this diff as an example
>
> +internaldb.ldapauth.authtype=BasicAuth
> +internaldb.ldapauth.bindDN=cn=Directory Manager
> +internaldb.ldapauth.bindPWPrompt=internaldb
> -internaldb.ldapauth.authtype=SslClientAuth
> -internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
>  internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
>  internaldb.ldapconn.cloneReplicationPort=389
>  internaldb.ldapconn.masterReplicationPort=7389
> +internaldb.ldapconn.port=389
> -internaldb.ldapconn.port=636
>  internaldb.ldapconn.replicationSecurity=TLS
> +internaldb.ldapconn.secureConn=false
> -internaldb.ldapconn.secureConn=true
>
> 5. systemctl start pki-tomcatd at pki-tomcat.service
>
> Now tomcat should run correctly and you should be able to resubmit expired
> certs and you can start to experiment with switch dogtag back to TLS auth.
> Hope this helps you.
>
> Regards, Adam
>
> On Tue, Jan 10, 2017 at 07:27:04PM +0000, Bob Hinton wrote:
>> Hi,
>>
>> The pki-tomcatd services on our IPA servers seem to have stopped working.
>>
>> This seems to be related to the expiry of several certificates -
>>
>> [root at ipa001 ~]# getcert list | more
>> Number of certificates and requests being tracked: 8.
>> Request ID '20161230150048':
>>         status: MONITORING
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=LOCAL.COM
>>         subject: CN=CA Audit,O=LOCAL.COM
>>         expires: 2017-01-09 08:21:45 UTC
>>         key usage: digitalSignature,nonRepudiation
>>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
>> "auditSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20161230150049':
>>         status: MONITORING
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=LOCAL.COM
>>         subject: CN=OCSP Subsystem,O=LOCAL.COM
>>         expires: 2017-01-09 08:21:45 UTC
>>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>         eku: id-kp-OCSPSigning
>>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
>> "ocspSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>>
>> These were originally in CA_WORKING state, but I moved the clock back
>> and restarted certmonger to try to renew them.
>>
>>
>> /var/log/pki/pki-tomcat/ca/debug contains
>>
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
>> errorIfDown true
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
>> subsystemCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
>> client auth cert nickname subsystemCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificatSelectionCB: Entering!
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
>> caSigningCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
>> Server-Cert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: returning: null
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
>> Could not connect to LDAP server host ipa001.mgmt.local.com port 636
>> Error netscape.ldap.LDAPException: Authentication failed (48)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
>>         at
>> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>>         at
>> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>>         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>>         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>>         at
>> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>>         at
>> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>>         at
>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>>         at
>> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>>         at
>> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>>         at
>> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>>         at
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>>         at
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>>         at
>> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>>         at
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>>         at
>> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>>         at
>> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>>         at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>         at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>         at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>         at java.lang.Thread.run(Thread.java:745)
>> Internal Database Error encountered: Could not connect to LDAP server
>> host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
>> Authentication failed (48)
>>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>>
>> The only connection attempt I can find relating to err=48 in the slapd
>> access log is -
>>
>>
>> [10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
>> connection from 10.220.6.250 to 10.220.6.250
>> [10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
>> [10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
>> method=sasl version=3 mech=EXTERNAL
>> [10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
>> tag=97 nentries=0 etime=0
>> [10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
>> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
>>
>> We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.
>>
>>  ipa --version
>> VERSION: 4.4.0, API_VERSION: 2.213
>>
>> The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
>> longer exists, I don't know if that's relevant.
>>
>> Anyway, I'm stumped on how to fix this so could anyone please help.
>>
>> Many thanks
>>
>> Bob
>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project




From matrix.zj at qq.com  Wed Jan 11 02:55:18 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Wed, 11 Jan 2017 10:55:18 +0800
Subject: [Freeipa-users] ipa_server and ipa_backup_server failover time
In-Reply-To: <20170109110222.urw7f4t3aqpq57mb@hendrix>
References: <tencent_229B76D9413A6F1E5B528044@qq.com>
	<20170109081101.uqod6m7m3po7tqn3@hendrix>
	<tencent_5A2AEA40072D56531E778737@qq.com>
	<20170109110222.urw7f4t3aqpq57mb@hendrix>
Message-ID: <tencent_0A897A7442CB66F01A573C00@qq.com>

------------------ Original ------------------
From:  "Jakub Hrozek";<jhrozek at redhat.com>;
Date:  Mon, Jan 9, 2017 07:04 PM
To:  "Matrix"<matrix.zj at qq.com>; 
Cc:  "freeipa-users"<freeipa-users at redhat.com>; 
Subject:  Re: [Freeipa-users] ipa_server and ipa_backup_server failover time



(please keep CC-ing the list..)

On Mon, Jan 09, 2017 at 04:39:04PM +0800, Matrix wrote:
> Sorry, i did not trigger authentication at all. Just to check sssd logs. around 15 minutes later, I saw below messages shown:
> 
> (Mon Jan  9 01:46:35 2017) [sssd[be[fwmrm.net]]] [fo_set_port_status] (0x0100): Marking port 0 of server 'ipa02.example.com' as 'working'
> 
> Re-check it with authentication, failover will be happened immediately. 

Yes, then that is expected, the identity lookup was probably answered from
the cache.

> 
> >> No, sorry, the timeouts for switching between back up and primary
> >> servers are hardcoded.
> 
> May I know how long it will take for worst case? 

> Seems to be 30 minutes:
>   https://github.com/SSSD/sssd/blob/master/src/providers/data_provider_fo.c#L49

It should be 30 seconds? 30 min is too long. and in man page, has been explained as 30 seconds

Matrix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/ef46e59d/attachment.htm>

From th at casalogic.dk  Wed Jan 11 10:01:22 2017
From: th at casalogic.dk (Troels Hansen)
Date: Wed, 11 Jan 2017 11:01:22 +0100 (CET)
Subject: [Freeipa-users] Different cache on 2 IPA servers
Message-ID: <1767762709.1619832.1484128882213.JavaMail.zimbra@casalogic.dk>

Hi, we have just seen a weird issue, which I need some advice on. 

We have 2 IPA 4.4 servere in a AD trust and a number of Linux clients connected. 

A little story of what we experienced. 
We had a AD user which sometimes couldn't log in to a server, because his shell was being set to /bin/false by SSSD. 

"sss_cache -E", deleting local cache in /var/lib/sssd/mc and db and restarting SSSD sometimes led to the users having a correct shell set, but still, after some hours most likely having his shell being set back to /bin/false. 

We discovered that when the clients was connected to one IPA server the shell was set to /bin/false and when connected to the other, the shell from SSSD, default_shell was set. 

This led us to investigate the SSSD cache (in /var/lib/sssd/db/) on the IPA serveres, and there we discovered that on one server a loginShell was set whilst it wasn't on the other. 

ldapsearch the user on the AD servers had the loginShell: /bin/false 

However, one IPA server still had an idea that loginShell wasn't set. 

sss_cache -E on the IPA server correcthe the issue. 

This attribute have been on the user for ages, so do anyone have any idea of how this can happen? 

sssd config and everything about the serveres are the same. Also, SSSD cache config.ldb contained the same values on both servers. 


Second question. The reason for the loginshell being set on some users is that they used to be 
Hi, we have just seen a weird issue, which I need some advice on. 

We have 2 IPA 4.4 servere in a AD trust and a number of Linux clients connected. 

A little story of what we experienced. 
We had a AD user which sometimes couldn't log in to a server, because his shell was being set to /bin/false by SSSD. 

"sss_cache -E", deleting local cache in /var/lib/sssd/mc and db and restarting SSSD sometimes led to the users having a correct shell set, but still, after some hours most likely having his shell being set back to /bin/false. 

We discovered that when the clients was connected to one IPA server the shell was set to /bin/false and when connected to the other, the shell from SSSD, default_shell was set. 

This led us to investigate the SSSD cache (in /var/lib/sssd/db/) on the IPA serveres, and there we discovered that on one server a loginShell was set whilst it wasn't on the other. 

ldapsearch the user on the AD servers had the loginShell: /bin/false 

However, one IPA server still had an idea that loginShell wasn't set. 

sss_cache -E on the IPA server correcthe the issue. 

This attribute have been on the user for ages, so do anyone have any idea of how this can happen? 

So, the actual error was that the user was actually allowed to log in but as we discovered the actual reason, the question is, why the cache isn't updated and contains different content on the IPA servers. 

sssd config and everything about the serveres are the same. Also, SSSD cache config.ldb contained the same values on both servers. 


Second question. The reason for the loginshell being set on some users is that they used to be QAU, which enabled the UNIX attributes on the user, and disabling the user in QAS sets the shell to /bin/false. 
So, what we would really like is to override if a user have a shell in AD, by setting "ldap_user_shell = something-false" on the IPA servers, but this isn't inherited to sub-domains? 

Can disabling shell's be accomplished somehow else? 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/ec2ea62f/attachment.htm>

From sbose at redhat.com  Wed Jan 11 11:51:28 2017
From: sbose at redhat.com (Sumit Bose)
Date: Wed, 11 Jan 2017 12:51:28 +0100
Subject: [Freeipa-users] Different cache on 2 IPA servers
In-Reply-To: <1767762709.1619832.1484128882213.JavaMail.zimbra@casalogic.dk>
References: <1767762709.1619832.1484128882213.JavaMail.zimbra@casalogic.dk>
Message-ID: <20170111115128.GL19759@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Wed, Jan 11, 2017 at 11:01:22AM +0100, Troels Hansen wrote:
> Hi, we have just seen a weird issue, which I need some advice on. 
> 
> We have 2 IPA 4.4 servere in a AD trust and a number of Linux clients connected. 
> 
> A little story of what we experienced. 
> We had a AD user which sometimes couldn't log in to a server, because his shell was being set to /bin/false by SSSD. 
> 
> "sss_cache -E", deleting local cache in /var/lib/sssd/mc and db and restarting SSSD sometimes led to the users having a correct shell set, but still, after some hours most likely having his shell being set back to /bin/false. 
> 
> We discovered that when the clients was connected to one IPA server the shell was set to /bin/false and when connected to the other, the shell from SSSD, default_shell was set. 
> 
> This led us to investigate the SSSD cache (in /var/lib/sssd/db/) on the IPA serveres, and there we discovered that on one server a loginShell was set whilst it wasn't on the other. 
> 
> ldapsearch the user on the AD servers had the loginShell: /bin/false 
> 
> However, one IPA server still had an idea that loginShell wasn't set. 
> 
> sss_cache -E on the IPA server correcthe the issue. 
> 
> This attribute have been on the user for ages, so do anyone have any idea of how this can happen? 
> 
> sssd config and everything about the serveres are the same. Also, SSSD cache config.ldb contained the same values on both servers. 
> 
> 
> Second question. The reason for the loginshell being set on some users is that they used to be 
> Hi, we have just seen a weird issue, which I need some advice on. 
> 
> We have 2 IPA 4.4 servere in a AD trust and a number of Linux clients connected. 
> 
> A little story of what we experienced. 
> We had a AD user which sometimes couldn't log in to a server, because his shell was being set to /bin/false by SSSD. 
> 
> "sss_cache -E", deleting local cache in /var/lib/sssd/mc and db and restarting SSSD sometimes led to the users having a correct shell set, but still, after some hours most likely having his shell being set back to /bin/false. 
> 
> We discovered that when the clients was connected to one IPA server the shell was set to /bin/false and when connected to the other, the shell from SSSD, default_shell was set. 
> 
> This led us to investigate the SSSD cache (in /var/lib/sssd/db/) on the IPA serveres, and there we discovered that on one server a loginShell was set whilst it wasn't on the other. 
> 
> ldapsearch the user on the AD servers had the loginShell: /bin/false 
> 
> However, one IPA server still had an idea that loginShell wasn't set. 
> 
> sss_cache -E on the IPA server correcthe the issue. 
> 
> This attribute have been on the user for ages, so do anyone have any idea of how this can happen? 

I guess this is because the last update on one server was done with data
from LDAP while the other used data from the Global Catalog. In general
missing data in the GC should not remove the data read from LDAP, there
is already https://fedorahosted.org/sssd/ticket/2474 to track this.

> 
> So, the actual error was that the user was actually allowed to log in but as we discovered the actual reason, the question is, why the cache isn't updated and contains different content on the IPA servers. 
> 
> sssd config and everything about the serveres are the same. Also, SSSD cache config.ldb contained the same values on both servers. 
> 
> 
> Second question. The reason for the loginshell being set on some users is that they used to be QAU, which enabled the UNIX attributes on the user, and disabling the user in QAS sets the shell to /bin/false. 
> So, what we would really like is to override if a user have a shell in AD, by setting "ldap_user_shell = something-false" on the IPA servers, but this isn't inherited to sub-domains? 
> 
> Can disabling shell's be accomplished somehow else? 

We plan to allow to configure sub-domains individually in one of the
next releases, see https://fedorahosted.org/sssd/ticket/2599 .

In the meantime you might want to try id-overrides for users which have
/bin/false set as shell in AD?

HTH

bye,
Sumit

> 
> 

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From th at casalogic.dk  Wed Jan 11 12:33:27 2017
From: th at casalogic.dk (Troels Hansen)
Date: Wed, 11 Jan 2017 13:33:27 +0100 (CET)
Subject: [Freeipa-users] Different cache on 2 IPA servers
In-Reply-To: <20170111115128.GL19759@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <1767762709.1619832.1484128882213.JavaMail.zimbra@casalogic.dk>
	<20170111115128.GL19759@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <1751182082.1622863.1484138007376.JavaMail.zimbra@casalogic.dk>

Hi Sumit

----- On Jan 11, 2017, at 12:51 PM, Sumit Bose sbose at redhat.com wrote:

> 
> I guess this is because the last update on one server was done with data
> from LDAP while the other used data from the Global Catalog. In general
> missing data in the GC should not remove the data read from LDAP, there
> is already https://fedorahosted.org/sssd/ticket/2474 to track this.

As always, looks spot on, and explains what we saw.


> 
> We plan to allow to configure sub-domains individually in one of the
> next releases, see https://fedorahosted.org/sssd/ticket/2599 .
> 
> In the meantime you might want to try id-overrides for users which have
> /bin/false set as shell in AD?
> 

Yes, it would be nice to have the ability to configure individual things on the AD domains.
For now, we'll implement ID override on users who we find to have this problem.



From abrittingham at monetra.com  Wed Jan 11 12:49:21 2017
From: abrittingham at monetra.com (Andy Brittingham)
Date: Wed, 11 Jan 2017 07:49:21 -0500
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <CAF7cxud6qYnUCJDZ4nCwQn-_f82D1UJ3fE-hyNiQ576tKGUHwA@mail.gmail.com>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
	<20170106143353.jzwnccdag5ej6zzu@hendrix>
	<7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>
	<20170109075651.lxrdpuejhxdbbxrv@hendrix>
	<CAF7cxud6qYnUCJDZ4nCwQn-_f82D1UJ3fE-hyNiQ576tKGUHwA@mail.gmail.com>
Message-ID: <0994026f-0e43-837a-f6fc-c98b4fe61c74@monetra.com>

Thanks! I will take a look at that.

Andy

On 1/9/17 8:37 AM, Youenn PIOLET wrote:
> Hey there,
> 
> I got the same issue after upgrading my servers to 4.4.0
> The problem comes from duplicate entries in :
> cn=permissions,cn=pbac,dc=example,dc=com
> 
> I think FreeIPA upgrade fails to create ACL on pbac specific entries,
> resulting in a conflict entry creation.
> 
> The problem is that SSSD on Ubuntu 14.04 is crashing when reading pbac
> where cn contains symbol "+".
> You should check if you got these conflict entries in
> cn=permissions,cn=pbac,dc=example,dc=com and remove them. 
> 
> Ubuntu authentication was working for me directly after the suppression.
> 
> Regards,
> 
> --
> Youenn Piolet
> piolet.y at gmail.com <mailto:piolet.y at gmail.com>
> /
> /
> 
> 2017-01-09 8:56 GMT+01:00 Jakub Hrozek <jhrozek at redhat.com
> <mailto:jhrozek at redhat.com>>:
> 
>     On Fri, Jan 06, 2017 at 11:48:07AM -0500, Andy Brittingham wrote:
>     > Sorry for the delay, was doing some troubleshooting.
>     >
>     > Here is what I know now:
>     >
>     > The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu
>     > 14.04).
>     >
>     > SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.
>     >
>     > Users in the admin group can't log into these hosts.
>     >
>     > I created a newadmins group and assigned a new user to it. When I add the
>     > "User Administrator" role the new user can't log into the hosts with older
>     > sssd.
>     >
>     > As soon as I delete the "User Administrator" role, new user has access
>     > again.
> 
>     So is it a role membership or a group membership that makes the
>     difference?
> 
>     >
>     > I've pasted the last bit of logs from a sssd_domain log below. I'd be happy
>     > to forward the entire log, or additional logs if they will be helpful.
> 
>     The log only captures a user lookup, not a login, sorry..
> 
>     (This might be expected if you log in e.g. with an SSH key, in which
>     case journald should be the first thing to look at at least to poinpoint
>     which piece denied access..)
> 
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
> 
> 
> 
> 



From sjuhasz at chemaxon.com  Wed Jan 11 12:58:19 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Wed, 11 Jan 2017 13:58:19 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
Message-ID: <1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>

Ok, 

OID - check 
ldapmodify - check 
python scripts - check 
These works on both ipa 3.x and ipa 4.x. 
So the basic functionality is there for the new object class. 

js - i am stuck with, i have created the js files for the plugin, see below. 

But i don't know how to generate the the index. Also i might be completely wrong. 

On ipa 3.x the js files are there, most probably the groups.js would exist as i expect it. 
But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is there. 

Here is the plugin, i am trying to use: 
define([ 
'freeipa/phases', 
'freeipa/group'], 
function(phases, group_mod) { 
// helper function 
function get_item(array, attr, value) { 
for (var i=0,l=array.length; i<l; i++) { 
if (array[i][attr] === value) return array[i]; 
} 
return null; 
} 
var groupmail_plugin = {}; 
// adds 'mail' field into group details facet 
groupmail_plugin.add_group_mail_pre_op = function() { 
var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
var section = get_item(facet.sections, 'name', 'identity'); 
section.fields.push({ 
name: 'mail', 
label: 'Mail' 
}); 
return true; 
}; 
phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
return groupmail_plugin; 
}); 


S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Brian Candler" <b.candler at pobox.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
Cc: freeipa-users at redhat.com 
Sent: Monday, January 2, 2017 6:41:02 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On 02/01/2017 11:53, Sandor Juhasz wrote: 
> I would be really happy if anybody could assign an OID for the new 
> objectcalss 

You can get your own enterprise OID for free from here: 

http://pen.iana.org/pen/PenApplication.page 

Note that you only get one, so it's up to you to subdivide the space. 
For example: if you get 1.3.6.1.4.1.99999, then you might decide to use: 

1.3.6.1.4.1.99999.1 = LDAP object classes 

1.3.6.1.4.1.99999.1.1 = myMailObjectClass 

1.3.6.1.4.1.99999.1.2 = someOtherObjectClass 

1.3.6.1.4.1.99999.2 = LDAP attributes 

1.3.6.1.4.1.99999.2.1 = mySpecialAttribute 

then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
that needs OIDs (e.g. SNMP MIBs) and so on. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/23747e3e/attachment.htm>

From pvoborni at redhat.com  Wed Jan 11 13:55:06 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Wed, 11 Jan 2017 14:55:06 +0100
Subject: [Freeipa-users] pki-tomcat failure
In-Reply-To: <98524118-0880-ed42-4f09-0e3d7f349cc2@rha-ltd.co.uk>
References: <98524118-0880-ed42-4f09-0e3d7f349cc2@rha-ltd.co.uk>
Message-ID: <a954d96c-48c8-2024-402f-3ca25e707255@redhat.com>

On 01/10/2017 09:31 PM, Bob Hinton wrote:
> Hi,
> 
> The pki-tomcatd services on our IPA servers seem to have stopped working.
> 
> This seems to be related to the expiry of several certificates -
> 
> [root at ipa001 ~]# getcert list | more
> Number of certificates and requests being tracked: 8.
> Request ID '20161230150048':
>         status: MONITORING
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=LOCAL.COM
>         subject: CN=CA Audit,O=LOCAL.COM
>         expires: 2017-01-09 08:21:45 UTC
>         key usage: digitalSignature,nonRepudiation
>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
> "auditSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> Request ID '20161230150049':
>         status: MONITORING
>         stuck: no
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=LOCAL.COM
>         subject: CN=OCSP Subsystem,O=LOCAL.COM
>         expires: 2017-01-09 08:21:45 UTC
>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>         eku: id-kp-OCSPSigning
>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
> "ocspSigningCert cert-pki-ca"
>         track: yes
>         auto-renew: yes
> 
> These were originally in CA_WORKING state, but I moved the clock back
> and restarted certmonger to try to renew them.


Certs above have:
   expires: 2017-01-09 08:21:45 UTC

But log has 10/Jan so the log is from the time when certs are expired.

Move time back when all certs reported by `getcert list` are valid.
Restart IPA. Resubmit all certs which are about to expire. Move time back.


> 
> 
> /var/log/pki/pki-tomcat/ca/debug contains
> 
> [10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
> errorIfDown true
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
> subsystemCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
> client auth cert nickname subsystemCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificatSelectionCB: Entering!
> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
> caSigningCert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
> Server-Cert cert-pki-ca
> [10/Jan/2017:18:35:37][localhost-startStop-1]:
> SSLClientCertificateSelectionCB: returning: null
> [10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
> Could not connect to LDAP server host ipa001.mgmt.local.com port 636
> Error netscape.ldap.LDAPException: Authentication failed (48)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>         at
> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>         at
> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>         at
> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>         at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>         at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>         at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>         at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>         at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>         at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>         at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>         at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>         at
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>         at
> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>         at
> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at
> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>         at
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>         at
> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>         at
> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>         at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Internal Database Error encountered: Could not connect to LDAP server
> host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
> Authentication failed (48)
>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
> 
> The only connection attempt I can find relating to err=48 in the slapd
> access log is -
> 
> 
> [10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
> connection from 10.220.6.250 to 10.220.6.250
> [10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
> [10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
> method=sasl version=3 mech=EXTERNAL
> [10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
> tag=97 nentries=0 etime=0
> [10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
> 
> We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.
> 
>  ipa --version
> VERSION: 4.4.0, API_VERSION: 2.213
> 
> The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
> longer exists, I don't know if that's relevant.
> 
> Anyway, I'm stumped on how to fix this so could anyone please help.
> 
> Many thanks
> 
> Bob
> 


-- 
Petr Vobornik



From pvoborni at redhat.com  Wed Jan 11 14:04:09 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Wed, 11 Jan 2017 15:04:09 +0100
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
Message-ID: <faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>

On 01/11/2017 01:58 PM, Sandor Juhasz wrote:
> Ok,
> 
> OID - check
> ldapmodify - check
> python scripts - check
> These works on both ipa 3.x and ipa 4.x.
> So the basic functionality is there for the new object class.
> 
> js - i am stuck with, i have created the js files for the plugin, see below.
> 
> But i don't know how to generate the the index. Also i might be completely wrong.
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as i 
> expect it.
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is there.

You don't need to generate plugin index, it is generated automatically.

Just:
  mkdir /usr/share/ipa/ui/js/plugins/myplugin
  cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin

It should be automatically picked up by Web UI.

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of
3.0/3.1/3.2)

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain
custom content to extend UI, but writing a plugin for it is much more
complicated so I'd rather avoid it.

> 
> Here is the plugin, i am trying to use:
> define([
>    'freeipa/phases',
>    'freeipa/group'],
>    function(phases, group_mod) {
> // helper function
>      function get_item(array, attr, value) {
>        for (var i=0,l=array.length; i<l; i++) {
>          if (array[i][attr] === value) return array[i];
>        }
>        return null;
>      }
>      var groupmail_plugin = {};
> // adds 'mail' field into group details facet
>      groupmail_plugin.add_group_mail_pre_op = function() {
>        var facet = get_item(group_mod.entity_spec.facets, '$type', 'details');
>        var section = get_item(facet.sections, 'name', 'identity');
>        section.fields.push({
>          name: 'mail',
>          label: 'Mail'
>        });
>        return true;
>      };
>      phases.on('customization', groupmail_plugin.add_group_mail_pre_op);
>      return groupmail_plugin;
> });
> 
> 
> *S?ndor Juh?sz*
> System Administrator
> *ChemAxon**Ltd*.
> Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031
> Cell: +36704258964
> 
> --------------------------------------------------------------------------------
> *From: *"Brian Candler" <b.candler at pobox.com>
> *To: *"Sandor Juhasz" <sjuhasz at chemaxon.com>
> *Cc: *freeipa-users at redhat.com
> *Sent: *Monday, January 2, 2017 6:41:02 PM
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display attribute
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote:
>  > I would be really happy if anybody could assign an OID for the new
>  > objectcalss
> 
> You can get your own enterprise OID for free from here:
> 
> http://pen.iana.org/pen/PenApplication.page
> 
> Note that you only get one, so it's up to you to subdivide the space.
> For example: if you get 1.3.6.1.4.1.99999, then you might decide to use:
> 
> 1.3.6.1.4.1.99999.1 = LDAP object classes
> 
> 1.3.6.1.4.1.99999.1.1 = myMailObjectClass
> 
> 1.3.6.1.4.1.99999.1.2 = someOtherObjectClass
> 
> 1.3.6.1.4.1.99999.2 = LDAP attributes
> 
> 1.3.6.1.4.1.99999.2.1 = mySpecialAttribute
> 
> then later you can assign under 1.3.6.1.4.1.99999.3 for something else
> that needs OIDs (e.g. SNMP MIBs) and so on.
> 
> 
> 


-- 
Petr Vobornik



From pvoborni at redhat.com  Wed Jan 11 14:08:28 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Wed, 11 Jan 2017 15:08:28 +0100
Subject: [Freeipa-users] freeipa 4.4.0 and Ubuntu 14.04
In-Reply-To: <0994026f-0e43-837a-f6fc-c98b4fe61c74@monetra.com>
References: <72cb1cf1-c01b-cceb-fb04-71c989fdf269@monetra.com>
	<20170106143353.jzwnccdag5ej6zzu@hendrix>
	<7a15ce3b-c567-3e0c-ba5e-ecabe60b8ff1@monetra.com>
	<20170109075651.lxrdpuejhxdbbxrv@hendrix>
	<CAF7cxud6qYnUCJDZ4nCwQn-_f82D1UJ3fE-hyNiQ576tKGUHwA@mail.gmail.com>
	<0994026f-0e43-837a-f6fc-c98b4fe61c74@monetra.com>
Message-ID: <131eaaa3-dc71-ca72-73c7-86d37e8b33c0@redhat.com>

On 01/11/2017 01:49 PM, Andy Brittingham wrote:
> Thanks! I will take a look at that.
> 
> Andy

Hello Andy and Youenn,

to identify the root cause and potentially prevent it in a future:

Do you know which exact permissions had the replication conflict?

And more importantly how did you upgrade the servers? Was it one at a
time with some delay between upgrades (so that replication can happen).
Or two or more servers more or less at the same time?

> 
> On 1/9/17 8:37 AM, Youenn PIOLET wrote:
>> Hey there,
>>
>> I got the same issue after upgrading my servers to 4.4.0
>> The problem comes from duplicate entries in :
>> cn=permissions,cn=pbac,dc=example,dc=com
>>
>> I think FreeIPA upgrade fails to create ACL on pbac specific entries,
>> resulting in a conflict entry creation.
>>
>> The problem is that SSSD on Ubuntu 14.04 is crashing when reading pbac
>> where cn contains symbol "+".
>> You should check if you got these conflict entries in
>> cn=permissions,cn=pbac,dc=example,dc=com and remove them. 
>>
>> Ubuntu authentication was working for me directly after the suppression.
>>
>> Regards,
>>
>> --
>> Youenn Piolet
>> piolet.y at gmail.com <mailto:piolet.y at gmail.com>
>> /
>> /
>>
>> 2017-01-09 8:56 GMT+01:00 Jakub Hrozek <jhrozek at redhat.com
>> <mailto:jhrozek at redhat.com>>:
>>
>>     On Fri, Jan 06, 2017 at 11:48:07AM -0500, Andy Brittingham wrote:
>>     > Sorry for the delay, was doing some troubleshooting.
>>     >
>>     > Here is what I know now:
>>     >
>>     > The problem is on Ubuntu hosts using older sssd versions 1.11.8 (Ubuntu
>>     > 14.04).
>>     >
>>     > SSSD versions 1.13.4 (Ubuntu 16.04) and 1.13.3 (CentOS 6.8) both work.
>>     >
>>     > Users in the admin group can't log into these hosts.
>>     >
>>     > I created a newadmins group and assigned a new user to it. When I add the
>>     > "User Administrator" role the new user can't log into the hosts with older
>>     > sssd.
>>     >
>>     > As soon as I delete the "User Administrator" role, new user has access
>>     > again.
>>
>>     So is it a role membership or a group membership that makes the
>>     difference?
>>
>>     >
>>     > I've pasted the last bit of logs from a sssd_domain log below. I'd be happy
>>     > to forward the entire log, or additional logs if they will be helpful.
>>
>>     The log only captures a user lookup, not a login, sorry..
>>
>>     (This might be expected if you log in e.g. with an SSH key, in which
>>     case journald should be the first thing to look at at least to poinpoint
>>     which piece denied access..)
>>
>>     --
>>     Manage your subscription for the Freeipa-users mailing list:
>>     https://www.redhat.com/mailman/listinfo/freeipa-users
>>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>     Go to http://freeipa.org for more info on the project
>>
>>
>>
>>
> 


-- 
Petr Vobornik



From sjuhasz at chemaxon.com  Wed Jan 11 14:26:41 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Wed, 11 Jan 2017 15:26:41 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
Message-ID: <1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>

It is fixed. The location was fine. We had to do some digging there. 
The group module works different than the user and is giving 
var section = get_item(facet.sections, 'name', 'details'); 
instead of 
var section = get_item(facet.sections, 'name', 'identity'); 
as the user would do. 

Yup figured that index generation is auto. 

So all check, all happy in the end. 
Thx. 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Petr Vobornik" <pvoborni at redhat.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com>, "Ludwig Krispenz" <lkrispen at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, January 11, 2017 3:04:09 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On 01/11/2017 01:58 PM, Sandor Juhasz wrote: 
> Ok, 
> 
> OID - check 
> ldapmodify - check 
> python scripts - check 
> These works on both ipa 3.x and ipa 4.x. 
> So the basic functionality is there for the new object class. 
> 
> js - i am stuck with, i have created the js files for the plugin, see below. 
> 
> But i don't know how to generate the the index. Also i might be completely wrong. 
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as i 
> expect it. 
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is there. 

You don't need to generate plugin index, it is generated automatically. 

Just: 
mkdir /usr/share/ipa/ui/js/plugins/myplugin 
cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin 

It should be automatically picked up by Web UI. 

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of 
3.0/3.1/3.2) 

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain 
custom content to extend UI, but writing a plugin for it is much more 
complicated so I'd rather avoid it. 

> 
> Here is the plugin, i am trying to use: 
> define([ 
> 'freeipa/phases', 
> 'freeipa/group'], 
> function(phases, group_mod) { 
> // helper function 
> function get_item(array, attr, value) { 
> for (var i=0,l=array.length; i<l; i++) { 
> if (array[i][attr] === value) return array[i]; 
> } 
> return null; 
> } 
> var groupmail_plugin = {}; 
> // adds 'mail' field into group details facet 
> groupmail_plugin.add_group_mail_pre_op = function() { 
> var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
> var section = get_item(facet.sections, 'name', 'identity'); 
> section.fields.push({ 
> name: 'mail', 
> label: 'Mail' 
> }); 
> return true; 
> }; 
> phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
> return groupmail_plugin; 
> }); 
> 
> 
> *S?ndor Juh?sz* 
> System Administrator 
> *ChemAxon**Ltd*. 
> Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
> Cell: +36704258964 
> 
> -------------------------------------------------------------------------------- 
> *From: *"Brian Candler" <b.candler at pobox.com> 
> *To: *"Sandor Juhasz" <sjuhasz at chemaxon.com> 
> *Cc: *freeipa-users at redhat.com 
> *Sent: *Monday, January 2, 2017 6:41:02 PM 
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display attribute 
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote: 
> > I would be really happy if anybody could assign an OID for the new 
> > objectcalss 
> 
> You can get your own enterprise OID for free from here: 
> 
> http://pen.iana.org/pen/PenApplication.page 
> 
> Note that you only get one, so it's up to you to subdivide the space. 
> For example: if you get 1.3.6.1.4.1.99999, then you might decide to use: 
> 
> 1.3.6.1.4.1.99999.1 = LDAP object classes 
> 
> 1.3.6.1.4.1.99999.1.1 = myMailObjectClass 
> 
> 1.3.6.1.4.1.99999.1.2 = someOtherObjectClass 
> 
> 1.3.6.1.4.1.99999.2 = LDAP attributes 
> 
> 1.3.6.1.4.1.99999.2.1 = mySpecialAttribute 
> 
> then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
> that needs OIDs (e.g. SNMP MIBs) and so on. 
> 
> 
> 


-- 
Petr Vobornik 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/95f1f67b/attachment.htm>

From outbackdingo at gmail.com  Wed Jan 11 14:32:33 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 09:32:33 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again
Message-ID: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>

not sure why, but the secondary freeipa server is out of sync by a
long shot now, missing dns domains and A records... tried
ipa-replica-manage force-sync --from ipa.optimcloud.com

doesnt seem to be working

HELP!



From mbasti at redhat.com  Wed Jan 11 15:24:15 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 11 Jan 2017 16:24:15 +0100
Subject: [Freeipa-users] secondary out of sync on DNS again
In-Reply-To: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
Message-ID: <14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>



On 11.01.2017 15:32, Outback Dingo wrote:
> not sure why, but the secondary freeipa server is out of sync by a
> long shot now, missing dns domains and A records... tried
> ipa-replica-manage force-sync --from ipa.optimcloud.com
>
> doesnt seem to be working
>
> HELP!
>

Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?

Martin



From outbackdingo at gmail.com  Wed Jan 11 15:27:17 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 10:27:17 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again
In-Reply-To: <14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
Message-ID: <CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>

Not realliy, not like last time but
[root at ipa2 ~]# cd ipa_check_consistency/
[root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
ipa2.optimcloud.com -d OPTIMCLOUD.COM
Directory Manager password:
FreeIPA servers:    ipa2    STATE
=================================
Active Users        1       OK
Stage Users         0       OK
Preserved Users     0       OK
User Groups         4       OK
Hosts               8       OK
Host Groups         2       OK
HBAC Rules          1       OK
SUDO Rules          0       OK
DNS Zones           26      OK
LDAP Conflicts      YES     FAIL
Ghost Replicas      NO      OK
Anonymous BIND      YES     OK
Replication Status  ipa 0



[07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
operation threads - op stack size 1 max work q size 3 max work q stack
size 3
[07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
for 26 threads to terminate
[08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
to SVRCore. You may need to run systemd-tty-ask-password-agent to
provide the password.
[08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
Initialization: Enabling default cipher set.
[08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
[08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
SSL version range: min: TLS1.0, max: TLS1.2
[08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
B2016.341.2222 starting up
[08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
warning - plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
[08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
size 2097152 B is less than db size 4096000 B; We recommend to
increase the entry cache size nsslapd-cachememsize.
[08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
last time Directory Server was running, recovering database.
[08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
scheduled schema-compat-plugin tree scan in about 5 seconds after the
server startup!
[08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
found, which should be added before the CoS Definition.
[08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
o=ipaca. Check if DB RUV needs to be updated
[08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=optimcloud,dc=com. Check if DB RUV needs to be updated
[08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
update of database RUV (from CL RUV) ->  5871c704000000030000
[08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
initial credentials for principal
[ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
requested realm)
[08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
All Interfaces port 389 for LDAP requests
[08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
port 636 for LDAPS requests
[08/Jan/2017:00:01:46.089876559 -0500] Listening on
/var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
[08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
no entries set up under ou=sudoers,dc=optimcloud,dc=com
[11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
to SVRCore. You may need to run systemd-tty-ask-password-agent to
provide the password.
[11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
Initialization: Enabling default cipher set.
[11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
[11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
[11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
[11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
[11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
[11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
[11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
[11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
[11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
[11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
[11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
[11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
[11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
[11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
[11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
[11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
[11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA: enabled
[11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
[11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA: enabled
[11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
[11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
SSL version range: min: TLS1.0, max: TLS1.2
[11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
B2016.341.2222 starting up
[11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
warning - plugin [caseIgnoreIA5Match] does not handle
caseExactIA5Match
[11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
size 2097152 B is less than db size 4096000 B; We recommend to
increase the entry cache size nsslapd-cachememsize.
[11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
last time Directory Server was running, recovering database.
[11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
scheduled schema-compat-plugin tree scan in about 5 seconds after the
server startup!
[11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
found, which should be added before the CoS Definition.
[11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
o=ipaca. Check if DB RUV needs to be updated
[11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
replica_check_for_data_reload: Warning: disordely shutdown for replica
dc=optimcloud,dc=com. Check if DB RUV needs to be updated
[11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
update of database RUV (from CL RUV) ->  5871c7bf000200030000
[11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
initial credentials for principal
[ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
requested realm)
[11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
All Interfaces port 389 for LDAP requests
[11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
port 636 for LDAPS requests
[11/Jan/2017:08:45:55.248178427 -0500] Listening on
/var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
[11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
no entries set up under ou=sudoers,dc=optimcloud,dc=com
[11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
[11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
plugin initialization.
[11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
ipa_topo_be_state_changebackend userRoot is going offline; inactivate
plugin
[11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=optimcloud,dc=com is going
offline; disabling replication
[11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to
access the database
[11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
finished; cleaning up...
[11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned up.
[11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
complete.  Post-processing...
[11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
numsubordinates (this may take several minutes to complete)...
[11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
numSubordinates complete.
[11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
ancestorid non-leaf IDs...
[11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
gathering ancestorid non-leaf IDs.
[11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
ancestorid index (new idl)...
[11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
ancestorid index (new idl).
[11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
[11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
[11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
[11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
ipa_topo_be_state_change - backend userRoot is coming online; checking
domain level and init shared topology
[11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
online; enabling replication
[11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
does not match the data in the changelog.
Recreating the changelog file. This could affect replication with
replica's  consumers in which case the consumers should be
reinitialized.
[11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
found, which should be added before the CoS Definition.
[11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
ou=sudoers,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
[11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist
[11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
cn=casigningcert
cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
exist

=================================

On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>
>
> On 11.01.2017 15:32, Outback Dingo wrote:
>>
>> not sure why, but the secondary freeipa server is out of sync by a
>> long shot now, missing dns domains and A records... tried
>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>
>> doesnt seem to be working
>>
>> HELP!
>>
>
> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>
> Martin



From mbasti at redhat.com  Wed Jan 11 15:33:25 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 11 Jan 2017 16:33:25 +0100
Subject: [Freeipa-users] secondary out of sync on DNS again
In-Reply-To: <CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
Message-ID: <508d0663-5021-6102-fb16-46c86727fd83@redhat.com>

Please try to create a new test user if it is replicated to other replicas.


I see repl. conflicts please try to investigate them, it may cause a 
missing zone

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html


could you check what do you have in journalctl -u named-pkcs11 on 
replica with missing entries?

Martin

On 11.01.2017 16:27, Outback Dingo wrote:
> Not realliy, not like last time but
> [root at ipa2 ~]# cd ipa_check_consistency/
> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
> ipa2.optimcloud.com -d OPTIMCLOUD.COM
> Directory Manager password:
> FreeIPA servers:    ipa2    STATE
> =================================
> Active Users        1       OK
> Stage Users         0       OK
> Preserved Users     0       OK
> User Groups         4       OK
> Hosts               8       OK
> Host Groups         2       OK
> HBAC Rules          1       OK
> SUDO Rules          0       OK
> DNS Zones           26      OK
> LDAP Conflicts      YES     FAIL
> Ghost Replicas      NO      OK
> Anonymous BIND      YES     OK
> Replication Status  ipa 0
>
>
>
> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
> operation threads - op stack size 1 max work q size 3 max work q stack
> size 3
> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
> for 26 threads to terminate
> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
> to SVRCore. You may need to run systemd-tty-ask-password-agent to
> provide the password.
> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
> Initialization: Enabling default cipher set.
> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
> SSL version range: min: TLS1.0, max: TLS1.2
> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
> B2016.341.2222 starting up
> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
> warning - plugin [caseIgnoreIA5Match] does not handle
> caseExactIA5Match
> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
> size 2097152 B is less than db size 4096000 B; We recommend to
> increase the entry cache size nsslapd-cachememsize.
> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
> last time Directory Server was running, recovering database.
> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
> scheduled schema-compat-plugin tree scan in about 5 seconds after the
> server startup!
> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
> cn=automember rebuild membership,cn=tasks,cn=config does not exist
> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
> found, which should be added before the CoS Definition.
> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> o=ipaca. Check if DB RUV needs to be updated
> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
> update of database RUV (from CL RUV) ->  5871c704000000030000
> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
> initial credentials for principal
> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
> requested realm)
> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
> All Interfaces port 389 for LDAP requests
> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
> port 636 for LDAPS requests
> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
> no entries set up under ou=sudoers,dc=optimcloud,dc=com
> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
> to SVRCore. You may need to run systemd-tty-ask-password-agent to
> provide the password.
> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
> Initialization: Enabling default cipher set.
> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
> SSL version range: min: TLS1.0, max: TLS1.2
> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
> B2016.341.2222 starting up
> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
> warning - plugin [caseIgnoreIA5Match] does not handle
> caseExactIA5Match
> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
> size 2097152 B is less than db size 4096000 B; We recommend to
> increase the entry cache size nsslapd-cachememsize.
> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
> last time Directory Server was running, recovering database.
> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
> scheduled schema-compat-plugin tree scan in about 5 seconds after the
> server startup!
> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
> cn=automember rebuild membership,cn=tasks,cn=config does not exist
> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
> found, which should be added before the CoS Definition.
> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> o=ipaca. Check if DB RUV needs to be updated
> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
> replica_check_for_data_reload: Warning: disordely shutdown for replica
> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
> update of database RUV (from CL RUV) ->  5871c7bf000200030000
> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
> initial credentials for principal
> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
> requested realm)
> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
> schema-compat-plugin tree scan will start in about 5 seconds!
> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
> All Interfaces port 389 for LDAP requests
> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
> port 636 for LDAPS requests
> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
> no entries set up under ou=sudoers,dc=optimcloud,dc=com
> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
> plugin initialization.
> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
> plugin
> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
> offline; disabling replication
> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
> nsslapd-db-private-import-mem on; No other process is allowed to
> access the database
> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
> finished; cleaning up...
> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned up.
> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
> complete.  Post-processing...
> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
> numsubordinates (this may take several minutes to complete)...
> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
> numSubordinates complete.
> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
> ancestorid non-leaf IDs...
> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
> gathering ancestorid non-leaf IDs.
> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
> ancestorid index (new idl)...
> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
> ancestorid index (new idl).
> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
> ipa_topo_be_state_change - backend userRoot is coming online; checking
> domain level and init shared topology
> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
> online; enabling replication
> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
> does not match the data in the changelog.
> Recreating the changelog file. This could affect replication with
> replica's  consumers in which case the consumers should be
> reinitialized.
> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
> found, which should be added before the CoS Definition.
> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
> ou=sudoers,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
> cn=casigningcert
> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
> exist
>
> =================================
>
> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>>
>> On 11.01.2017 15:32, Outback Dingo wrote:
>>> not sure why, but the secondary freeipa server is out of sync by a
>>> long shot now, missing dns domains and A records... tried
>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>
>>> doesnt seem to be working
>>>
>>> HELP!
>>>
>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>
>> Martin



From outbackdingo at gmail.com  Wed Jan 11 15:40:55 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 10:40:55 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again
In-Reply-To: <508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
Message-ID: <CAKYr3zyc0pzBp1sZXkt9WRW7NXKEMW58Bvd271fde5hHMrvnPg@mail.gmail.com>

Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 123.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 124.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 125.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 126.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 127.100.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 127.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 254.169.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 2.0.192.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 100.51.198.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 113.0.203.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: D.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 8.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 9.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: A.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: B.E.F.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: automatic
empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
/etc/named.conf:12: no forwarders seen; disabling forwarding
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: command
channel listening on 127.0.0.1#953
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: command
channel listening on ::1#953
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
managed-keys-zone: journal file is out of date: removing journal file
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]:
managed-keys-zone: loaded serial 45
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: shutting down
automatic empty zones to enable forwarding for domain '.'
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
0.in-addr.arpa/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
localhost.localdomain/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
localhost/IN: loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: all zones loaded
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: running
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: LDAP
configuration for instance 'ipa' synchronized
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com systemd[1]: Started Berkeley
Internet Name Domain (DNS) with native PKCS#11.
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 1
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: GSSAPI client step 2
Jan 11 08:45:56 ipa2.optimcloud.com named-pkcs11[2493]: LDAP data for
instance 'ipa' are being synchronized, please ignore message 'all
zones loaded'
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: failed to
parse RR entry: resource record DN
'idnsname=_dmarc,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com':
data '"v=DMARC1; p=reject; rua=mailto:postmaster at optimcloud.com;
ruf=mailto:admin at optimcloud.com': unexpected end of input
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: update_record
(syncrepl) failed, resource record DN
'idnsname=_dmarc,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com'
change type 0x1. Records can be outdated, run `rndc reload`:
unexpected end of input
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'ipa.optimcloud.com/A/IN':
2001:500:1::803f:235#53
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'ipa.optimcloud.com/AAAA/IN':
2001:500:1::803f:235#53
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: loaded serial 1484142356
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484142356)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: loaded serial 1484142357
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: sending notifies (serial 1484142357)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: 5 master zones
from LDAP instance 'ipa' loaded (5 zones defined, 0 inactive, 0 failed
to load)
Jan 11 08:45:57 ipa2.optimcloud.com named-pkcs11[2493]: checkhints:
unable to get root NS rrset from cache: not found
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
150.217.162.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
252.91.54.in-addr.arpa/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484142357)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484142356)
Jan 11 08:46:02 ipa2.optimcloud.com named-pkcs11[2493]: zone
virsum.com/IN: sending notifies (serial 1484142357)
Jan 11 09:01:31 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:500:2f::f#53
Jan 11 09:01:31 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:500:2f::f#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:7fe::53#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:dc3::35#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:7fd::1#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'com/DS/IN': 2001:503:ba3e::2:30#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fe::53#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:dc3::35#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fd::1#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Jan 11 09:01:32 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'net/DNSKEY/IN': 2001:503:231d::2:30#53
Jan 11 09:29:37 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimcloud.com/IN: sending notifies (serial 1484144977)
Jan 11 09:38:56 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484145536)
Jan 11 09:39:28 ipa2.optimcloud.com named-pkcs11[2493]: zone
optimvoice.com/IN: sending notifies (serial 1484145568)
Jan 11 10:03:23 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'yandex.ru/A/IN': 2a02:6b8::1#53
Jan 11 10:03:23 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'yandex.ru/A/IN': 2a02:6b8:0:1::1#53
Jan 11 10:23:12 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving './NS/IN': 2001:7fd::1#53
Jan 11 10:23:12 ipa2.optimcloud.com named-pkcs11[2493]: error (network
unreachable) resolving 'optimvpn.com/ANY/IN': 2001:7fd::1#53
lines 147-209/209 (END)

On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
> Please try to create a new test user if it is replicated to other replicas.
>
>
> I see repl. conflicts please try to investigate them, it may cause a missing
> zone
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
> could you check what do you have in journalctl -u named-pkcs11 on replica
> with missing entries?
>
> Martin
>
>
> On 11.01.2017 16:27, Outback Dingo wrote:
>>
>> Not realliy, not like last time but
>> [root at ipa2 ~]# cd ipa_check_consistency/
>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>> Directory Manager password:
>> FreeIPA servers:    ipa2    STATE
>> =================================
>> Active Users        1       OK
>> Stage Users         0       OK
>> Preserved Users     0       OK
>> User Groups         4       OK
>> Hosts               8       OK
>> Host Groups         2       OK
>> HBAC Rules          1       OK
>> SUDO Rules          0       OK
>> DNS Zones           26      OK
>> LDAP Conflicts      YES     FAIL
>> Ghost Replicas      NO      OK
>> Anonymous BIND      YES     OK
>> Replication Status  ipa 0
>>
>>
>>
>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>> operation threads - op stack size 1 max work q size 3 max work q stack
>> size 3
>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>> for 26 threads to terminate
>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) ->  5871c704000000030000
>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>> All Interfaces port 389 for LDAP requests
>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>> All Interfaces port 389 for LDAP requests
>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>> plugin initialization.
>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>> plugin
>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>> offline; disabling replication
>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>> nsslapd-db-private-import-mem on; No other process is allowed to
>> access the database
>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>> finished; cleaning up...
>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>> up.
>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>> complete.  Post-processing...
>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>> numsubordinates (this may take several minutes to complete)...
>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>> numSubordinates complete.
>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>> ancestorid non-leaf IDs...
>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>> gathering ancestorid non-leaf IDs.
>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>> ancestorid index (new idl)...
>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>> ancestorid index (new idl).
>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>> domain level and init shared topology
>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>> online; enabling replication
>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>> does not match the data in the changelog.
>> Recreating the changelog file. This could affect replication with
>> replica's  consumers in which case the consumers should be
>> reinitialized.
>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>>
>> =================================
>>
>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>
>>>
>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>
>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>> long shot now, missing dns domains and A records... tried
>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>
>>>> doesnt seem to be working
>>>>
>>>> HELP!
>>>>
>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>
>>> Martin
>
>



From outbackdingo at gmail.com  Wed Jan 11 15:52:11 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 10:52:11 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again
In-Reply-To: <508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
Message-ID: <CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>

damn... DMARC record.... removed, now synced

On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
> Please try to create a new test user if it is replicated to other replicas.
>
>
> I see repl. conflicts please try to investigate them, it may cause a missing
> zone
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>
>
> could you check what do you have in journalctl -u named-pkcs11 on replica
> with missing entries?
>
> Martin
>
>
> On 11.01.2017 16:27, Outback Dingo wrote:
>>
>> Not realliy, not like last time but
>> [root at ipa2 ~]# cd ipa_check_consistency/
>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>> Directory Manager password:
>> FreeIPA servers:    ipa2    STATE
>> =================================
>> Active Users        1       OK
>> Stage Users         0       OK
>> Preserved Users     0       OK
>> User Groups         4       OK
>> Hosts               8       OK
>> Host Groups         2       OK
>> HBAC Rules          1       OK
>> SUDO Rules          0       OK
>> DNS Zones           26      OK
>> LDAP Conflicts      YES     FAIL
>> Ghost Replicas      NO      OK
>> Anonymous BIND      YES     OK
>> Replication Status  ipa 0
>>
>>
>>
>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>> operation threads - op stack size 1 max work q size 3 max work q stack
>> size 3
>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>> for 26 threads to terminate
>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) ->  5871c704000000030000
>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>> All Interfaces port 389 for LDAP requests
>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>> provide the password.
>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>> Initialization: Enabling default cipher set.
>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>> SSL version range: min: TLS1.0, max: TLS1.2
>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>> B2016.341.2222 starting up
>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>> warning - plugin [caseIgnoreIA5Match] does not handle
>> caseExactIA5Match
>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>> size 2097152 B is less than db size 4096000 B; We recommend to
>> increase the entry cache size nsslapd-cachememsize.
>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>> last time Directory Server was running, recovering database.
>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>> server startup!
>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> o=ipaca. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>> initial credentials for principal
>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> requested realm)
>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>> schema-compat-plugin tree scan will start in about 5 seconds!
>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>> All Interfaces port 389 for LDAP requests
>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>> port 636 for LDAPS requests
>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>> plugin initialization.
>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>> plugin
>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>> offline; disabling replication
>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>> nsslapd-db-private-import-mem on; No other process is allowed to
>> access the database
>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>> finished; cleaning up...
>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>> up.
>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>> complete.  Post-processing...
>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>> numsubordinates (this may take several minutes to complete)...
>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>> numSubordinates complete.
>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>> ancestorid non-leaf IDs...
>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>> gathering ancestorid non-leaf IDs.
>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>> ancestorid index (new idl)...
>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>> ancestorid index (new idl).
>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>> domain level and init shared topology
>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>> online; enabling replication
>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>> does not match the data in the changelog.
>> Recreating the changelog file. This could affect replication with
>> replica's  consumers in which case the consumers should be
>> reinitialized.
>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>> found, which should be added before the CoS Definition.
>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>> ou=sudoers,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>> cn=casigningcert
>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>> exist
>>
>> =================================
>>
>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>
>>>
>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>
>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>> long shot now, missing dns domains and A records... tried
>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>
>>>> doesnt seem to be working
>>>>
>>>> HELP!
>>>>
>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>
>>> Martin
>
>



From mbasti at redhat.com  Wed Jan 11 15:56:51 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 11 Jan 2017 16:56:51 +0100
Subject: [Freeipa-users] secondary out of sync on DNS again [solved]
In-Reply-To: <CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
	<CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>
Message-ID: <ef7044ee-eb65-9477-5307-ec2f69a695c9@redhat.com>


Great :)


On 11.01.2017 16:52, Outback Dingo wrote:
> damn... DMARC record.... removed, now synced
>
> On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
>> Please try to create a new test user if it is replicated to other replicas.
>>
>>
>> I see repl. conflicts please try to investigate them, it may cause a missing
>> zone
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>
>>
>> could you check what do you have in journalctl -u named-pkcs11 on replica
>> with missing entries?
>>
>> Martin
>>
>>
>> On 11.01.2017 16:27, Outback Dingo wrote:
>>> Not realliy, not like last time but
>>> [root at ipa2 ~]# cd ipa_check_consistency/
>>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>>> Directory Manager password:
>>> FreeIPA servers:    ipa2    STATE
>>> =================================
>>> Active Users        1       OK
>>> Stage Users         0       OK
>>> Preserved Users     0       OK
>>> User Groups         4       OK
>>> Hosts               8       OK
>>> Host Groups         2       OK
>>> HBAC Rules          1       OK
>>> SUDO Rules          0       OK
>>> DNS Zones           26      OK
>>> LDAP Conflicts      YES     FAIL
>>> Ghost Replicas      NO      OK
>>> Anonymous BIND      YES     OK
>>> Replication Status  ipa 0
>>>
>>>
>>>
>>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>>> operation threads - op stack size 1 max work q size 3 max work q stack
>>> size 3
>>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>>> for 26 threads to terminate
>>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>> provide the password.
>>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>>> Initialization: Enabling default cipher set.
>>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>>> SSL version range: min: TLS1.0, max: TLS1.2
>>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>>> B2016.341.2222 starting up
>>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>> caseExactIA5Match
>>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>> increase the entry cache size nsslapd-cachememsize.
>>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>>> last time Directory Server was running, recovering database.
>>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>> server startup!
>>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>> found, which should be added before the CoS Definition.
>>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>> o=ipaca. Check if DB RUV needs to be updated
>>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>>> update of database RUV (from CL RUV) ->  5871c704000000030000
>>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>>> initial credentials for principal
>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>> requested realm)
>>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>>> All Interfaces port 389 for LDAP requests
>>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>>> port 636 for LDAPS requests
>>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>> provide the password.
>>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>>> Initialization: Enabling default cipher set.
>>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>>> SSL version range: min: TLS1.0, max: TLS1.2
>>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>>> B2016.341.2222 starting up
>>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>> caseExactIA5Match
>>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>> increase the entry cache size nsslapd-cachememsize.
>>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>>> last time Directory Server was running, recovering database.
>>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>> server startup!
>>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>> found, which should be added before the CoS Definition.
>>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>> o=ipaca. Check if DB RUV needs to be updated
>>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>>> initial credentials for principal
>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>> requested realm)
>>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>>> All Interfaces port 389 for LDAP requests
>>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>>> port 636 for LDAPS requests
>>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>>> plugin initialization.
>>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>>> plugin
>>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>>> offline; disabling replication
>>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>>> nsslapd-db-private-import-mem on; No other process is allowed to
>>> access the database
>>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>>> finished; cleaning up...
>>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>>> up.
>>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>>> complete.  Post-processing...
>>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>>> numsubordinates (this may take several minutes to complete)...
>>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>>> numSubordinates complete.
>>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>>> ancestorid non-leaf IDs...
>>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>>> gathering ancestorid non-leaf IDs.
>>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>>> ancestorid index (new idl)...
>>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>>> ancestorid index (new idl).
>>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing caches...
>>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>>> domain level and init shared topology
>>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>>> online; enabling replication
>>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>>> does not match the data in the changelog.
>>> Recreating the changelog file. This could affect replication with
>>> replica's  consumers in which case the consumers should be
>>> reinitialized.
>>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>> found, which should be added before the CoS Definition.
>>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>>> cn=casigningcert
>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>> exist
>>>
>>> =================================
>>>
>>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>>
>>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>>> long shot now, missing dns domains and A records... tried
>>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>>
>>>>> doesnt seem to be working
>>>>>
>>>>> HELP!
>>>>>
>>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>>
>>>> Martin
>>



From outbackdingo at gmail.com  Wed Jan 11 16:03:21 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 11:03:21 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again [solved]
In-Reply-To: <ef7044ee-eb65-9477-5307-ec2f69a695c9@redhat.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
	<CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>
	<ef7044ee-eb65-9477-5307-ec2f69a695c9@redhat.com>
Message-ID: <CAKYr3zzAp2yh3iDO-PruHqRGS46a0-Vw4CGEUTZNxP1u7xMGvw@mail.gmail.com>

I am still seeing this, and the same message about LDAP

 ./ipa_check_consistency -H
ipa2.optimcloud.com -d OPTIMCLOUD.COM
Directory Manager password:
FreeIPA servers:    ipa2    STATE
=================================
Active Users        1       OK
Stage Users         0       OK
Preserved Users     0       OK
User Groups         4       OK
Hosts               8       OK
Host Groups         2       OK
HBAC Rules          1       OK
SUDO Rules          0       OK
DNS Zones           26      OK
LDAP Conflicts      YES     FAIL
Ghost Replicas      NO      OK
Anonymous BIND      YES     OK
Replication Status  ipa 0
Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: LDAP data for
instance 'ipa' are being synchronized, please ignore message 'all
zones loaded'
Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: bug in
dn_to_dnsname(): multi-valued RDNs are not supported
Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: failed to
convert DN 'idnsname=store+nsuniqueid=44fbbd0e-d80a11e6-ad7498e5-1ca0119b,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com'
to DNS name: not implemented
Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]:
ldap_sync_search_entry failed: not implemented
Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
150.217.162.in-addr.arpa/IN: loaded serial 1484150526
Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
optimvoice.co/IN: loaded serial 1484150526
Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
optimcloud.com/IN: loaded serial 1484150526

On Wed, Jan 11, 2017 at 10:56 AM, Martin Basti <mbasti at redhat.com> wrote:
>
> Great :)
>
>
> On 11.01.2017 16:52, Outback Dingo wrote:
>>
>> damn... DMARC record.... removed, now synced
>>
>> On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>
>>> Please try to create a new test user if it is replicated to other
>>> replicas.
>>>
>>>
>>> I see repl. conflicts please try to investigate them, it may cause a
>>> missing
>>> zone
>>>
>>>
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>>
>>>
>>> could you check what do you have in journalctl -u named-pkcs11 on replica
>>> with missing entries?
>>>
>>> Martin
>>>
>>>
>>> On 11.01.2017 16:27, Outback Dingo wrote:
>>>>
>>>> Not realliy, not like last time but
>>>> [root at ipa2 ~]# cd ipa_check_consistency/
>>>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>>>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>>>> Directory Manager password:
>>>> FreeIPA servers:    ipa2    STATE
>>>> =================================
>>>> Active Users        1       OK
>>>> Stage Users         0       OK
>>>> Preserved Users     0       OK
>>>> User Groups         4       OK
>>>> Hosts               8       OK
>>>> Host Groups         2       OK
>>>> HBAC Rules          1       OK
>>>> SUDO Rules          0       OK
>>>> DNS Zones           26      OK
>>>> LDAP Conflicts      YES     FAIL
>>>> Ghost Replicas      NO      OK
>>>> Anonymous BIND      YES     OK
>>>> Replication Status  ipa 0
>>>>
>>>>
>>>>
>>>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>>>> operation threads - op stack size 1 max work q size 3 max work q stack
>>>> size 3
>>>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>>>> for 26 threads to terminate
>>>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>> provide the password.
>>>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>>>> Initialization: Enabling default cipher set.
>>>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>>>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>>>> B2016.341.2222 starting up
>>>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>> caseExactIA5Match
>>>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>> increase the entry cache size nsslapd-cachememsize.
>>>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>>>> last time Directory Server was running, recovering database.
>>>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>> server startup!
>>>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>> found, which should be added before the CoS Definition.
>>>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>> o=ipaca. Check if DB RUV needs to be updated
>>>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>>>> update of database RUV (from CL RUV) ->  5871c704000000030000
>>>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>>>> initial credentials for principal
>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>> requested realm)
>>>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>>>> All Interfaces port 389 for LDAP requests
>>>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>>>> port 636 for LDAPS requests
>>>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>> provide the password.
>>>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>>>> Initialization: Enabling default cipher set.
>>>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>>>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>>>> B2016.341.2222 starting up
>>>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>> caseExactIA5Match
>>>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>> increase the entry cache size nsslapd-cachememsize.
>>>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>>>> last time Directory Server was running, recovering database.
>>>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>> server startup!
>>>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>> found, which should be added before the CoS Definition.
>>>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>> o=ipaca. Check if DB RUV needs to be updated
>>>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>>>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>>>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>>>> initial credentials for principal
>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>> requested realm)
>>>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>>>> All Interfaces port 389 for LDAP requests
>>>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>>>> port 636 for LDAPS requests
>>>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>>>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>>>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>>>> plugin initialization.
>>>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>>>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>>>> plugin
>>>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>>>> offline; disabling replication
>>>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>>>> nsslapd-db-private-import-mem on; No other process is allowed to
>>>> access the database
>>>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>>>> finished; cleaning up...
>>>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>>>> up.
>>>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>>>> complete.  Post-processing...
>>>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>>>> numsubordinates (this may take several minutes to complete)...
>>>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>>>> numSubordinates complete.
>>>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>>>> ancestorid non-leaf IDs...
>>>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>>>> gathering ancestorid non-leaf IDs.
>>>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>>>> ancestorid index (new idl)...
>>>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>>>> ancestorid index (new idl).
>>>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing
>>>> caches...
>>>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>>>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>>>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>>>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>>>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>>>> domain level and init shared topology
>>>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>>>> online; enabling replication
>>>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>>>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>>>> does not match the data in the changelog.
>>>> Recreating the changelog file. This could affect replication with
>>>> replica's  consumers in which case the consumers should be
>>>> reinitialized.
>>>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>> found, which should be added before the CoS Definition.
>>>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>>>> cn=casigningcert
>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>> exist
>>>>
>>>> =================================
>>>>
>>>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com>
>>>> wrote:
>>>>>
>>>>>
>>>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>>>
>>>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>>>> long shot now, missing dns domains and A records... tried
>>>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>>>
>>>>>> doesnt seem to be working
>>>>>>
>>>>>> HELP!
>>>>>>
>>>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>>>
>>>>> Martin
>>>
>>>
>



From mbasti at redhat.com  Wed Jan 11 16:22:03 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 11 Jan 2017 17:22:03 +0100
Subject: [Freeipa-users] secondary out of sync on DNS again [solved]
In-Reply-To: <CAKYr3zzAp2yh3iDO-PruHqRGS46a0-Vw4CGEUTZNxP1u7xMGvw@mail.gmail.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
	<CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>
	<ef7044ee-eb65-9477-5307-ec2f69a695c9@redhat.com>
	<CAKYr3zzAp2yh3iDO-PruHqRGS46a0-Vw4CGEUTZNxP1u7xMGvw@mail.gmail.com>
Message-ID: <110d046c-b083-db1e-735d-f3f102cff783@redhat.com>

Have you tried the ldapsearch from the guide I sent you?


On 11.01.2017 17:03, Outback Dingo wrote:
> I am still seeing this, and the same message about LDAP
>
>   ./ipa_check_consistency -H
> ipa2.optimcloud.com -d OPTIMCLOUD.COM
> Directory Manager password:
> FreeIPA servers:    ipa2    STATE
> =================================
> Active Users        1       OK
> Stage Users         0       OK
> Preserved Users     0       OK
> User Groups         4       OK
> Hosts               8       OK
> Host Groups         2       OK
> HBAC Rules          1       OK
> SUDO Rules          0       OK
> DNS Zones           26      OK
> LDAP Conflicts      YES     FAIL
> Ghost Replicas      NO      OK
> Anonymous BIND      YES     OK
> Replication Status  ipa 0
> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: LDAP data for
> instance 'ipa' are being synchronized, please ignore message 'all
> zones loaded'
> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: bug in
> dn_to_dnsname(): multi-valued RDNs are not supported
> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: failed to
> convert DN 'idnsname=store+nsuniqueid=44fbbd0e-d80a11e6-ad7498e5-1ca0119b,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com'
> to DNS name: not implemented
> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]:
> ldap_sync_search_entry failed: not implemented
> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
> 150.217.162.in-addr.arpa/IN: loaded serial 1484150526
> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
> optimvoice.co/IN: loaded serial 1484150526
> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
> optimcloud.com/IN: loaded serial 1484150526
>
> On Wed, Jan 11, 2017 at 10:56 AM, Martin Basti <mbasti at redhat.com> wrote:
>> Great :)
>>
>>
>> On 11.01.2017 16:52, Outback Dingo wrote:
>>> damn... DMARC record.... removed, now synced
>>>
>>> On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>> Please try to create a new test user if it is replicated to other
>>>> replicas.
>>>>
>>>>
>>>> I see repl. conflicts please try to investigate them, it may cause a
>>>> missing
>>>> zone
>>>>
>>>>
>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>>>
>>>>
>>>> could you check what do you have in journalctl -u named-pkcs11 on replica
>>>> with missing entries?
>>>>
>>>> Martin
>>>>
>>>>
>>>> On 11.01.2017 16:27, Outback Dingo wrote:
>>>>> Not realliy, not like last time but
>>>>> [root at ipa2 ~]# cd ipa_check_consistency/
>>>>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>>>>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>>>>> Directory Manager password:
>>>>> FreeIPA servers:    ipa2    STATE
>>>>> =================================
>>>>> Active Users        1       OK
>>>>> Stage Users         0       OK
>>>>> Preserved Users     0       OK
>>>>> User Groups         4       OK
>>>>> Hosts               8       OK
>>>>> Host Groups         2       OK
>>>>> HBAC Rules          1       OK
>>>>> SUDO Rules          0       OK
>>>>> DNS Zones           26      OK
>>>>> LDAP Conflicts      YES     FAIL
>>>>> Ghost Replicas      NO      OK
>>>>> Anonymous BIND      YES     OK
>>>>> Replication Status  ipa 0
>>>>>
>>>>>
>>>>>
>>>>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>>>>> operation threads - op stack size 1 max work q size 3 max work q stack
>>>>> size 3
>>>>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>>>>> for 26 threads to terminate
>>>>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>>> provide the password.
>>>>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>>>>> Initialization: Enabling default cipher set.
>>>>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS Ciphers
>>>>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>>>>> B2016.341.2222 starting up
>>>>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>>> caseExactIA5Match
>>>>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>>> increase the entry cache size nsslapd-cachememsize.
>>>>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>>>>> last time Directory Server was running, recovering database.
>>>>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>>> server startup!
>>>>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>> found, which should be added before the CoS Definition.
>>>>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>> o=ipaca. Check if DB RUV needs to be updated
>>>>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>>>>> update of database RUV (from CL RUV) ->  5871c704000000030000
>>>>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>>>>> initial credentials for principal
>>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>>> requested realm)
>>>>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>>>>> All Interfaces port 389 for LDAP requests
>>>>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>>>>> port 636 for LDAPS requests
>>>>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>>> provide the password.
>>>>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>>>>> Initialization: Enabling default cipher set.
>>>>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS Ciphers
>>>>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>>>>> B2016.341.2222 starting up
>>>>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>>> caseExactIA5Match
>>>>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>>> increase the entry cache size nsslapd-cachememsize.
>>>>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>>>>> last time Directory Server was running, recovering database.
>>>>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>>> server startup!
>>>>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>> found, which should be added before the CoS Definition.
>>>>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>> o=ipaca. Check if DB RUV needs to be updated
>>>>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>>>>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>>>>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>>>>> initial credentials for principal
>>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>>> requested realm)
>>>>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>>>>> All Interfaces port 389 for LDAP requests
>>>>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>>>>> port 636 for LDAPS requests
>>>>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>>>>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>>>>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>>>>> plugin initialization.
>>>>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>>>>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>>>>> plugin
>>>>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>>>>> offline; disabling replication
>>>>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>>>>> nsslapd-db-private-import-mem on; No other process is allowed to
>>>>> access the database
>>>>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>>>>> finished; cleaning up...
>>>>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers cleaned
>>>>> up.
>>>>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>>>>> complete.  Post-processing...
>>>>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>>>>> numsubordinates (this may take several minutes to complete)...
>>>>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>>>>> numSubordinates complete.
>>>>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>>>>> ancestorid non-leaf IDs...
>>>>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>>>>> gathering ancestorid non-leaf IDs.
>>>>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>>>>> ancestorid index (new idl)...
>>>>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>>>>> ancestorid index (new idl).
>>>>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing
>>>>> caches...
>>>>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing files...
>>>>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>>>>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>>>>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>>>>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>>>>> domain level and init shared topology
>>>>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>>>>> online; enabling replication
>>>>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>>>>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>>>>> does not match the data in the changelog.
>>>>> Recreating the changelog file. This could affect replication with
>>>>> replica's  consumers in which case the consumers should be
>>>>> reinitialized.
>>>>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>> found, which should be added before the CoS Definition.
>>>>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>>>>> cn=casigningcert
>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>> exist
>>>>>
>>>>> =================================
>>>>>
>>>>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com>
>>>>> wrote:
>>>>>>
>>>>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>>>>> long shot now, missing dns domains and A records... tried
>>>>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>>>>
>>>>>>> doesnt seem to be working
>>>>>>>
>>>>>>> HELP!
>>>>>>>
>>>>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>>>>
>>>>>> Martin
>>>>



From outbackdingo at gmail.com  Wed Jan 11 16:23:16 2017
From: outbackdingo at gmail.com (Outback Dingo)
Date: Wed, 11 Jan 2017 11:23:16 -0500
Subject: [Freeipa-users] secondary out of sync on DNS again [solved]
In-Reply-To: <110d046c-b083-db1e-735d-f3f102cff783@redhat.com>
References: <CAKYr3zx_h7yTyZtrkbxAnB9sPhmuWhLFHf2d4PDhOXTUQqwG-Q@mail.gmail.com>
	<14d76034-257b-eba2-9871-e1c9a45ad7eb@redhat.com>
	<CAKYr3zyp2EokXXenOPkjSQZMOZtUDaOyYaQ0MuOrYZfzFJfXUQ@mail.gmail.com>
	<508d0663-5021-6102-fb16-46c86727fd83@redhat.com>
	<CAKYr3zzmdKympwGKAkoepSBq7xm19uGDHbFmSfeB8uF6fqurgA@mail.gmail.com>
	<ef7044ee-eb65-9477-5307-ec2f69a695c9@redhat.com>
	<CAKYr3zzAp2yh3iDO-PruHqRGS46a0-Vw4CGEUTZNxP1u7xMGvw@mail.gmail.com>
	<110d046c-b083-db1e-735d-f3f102cff783@redhat.com>
Message-ID: <CAKYr3zzFo1BSJX3vQv9kRUevxEHX_1PxZpB-8B3annZv=XkrSA@mail.gmail.com>

working through it slowly now... :)


On Wed, Jan 11, 2017 at 11:22 AM, Martin Basti <mbasti at redhat.com> wrote:
> Have you tried the ldapsearch from the guide I sent you?
>
>
>
> On 11.01.2017 17:03, Outback Dingo wrote:
>>
>> I am still seeing this, and the same message about LDAP
>>
>>   ./ipa_check_consistency -H
>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>> Directory Manager password:
>> FreeIPA servers:    ipa2    STATE
>> =================================
>> Active Users        1       OK
>> Stage Users         0       OK
>> Preserved Users     0       OK
>> User Groups         4       OK
>> Hosts               8       OK
>> Host Groups         2       OK
>> HBAC Rules          1       OK
>> SUDO Rules          0       OK
>> DNS Zones           26      OK
>> LDAP Conflicts      YES     FAIL
>> Ghost Replicas      NO      OK
>> Anonymous BIND      YES     OK
>> Replication Status  ipa 0
>> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: LDAP data for
>> instance 'ipa' are being synchronized, please ignore message 'all
>> zones loaded'
>> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: bug in
>> dn_to_dnsname(): multi-valued RDNs are not supported
>> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]: failed to
>> convert DN
>> 'idnsname=store+nsuniqueid=44fbbd0e-d80a11e6-ad7498e5-1ca0119b,idnsname=optimcloud.com.,cn=dns,dc=optimcloud,dc=com'
>> to DNS name: not implemented
>> Jan 11 11:02:06 ipa2.optimcloud.com named-pkcs11[2516]:
>> ldap_sync_search_entry failed: not implemented
>> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
>> 150.217.162.in-addr.arpa/IN: loaded serial 1484150526
>> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
>> optimvoice.co/IN: loaded serial 1484150526
>> Jan 11 11:02:07 ipa2.optimcloud.com named-pkcs11[2516]: zone
>> optimcloud.com/IN: loaded serial 1484150526
>>
>> On Wed, Jan 11, 2017 at 10:56 AM, Martin Basti <mbasti at redhat.com> wrote:
>>>
>>> Great :)
>>>
>>>
>>> On 11.01.2017 16:52, Outback Dingo wrote:
>>>>
>>>> damn... DMARC record.... removed, now synced
>>>>
>>>> On Wed, Jan 11, 2017 at 10:33 AM, Martin Basti <mbasti at redhat.com>
>>>> wrote:
>>>>>
>>>>> Please try to create a new test user if it is replicated to other
>>>>> replicas.
>>>>>
>>>>>
>>>>> I see repl. conflicts please try to investigate them, it may cause a
>>>>> missing
>>>>> zone
>>>>>
>>>>>
>>>>>
>>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>>>>
>>>>>
>>>>> could you check what do you have in journalctl -u named-pkcs11 on
>>>>> replica
>>>>> with missing entries?
>>>>>
>>>>> Martin
>>>>>
>>>>>
>>>>> On 11.01.2017 16:27, Outback Dingo wrote:
>>>>>>
>>>>>> Not realliy, not like last time but
>>>>>> [root at ipa2 ~]# cd ipa_check_consistency/
>>>>>> [root at ipa2 ipa_check_consistency]# ./ipa_check_consistency -H
>>>>>> ipa2.optimcloud.com -d OPTIMCLOUD.COM
>>>>>> Directory Manager password:
>>>>>> FreeIPA servers:    ipa2    STATE
>>>>>> =================================
>>>>>> Active Users        1       OK
>>>>>> Stage Users         0       OK
>>>>>> Preserved Users     0       OK
>>>>>> User Groups         4       OK
>>>>>> Hosts               8       OK
>>>>>> Host Groups         2       OK
>>>>>> HBAC Rules          1       OK
>>>>>> SUDO Rules          0       OK
>>>>>> DNS Zones           26      OK
>>>>>> LDAP Conflicts      YES     FAIL
>>>>>> Ghost Replicas      NO      OK
>>>>>> Anonymous BIND      YES     OK
>>>>>> Replication Status  ipa 0
>>>>>>
>>>>>>
>>>>>>
>>>>>> [07/Jan/2017:23:59:33.034771024 -0500] slapd shutting down - signaling
>>>>>> operation threads - op stack size 1 max work q size 3 max work q stack
>>>>>> size 3
>>>>>> [07/Jan/2017:23:59:33.080148204 -0500] slapd shutting down - waiting
>>>>>> for 26 threads to terminate
>>>>>> [08/Jan/2017:00:01:43.342292791 -0500] SSL alert: Sending pin request
>>>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>>>> provide the password.
>>>>>> [08/Jan/2017:00:01:43.348739255 -0500] SSL alert: Security
>>>>>> Initialization: Enabling default cipher set.
>>>>>> [08/Jan/2017:00:01:43.349917267 -0500] SSL alert: Configured NSS
>>>>>> Ciphers
>>>>>> [08/Jan/2017:00:01:43.350819261 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [08/Jan/2017:00:01:43.352925341 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.354043098 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.354944795 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.355929413 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [08/Jan/2017:00:01:43.356793063 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.357650823 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.358754848 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.359655681 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [08/Jan/2017:00:01:43.360741758 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.361650705 -0500] SSL alert:
>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.362718051 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.363594439 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.365599343 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.366719360 -0500] SSL alert:
>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.368835924 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.370913228 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [08/Jan/2017:00:01:43.372972786 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.375008604 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.377060277 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.379147161 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [08/Jan/2017:00:01:43.381215466 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>>> [08/Jan/2017:00:01:43.410666701 -0500] SSL Initialization - Configured
>>>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>>>> [08/Jan/2017:00:01:43.412541954 -0500] 389-Directory/1.3.5.10
>>>>>> B2016.341.2222 starting up
>>>>>> [08/Jan/2017:00:01:43.432516181 -0500] default_mr_indexer_create:
>>>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>>>> caseExactIA5Match
>>>>>> [08/Jan/2017:00:01:43.455710217 -0500] WARNING: changelog: entry cache
>>>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>>>> increase the entry cache size nsslapd-cachememsize.
>>>>>> [08/Jan/2017:00:01:43.461914913 -0500] Detected Disorderly Shutdown
>>>>>> last time Directory Server was running, recovering database.
>>>>>> [08/Jan/2017:00:01:43.832287548 -0500] schema-compat-plugin -
>>>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>>>> server startup!
>>>>>> [08/Jan/2017:00:01:43.857795379 -0500] NSACLPlugin - The ACL target
>>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.859681661 -0500] NSACLPlugin - The ACL target
>>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.861398809 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.862632485 -0500] NSACLPlugin - The ACL target
>>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.863764066 -0500] NSACLPlugin - The ACL target
>>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.864911346 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.866162668 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.869056497 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.870122838 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.871162150 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.872199777 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.873266345 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.874275409 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.875283799 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.876705045 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.878971952 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.887310854 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>>> [08/Jan/2017:00:01:43.893215433 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>> [08/Jan/2017:00:01:43.894306404 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>> [08/Jan/2017:00:01:44.040102873 -0500] NSACLPlugin - The ACL target
>>>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>>>> [08/Jan/2017:00:01:44.047055981 -0500] Skipping CoS Definition
>>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>>> found, which should be added before the CoS Definition.
>>>>>> [08/Jan/2017:00:01:46.066086143 -0500] NSMMReplicationPlugin -
>>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>>> o=ipaca. Check if DB RUV needs to be updated
>>>>>> [08/Jan/2017:00:01:46.067518633 -0500] NSMMReplicationPlugin -
>>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>>>> [08/Jan/2017:00:01:46.068387090 -0500] NSMMReplicationPlugin - Force
>>>>>> update of database RUV (from CL RUV) ->  5871c704000000030000
>>>>>> [08/Jan/2017:00:01:46.070722883 -0500] set_krb5_creds - Could not get
>>>>>> initial credentials for principal
>>>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>>>> requested realm)
>>>>>> [08/Jan/2017:00:01:46.076708620 -0500] schema-compat-plugin -
>>>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>>>> [08/Jan/2017:00:01:46.087742289 -0500] slapd started.  Listening on
>>>>>> All Interfaces port 389 for LDAP requests
>>>>>> [08/Jan/2017:00:01:46.088722922 -0500] Listening on All Interfaces
>>>>>> port 636 for LDAPS requests
>>>>>> [08/Jan/2017:00:01:46.089876559 -0500] Listening on
>>>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>>>> [08/Jan/2017:00:01:51.085357807 -0500] schema-compat-plugin - warning:
>>>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>>>> [11/Jan/2017:08:45:50.482248118 -0500] SSL alert: Sending pin request
>>>>>> to SVRCore. You may need to run systemd-tty-ask-password-agent to
>>>>>> provide the password.
>>>>>> [11/Jan/2017:08:45:50.500421947 -0500] SSL alert: Security
>>>>>> Initialization: Enabling default cipher set.
>>>>>> [11/Jan/2017:08:45:50.501486482 -0500] SSL alert: Configured NSS
>>>>>> Ciphers
>>>>>> [11/Jan/2017:08:45:50.502444501 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [11/Jan/2017:08:45:50.503373927 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.504447585 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.505362861 -0500] SSL alert:
>>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.506316578 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [11/Jan/2017:08:45:50.507225380 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.508158165 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.509061885 -0500] SSL alert:
>>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.510027654 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [11/Jan/2017:08:45:50.510982171 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.511911224 -0500] SSL alert:
>>>>>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.512824259 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.513759924 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.514686682 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.515605681 -0500] SSL alert:
>>>>>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.516543912 -0500] SSL alert:
>>>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.517484957 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>>>>> [11/Jan/2017:08:45:50.518414104 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.519346616 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.520288809 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.521224704 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>>>>> [11/Jan/2017:08:45:50.522134121 -0500] SSL alert:
>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>>>>> [11/Jan/2017:08:45:50.546659715 -0500] SSL Initialization - Configured
>>>>>> SSL version range: min: TLS1.0, max: TLS1.2
>>>>>> [11/Jan/2017:08:45:50.548178563 -0500] 389-Directory/1.3.5.10
>>>>>> B2016.341.2222 starting up
>>>>>> [11/Jan/2017:08:45:50.567253887 -0500] default_mr_indexer_create:
>>>>>> warning - plugin [caseIgnoreIA5Match] does not handle
>>>>>> caseExactIA5Match
>>>>>> [11/Jan/2017:08:45:50.618540589 -0500] WARNING: changelog: entry cache
>>>>>> size 2097152 B is less than db size 4096000 B; We recommend to
>>>>>> increase the entry cache size nsslapd-cachememsize.
>>>>>> [11/Jan/2017:08:45:50.625062302 -0500] Detected Disorderly Shutdown
>>>>>> last time Directory Server was running, recovering database.
>>>>>> [11/Jan/2017:08:45:51.368172371 -0500] schema-compat-plugin -
>>>>>> scheduled schema-compat-plugin tree scan in about 5 seconds after the
>>>>>> server startup!
>>>>>> [11/Jan/2017:08:45:51.408894238 -0500] NSACLPlugin - The ACL target
>>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.410251624 -0500] NSACLPlugin - The ACL target
>>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.411303020 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.412533136 -0500] NSACLPlugin - The ACL target
>>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.413625873 -0500] NSACLPlugin - The ACL target
>>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.414767038 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.415836754 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.416911317 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.418048547 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.419144396 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.420209379 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.421371442 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.422439127 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.423496808 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.424548663 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.425571511 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.434059704 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:08:45:51.446799815 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>> [11/Jan/2017:08:45:51.447939820 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>> [11/Jan/2017:08:45:51.603005983 -0500] NSACLPlugin - The ACL target
>>>>>> cn=automember rebuild membership,cn=tasks,cn=config does not exist
>>>>>> [11/Jan/2017:08:45:51.609962438 -0500] Skipping CoS Definition
>>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>>> found, which should be added before the CoS Definition.
>>>>>> [11/Jan/2017:08:45:55.211502712 -0500] NSMMReplicationPlugin -
>>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>>> o=ipaca. Check if DB RUV needs to be updated
>>>>>> [11/Jan/2017:08:45:55.212802169 -0500] NSMMReplicationPlugin -
>>>>>> replica_check_for_data_reload: Warning: disordely shutdown for replica
>>>>>> dc=optimcloud,dc=com. Check if DB RUV needs to be updated
>>>>>> [11/Jan/2017:08:45:55.213784972 -0500] NSMMReplicationPlugin - Force
>>>>>> update of database RUV (from CL RUV) ->  5871c7bf000200030000
>>>>>> [11/Jan/2017:08:45:55.226190891 -0500] set_krb5_creds - Could not get
>>>>>> initial credentials for principal
>>>>>> [ldap/ipa2.optimcloud.com at OPTIMCLOUD.COM] in keytab
>>>>>> [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>>>>>> requested realm)
>>>>>> [11/Jan/2017:08:45:55.235585814 -0500] schema-compat-plugin -
>>>>>> schema-compat-plugin tree scan will start in about 5 seconds!
>>>>>> [11/Jan/2017:08:45:55.246224036 -0500] slapd started.  Listening on
>>>>>> All Interfaces port 389 for LDAP requests
>>>>>> [11/Jan/2017:08:45:55.247206931 -0500] Listening on All Interfaces
>>>>>> port 636 for LDAPS requests
>>>>>> [11/Jan/2017:08:45:55.248178427 -0500] Listening on
>>>>>> /var/run/slapd-OPTIMCLOUD-COM.socket for LDAPI requests
>>>>>> [11/Jan/2017:08:46:00.243609069 -0500] schema-compat-plugin - warning:
>>>>>> no entries set up under ou=sudoers,dc=optimcloud,dc=com
>>>>>> [11/Jan/2017:08:46:00.268221576 -0500] schema-compat-plugin - warning:
>>>>>> no entries set up under cn=computers, cn=compat,dc=optimcloud,dc=com
>>>>>> [11/Jan/2017:08:46:00.293865724 -0500] schema-compat-plugin - Finished
>>>>>> plugin initialization.
>>>>>> [11/Jan/2017:10:13:10.814343630 -0500] ipa-topology-plugin -
>>>>>> ipa_topo_be_state_changebackend userRoot is going offline; inactivate
>>>>>> plugin
>>>>>> [11/Jan/2017:10:13:10.816016676 -0500] NSMMReplicationPlugin -
>>>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is going
>>>>>> offline; disabling replication
>>>>>> [11/Jan/2017:10:13:10.989828406 -0500] WARNING: Import is running with
>>>>>> nsslapd-db-private-import-mem on; No other process is allowed to
>>>>>> access the database
>>>>>> [11/Jan/2017:10:13:13.400691753 -0500] import userRoot: Workers
>>>>>> finished; cleaning up...
>>>>>> [11/Jan/2017:10:13:13.602133347 -0500] import userRoot: Workers
>>>>>> cleaned
>>>>>> up.
>>>>>> [11/Jan/2017:10:13:13.603143342 -0500] import userRoot: Indexing
>>>>>> complete.  Post-processing...
>>>>>> [11/Jan/2017:10:13:13.604049358 -0500] import userRoot: Generating
>>>>>> numsubordinates (this may take several minutes to complete)...
>>>>>> [11/Jan/2017:10:13:13.623115593 -0500] import userRoot: Generating
>>>>>> numSubordinates complete.
>>>>>> [11/Jan/2017:10:13:13.626755066 -0500] import userRoot: Gathering
>>>>>> ancestorid non-leaf IDs...
>>>>>> [11/Jan/2017:10:13:13.627723269 -0500] import userRoot: Finished
>>>>>> gathering ancestorid non-leaf IDs.
>>>>>> [11/Jan/2017:10:13:13.629852863 -0500] import userRoot: Creating
>>>>>> ancestorid index (new idl)...
>>>>>> [11/Jan/2017:10:13:13.639696420 -0500] import userRoot: Created
>>>>>> ancestorid index (new idl).
>>>>>> [11/Jan/2017:10:13:13.640600762 -0500] import userRoot: Flushing
>>>>>> caches...
>>>>>> [11/Jan/2017:10:13:13.641480552 -0500] import userRoot: Closing
>>>>>> files...
>>>>>> [11/Jan/2017:10:13:13.715980315 -0500] import userRoot: Import
>>>>>> complete.  Processed 669 entries in 3 seconds. (223.00 entries/sec)
>>>>>> [11/Jan/2017:10:13:13.728527338 -0500] ipa-topology-plugin -
>>>>>> ipa_topo_be_state_change - backend userRoot is coming online; checking
>>>>>> domain level and init shared topology
>>>>>> [11/Jan/2017:10:13:13.733938688 -0500] NSMMReplicationPlugin -
>>>>>> multimaster_be_state_change: replica dc=optimcloud,dc=com is coming
>>>>>> online; enabling replication
>>>>>> [11/Jan/2017:10:13:13.739807383 -0500] NSMMReplicationPlugin -
>>>>>> replica_reload_ruv: Warning: new data for replica dc=optimcloud,dc=com
>>>>>> does not match the data in the changelog.
>>>>>> Recreating the changelog file. This could affect replication with
>>>>>> replica's  consumers in which case the consumers should be
>>>>>> reinitialized.
>>>>>> [11/Jan/2017:10:13:13.763870772 -0500] Skipping CoS Definition
>>>>>> cn=Password Policy,cn=accounts,dc=optimcloud,dc=com--no CoS Templates
>>>>>> found, which should be added before the CoS Definition.
>>>>>> [11/Jan/2017:10:13:13.765996343 -0500] NSACLPlugin - The ACL target
>>>>>> cn=groups,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.767033598 -0500] NSACLPlugin - The ACL target
>>>>>> cn=computers,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.768062467 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ng,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.769148609 -0500] NSACLPlugin - The ACL target
>>>>>> ou=sudoers,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.770167282 -0500] NSACLPlugin - The ACL target
>>>>>> cn=users,cn=compat,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.771219502 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.772226730 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.773244095 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.774263646 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.775259783 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.776287349 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.789282141 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.790317167 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.791355826 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.792403901 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.793450557 -0500] NSACLPlugin - The ACL target
>>>>>> cn=vaults,cn=kra,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.795887627 -0500] NSACLPlugin - The ACL target
>>>>>> cn=ad,cn=etc,dc=optimcloud,dc=com does not exist
>>>>>> [11/Jan/2017:10:13:13.805429364 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>> [11/Jan/2017:10:13:13.806532806 -0500] NSACLPlugin - The ACL target
>>>>>> cn=casigningcert
>>>>>> cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=optimcloud,dc=com does not
>>>>>> exist
>>>>>>
>>>>>> =================================
>>>>>>
>>>>>> On Wed, Jan 11, 2017 at 10:24 AM, Martin Basti <mbasti at redhat.com>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 11.01.2017 15:32, Outback Dingo wrote:
>>>>>>>>
>>>>>>>> not sure why, but the secondary freeipa server is out of sync by a
>>>>>>>> long shot now, missing dns domains and A records... tried
>>>>>>>> ipa-replica-manage force-sync --from ipa.optimcloud.com
>>>>>>>>
>>>>>>>> doesnt seem to be working
>>>>>>>>
>>>>>>>> HELP!
>>>>>>>>
>>>>>>> Do you see any errors in /var/log/dirsrv/slapd-*/errors on servers?
>>>>>>>
>>>>>>> Martin
>>>>>
>>>>>
>



From janorel at gmail.com  Wed Jan 11 17:11:42 2017
From: janorel at gmail.com (Jan Orel)
Date: Wed, 11 Jan 2017 18:11:42 +0100
Subject: [Freeipa-users] CA crt renew -- encoding mismatch
In-Reply-To: <CAKZDQWKzoOqYkPcTK1G6TF7-PWVoRJX0vOKvSUADRJJ8aQb1QA@mail.gmail.com>
References: <CAKZDQWKzoOqYkPcTK1G6TF7-PWVoRJX0vOKvSUADRJJ8aQb1QA@mail.gmail.com>
Message-ID: <CAKZDQWLPcE3D7kRPfdvQhbFJ1OBgc3m7BfcMD8Kf=xE9bfkBzg@mail.gmail.com>

To sum up, our problem was we did not install new CA crt on all replicas,
which should be probably done using "ipa-certupdate", but we missed that in
the documentation.

Regarding the certificates encoding, we noticed that after the upgrade v3
-> v4 IPA issues certificates in UTF8STRING and as long as our CA crt was
still PRINTABLESTRING, it created miss-matched certificates. This could be
fixed by the CA crt renew.

J.


2017-01-04 16:46 GMT+01:00 Jan Orel <janorel at gmail.com>:

> Hello,
>
> recently we renewed our CA crt. Later we noticed the new CA certificate
> uses different encoding in Issuer and Subject:
>
> subject=
>     organizationName          = UTF8STRING:INTGDC.COM
>     commonName                = UTF8STRING:Certificate Authority
> issuer=
>     organizationName          = PRINTABLESTRING:INTGDC.COM
>     commonName                = PRINTABLESTRING:Certificate Authority
>
> The former CA certificate is PRINTABLESTRING in both fields, as well as
> all the older certs.
>
> Since the renewal we have issues with trusting newly issued certificates,
> which also have different encoding in subject and issuer.
>
> What should be the default (correct) encoding for the certificates?
>
> According to the: http://www.freeipa.org/page/Troubleshooting seems it
> should be UTF8
>
> but from the certmonger: https://git.fedorahosted.org/cgit/
> certmonger.git/commit/?id=e6ecd5d8df3413a9717c57ee7fb8702ece23afd6
>
> seems PRINTABLESTRING is used.
>
> How to fix? Do we need to re-new the CA certificate once again?
>
> Thank you
> Jan Orel
>
> We run:
> ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> certmonger-0.78.4-1.el7.x86_64
> nuxwdog-1.0.3-4.el7_2.x86_64
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/135adbff/attachment.htm>

From bob at rha-ltd.co.uk  Wed Jan 11 20:30:46 2017
From: bob at rha-ltd.co.uk (Bob Hinton)
Date: Wed, 11 Jan 2017 20:30:46 +0000
Subject: [Freeipa-users] pki-tomcat failure
In-Reply-To: <a954d96c-48c8-2024-402f-3ca25e707255@redhat.com>
References: <98524118-0880-ed42-4f09-0e3d7f349cc2@rha-ltd.co.uk>
	<a954d96c-48c8-2024-402f-3ca25e707255@redhat.com>
Message-ID: <06d69414-5e9f-3f3c-1d12-a294f48943b4@rha-ltd.co.uk>

On 11/01/2017 13:55, Petr Vobornik wrote:
> On 01/10/2017 09:31 PM, Bob Hinton wrote:
>> Hi,
>>
>> The pki-tomcatd services on our IPA servers seem to have stopped working.
>>
>> This seems to be related to the expiry of several certificates -
>>
>> [root at ipa001 ~]# getcert list | more
>> Number of certificates and requests being tracked: 8.
>> Request ID '20161230150048':
>>         status: MONITORING
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=LOCAL.COM
>>         subject: CN=CA Audit,O=LOCAL.COM
>>         expires: 2017-01-09 08:21:45 UTC
>>         key usage: digitalSignature,nonRepudiation
>>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
>> "auditSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>> Request ID '20161230150049':
>>         status: MONITORING
>>         stuck: no
>>         key pair storage:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS Certificate DB',pin set
>>         certificate:
>> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
>> cert-pki-ca',token='NSS Certificate DB'
>>         CA: dogtag-ipa-ca-renew-agent
>>         issuer: CN=Certificate Authority,O=LOCAL.COM
>>         subject: CN=OCSP Subsystem,O=LOCAL.COM
>>         expires: 2017-01-09 08:21:45 UTC
>>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>>         eku: id-kp-OCSPSigning
>>         pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad
>>         post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert
>> "ocspSigningCert cert-pki-ca"
>>         track: yes
>>         auto-renew: yes
>>
>> These were originally in CA_WORKING state, but I moved the clock back
>> and restarted certmonger to try to renew them.
>
> Certs above have:
>    expires: 2017-01-09 08:21:45 UTC
>
> But log has 10/Jan so the log is from the time when certs are expired.
>
> Move time back when all certs reported by `getcert list` are valid.
> Restart IPA. Resubmit all certs which are about to expire. Move time back.
>
Hi Petr,

I had already tried moving the clock back, but unfortunately tomcat-pki
still wouldn't start. I had to temporarily configure it to connect to
LDAP using BasicAuth, as suggested by Adam Tkac. With this done and the
time moved back tomcat-pki started OK and restarting certmonger made it
renew all the certs.

Presumably something was already broken and so certmonger didn't renew
them in the first place.

Thanks

Bob
>>
>> /var/log/pki/pki-tomcat/ca/debug contains
>>
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: makeConnection:
>> errorIfDown true
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: Setting desired cert nickname to:
>> subsystemCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: LdapJssSSLSocket: set
>> client auth cert nickname subsystemCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificatSelectionCB: Entering!
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
>> caSigningCert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: Candidate cert:
>> Server-Cert cert-pki-ca
>> [10/Jan/2017:18:35:37][localhost-startStop-1]:
>> SSLClientCertificateSelectionCB: returning: null
>> [10/Jan/2017:18:35:37][localhost-startStop-1]: SSL handshake happened
>> Could not connect to LDAP server host ipa001.mgmt.local.com port 636
>> Error netscape.ldap.LDAPException: Authentication failed (48)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
>>         at
>> com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
>>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
>>         at
>> com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1169)
>>         at
>> com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1075)
>>         at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:571)
>>         at com.netscape.certsrv.apps.CMS.init(CMS.java:187)
>>         at com.netscape.certsrv.apps.CMS.start(CMS.java:1616)
>>         at
>> com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:114)
>>         at javax.servlet.GenericServlet.init(GenericServlet.java:158)
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>         at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>         at java.lang.reflect.Method.invoke(Method.java:498)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)
>>         at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>>         at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)
>>         at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:124)
>>         at
>> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1270)
>>         at
>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1195)
>>         at
>> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1085)
>>         at
>> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5318)
>>         at
>> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5610)
>>         at
>> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
>>         at
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
>>         at
>> org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156)
>>         at
>> org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145)
>>         at java.security.AccessController.doPrivileged(Native Method)
>>         at
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:873)
>>         at
>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
>>         at
>> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:679)
>>         at
>> org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1966)
>>         at
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>         at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>         at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>         at java.lang.Thread.run(Thread.java:745)
>> Internal Database Error encountered: Could not connect to LDAP server
>> host ipa001.mgmt.local.com port 636 Error netscape.ldap.LDAPException:
>> Authentication failed (48)
>>         at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:676)
>>
>> The only connection attempt I can find relating to err=48 in the slapd
>> access log is -
>>
>>
>> [10/Jan/2017:18:21:08.884446519 +0000] conn=59668 fd=83 slot=83 SSL
>> connection from 10.220.6.250 to 10.220.6.250
>> [10/Jan/2017:18:21:08.898844561 +0000] conn=59668 TLS1.2 256-bit AES
>> [10/Jan/2017:18:21:08.917314723 +0000] conn=59668 op=0 BIND dn=""
>> method=sasl version=3 mech=EXTERNAL
>> [10/Jan/2017:18:21:08.919725280 +0000] conn=59668 op=0 RESULT err=48
>> tag=97 nentries=0 etime=0
>> [10/Jan/2017:18:21:09.590236408 +0000] conn=59637 op=88 EXT
>> oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
>>
>> We recent upgraded ipa from 4.2 to 4.4 and I wonder if that broke something.
>>
>>  ipa --version
>> VERSION: 4.4.0, API_VERSION: 2.213
>>
>> The /etc/ca.crt cert was originally created on an ipa 3.3 server that no
>> longer exists, I don't know if that's relevant.
>>
>> Anyway, I'm stumped on how to fix this so could anyone please help.
>>
>> Many thanks
>>
>> Bob
>>
>



From daniel at schimpfoessl.com  Thu Jan 12 04:33:49 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Wed, 11 Jan 2017 22:33:49 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <9988ea17-db76-aa1f-3009-387819189354@redhat.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
	<9988ea17-db76-aa1f-3009-387819189354@redhat.com>
Message-ID: <CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>

Flo,

these are all the errors found:
grep 'RESULT err=' access | perl -pe 's/.*(RESULT\s+err=\d+).*/$1/g' | sort
-n | uniq -c | sort -n
      2 RESULT err=6
     95 RESULT err=32
    200 RESULT err=14
   2105 RESULT err=0


2017-01-05 8:10 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:

> On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
>
>> From the logs:
>> /var/log/dirsrv/slapd-DOMAIN-COM/errors
>> ... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
>> [04/Jan/2017:12:14:21.392642021 -0600] slapd started.  Listening on All
>> Interfaces port 389 for LDAP requests
>>
>> /var/log/dirsrv/slapd-DOMAIN-COM/access
>> ... lots of entries, not sure what to look for some lines contain RESULT
>> with err!=0
>> [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT err=32
>> tag=101 nentries=0 etime=0
>> [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT err=14 tag=97
>> nentries=0 etime=0, SASL bind in progress
>>
>> Hi Daniel,
>
> are there any RESULT err=48 that could correspond to the error seen on pki
> logs?
>
> Flo
>
> /var/log/dirsrv/slapd-DOMAIN-COM/errors
>> [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down - signaling
>> operation threads - op stack size 5 max work q size 2 max work q stack
>> size 2
>> [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down - closing
>> down internal subsystems and plugins
>>
>>
>> 2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
>> <mailto:daniel at schimpfoessl.com>>:
>>
>>     Do you have a list of all log files involved in IPA?
>>     Would be good to consolidate them into ELK for analysis.
>>
>>     2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>>     <mailto:flo at redhat.com>>:
>>
>>
>>         On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>             Thanks for your reply.
>>
>>             This was the initial error I asked for help a while ago and
>>             did not get
>>             resolved. Further digging showed the recent errors.
>>             The service was running (using ipactl start --force) and
>>             only after a
>>             restart I am getting a stack trace for two primary messages:
>>
>>             Could not connect to LDAP server host wwgwho01.webwim.com
>>             <http://wwgwho01.webwim.com>
>>             <http://wwgwho01.webwim.com> port 636 Error
>>             netscape.ldap.LDAPException:
>>             Authentication failed (48)
>>             ...
>>
>>             Internal Database Error encountered: Could not connect to
>>             LDAP server
>>             host wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>>             <http://wwgwho01.webwim.com> port 636 Error
>>             netscape.ldap.LDAPException: Authentication failed (48)
>>             ...
>>
>>             and finally:
>>             [02/Jan/2017:12:20:34][localhost-startStop-1]:
>>             CMSEngine.shutdown()
>>
>>
>>             2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>>             <flo at redhat.com <mailto:flo at redhat.com>
>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>>
>>                 systemctl start pki-tomcatd at pki-tomcat.service
>>
>>
>>
>>         Hi Daniel,
>>
>>         the next step would be to understand the root cause of this
>>         "Authentication failed (48)" error. Note the exact time of this
>>         log and look for a corresponding log in the LDAP server logs
>>         (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing
>>         BIND with err=48. This may help diagnose the issue (if we can
>>         see which certificate is used for the bind or if there is a
>>         specific error message).
>>
>>         For the record, a successful bind over SSL would produce this
>>         type of log where we can see the certificate subject and the
>>         user mapped to this certificate:
>>         [...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
>>         10.34.58.150
>>         [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>>         Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>; issuer
>>         CN=Certificate Authority,O=DOMAIN.COM <http://DOMAIN.COM>
>>         [...] conn=47 TLS1.2 client bound as
>> uid=pkidbuser,ou=people,o=ipaca
>>         [...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
>>         [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
>>         dn="uid=pkidbuser,ou=people,o=ipaca"
>>
>>         Flo
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/3f6233ef/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan 12 13:57:20 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 12 Jan 2017 08:57:20 -0500
Subject: [Freeipa-users] Switch certificates from external CA to internal
Message-ID: <CA+No-6G_XmrnkS2bAFwMw5iSy87WfOMD4-tHa=kkoptts2-uZg@mail.gmail.com>

I've had issues with expired certificates. In the course of troubleshooting
I've somehow set the cas to external. Is there a way I can switch back?

[root at id-management-1 conf]# getcert list-cas
CA 'SelfSign':
        is-default: no
        ca-type: INTERNAL:SELF
        next-serial-number: 01
CA 'IPA':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/ipa-server-guard
/usr/libexec/certmonger/ipa-submit
CA 'certmaster':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/certmaster-submit
CA 'dogtag-ipa-renew-agent':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/ipa-server-guard
/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
CA 'local':
        is-default: no
        ca-type: EXTERNAL
        helper-location: /usr/libexec/certmonger/local-submit
CA 'dogtag-ipa-ca-renew-agent':
        is-default: no
        ca-type: EXTERNAL
        helper-location:
/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -vv

Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170112/c9462055/attachment.htm>

From flo at redhat.com  Thu Jan 12 15:46:21 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Thu, 12 Jan 2017 16:46:21 +0100
Subject: [Freeipa-users] Switch certificates from external CA to internal
In-Reply-To: <CA+No-6G_XmrnkS2bAFwMw5iSy87WfOMD4-tHa=kkoptts2-uZg@mail.gmail.com>
References: <CA+No-6G_XmrnkS2bAFwMw5iSy87WfOMD4-tHa=kkoptts2-uZg@mail.gmail.com>
Message-ID: <28417421-2dd9-b98c-d40d-07aa5745030c@redhat.com>

On 01/12/2017 02:57 PM, Jeff Goddard wrote:
> I've had issues with expired certificates. In the course of
> troubleshooting I've somehow set the cas to external. Is there a way I
> can switch back?
>
> [root at id-management-1 conf]# getcert list-cas
> CA 'SelfSign':
>         is-default: no
>         ca-type: INTERNAL:SELF
>         next-serial-number: 01
> CA 'IPA':
>         is-default: no
>         ca-type: EXTERNAL
>         helper-location: /usr/libexec/certmonger/ipa-server-guard
> /usr/libexec/certmonger/ipa-submit
> CA 'certmaster':
>         is-default: no
>         ca-type: EXTERNAL
>         helper-location: /usr/libexec/certmonger/certmaster-submit
> CA 'dogtag-ipa-renew-agent':
>         is-default: no
>         ca-type: EXTERNAL
>         helper-location: /usr/libexec/certmonger/ipa-server-guard
> /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
> CA 'local':
>         is-default: no
>         ca-type: EXTERNAL
>         helper-location: /usr/libexec/certmonger/local-submit
> CA 'dogtag-ipa-ca-renew-agent':
>         is-default: no
>         ca-type: EXTERNAL
>         helper-location:
> /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -vv
>
> Thanks,
>
> Jeff
>
>
>
Hi Jeff,

the following documentation explains how to change the certificate chain 
from externally-signed to self-signed:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/change-cert-chaining.html

HTH,
Flo.



From jgoddard at emerlyn.com  Thu Jan 12 16:40:35 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 12 Jan 2017 11:40:35 -0500
Subject: [Freeipa-users] Switch certificates from external CA to internal
In-Reply-To: <28417421-2dd9-b98c-d40d-07aa5745030c@redhat.com>
References: <CA+No-6G_XmrnkS2bAFwMw5iSy87WfOMD4-tHa=kkoptts2-uZg@mail.gmail.com>
	<28417421-2dd9-b98c-d40d-07aa5745030c@redhat.com>
Message-ID: <CA+No-6FoQLdTu=av5aJyeOug7_wLK4MMkx0yQdhsouuFnR_g8g@mail.gmail.com>

Thanks Flo,

My system is still in a bad state as I got this as a result of the command:

[root at id-management-1 ~]# ipa-cacert-manage renew --self-signed
Renewing CA certificate, please wait
Resubmitting certmonger request '20170101055025' timed out, please check
the request manually
The ipa-cacert-manage command failed.

The relevant output from getcert list was:
Request ID '20170101055025':
        status: NEED_CSR_GEN_TOKEN
        stuck: yes
        key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
        certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-ca-renew-agent
        issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
        subject: CN=localhost
        expires: 2037-01-01 06:28:46 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

I took the step of stopping tracking on that cert which was a mistake and
now I'm having a hard time with the syntax of adding it back.

Jeff







On Thu, Jan 12, 2017 at 10:46 AM, Florence Blanc-Renaud <flo at redhat.com>
wrote:

> On 01/12/2017 02:57 PM, Jeff Goddard wrote:
>
>> I've had issues with expired certificates. In the course of
>> troubleshooting I've somehow set the cas to external. Is there a way I
>> can switch back?
>>
>> [root at id-management-1 conf]# getcert list-cas
>> CA 'SelfSign':
>>         is-default: no
>>         ca-type: INTERNAL:SELF
>>         next-serial-number: 01
>> CA 'IPA':
>>         is-default: no
>>         ca-type: EXTERNAL
>>         helper-location: /usr/libexec/certmonger/ipa-server-guard
>> /usr/libexec/certmonger/ipa-submit
>> CA 'certmaster':
>>         is-default: no
>>         ca-type: EXTERNAL
>>         helper-location: /usr/libexec/certmonger/certmaster-submit
>> CA 'dogtag-ipa-renew-agent':
>>         is-default: no
>>         ca-type: EXTERNAL
>>         helper-location: /usr/libexec/certmonger/ipa-server-guard
>> /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
>> CA 'local':
>>         is-default: no
>>         ca-type: EXTERNAL
>>         helper-location: /usr/libexec/certmonger/local-submit
>> CA 'dogtag-ipa-ca-renew-agent':
>>         is-default: no
>>         ca-type: EXTERNAL
>>         helper-location:
>> /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -vv
>>
>> Thanks,
>>
>> Jeff
>>
>>
>>
>> Hi Jeff,
>
> the following documentation explains how to change the certificate chain
> from externally-signed to self-signed:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
> rise_Linux/7/html/Linux_Domain_Identity_Authentication_and_
> Policy_Guide/change-cert-chaining.html
>
> HTH,
> Flo.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170112/fde58f9c/attachment.htm>

From redbranchwarrior at gmail.com  Thu Jan 12 19:56:29 2017
From: redbranchwarrior at gmail.com (Matthew Carter)
Date: Thu, 12 Jan 2017 14:56:29 -0500
Subject: [Freeipa-users] Weird single user problem
Message-ID: <2d9eb072-d38e-3915-8e80-1fc1400acb0b@gmail.com>

I have a question I could really use help with.


I should start off by saying I'm relatively new to freeipa. I'm using 
RedHat's IDM and I have a simple network set up with 5 machines and 12 
users. I got a call to go take a look at one of the machines and the 
user had forgotten their password. No problem, I went into the web gui 
and changed the users password and asked her to log in with the simple 
password I provided. She attempted to, I attempted to as well, but we 
kept getting an authentication error.


I was able to log in with a user account. All other people were able to 
log in using a user account. I did a password update on a test account  
as I had done with hers and I was prompted to change it as per usual.


I then asked her to try another machine. She was prompted with the 
password change request and upon changing she logged in correctly. 
Luckily for me she was able to get by with using that workstation, but 
now I've got to figure out what is going on with the problematic one.


I've restarted the client machine and restarted the service on the 
server, both to no avail.


Where should I start looking?


Thanks!


Matthew



From jason at tresgeek.net  Thu Jan 12 20:40:33 2017
From: jason at tresgeek.net (Jason B. Nance)
Date: Thu, 12 Jan 2017 14:40:33 -0600 (CST)
Subject: [Freeipa-users] Weird single user problem
In-Reply-To: <2d9eb072-d38e-3915-8e80-1fc1400acb0b@gmail.com>
References: <2d9eb072-d38e-3915-8e80-1fc1400acb0b@gmail.com>
Message-ID: <1013728786.2534.1484253633327.JavaMail.zimbra@tresgeek.net>

Hi Matthew,

> Where should I start looking?

I would start by tailing the logs on the destination host while the user attempts to login with the account that isn't working.  On an EL 7 host you can use 'journalctl -f', on EL 6 and older you can use 'tail -F /var/log/messages /var/log/secure'.

Are you certain this was just a forgotten password (in other words, was the user ever able to login to this particular machine)?  Do you use any HBAC rules in your environment?

Regards,

j



From keesb at ghs.com  Fri Jan 13 12:59:25 2017
From: keesb at ghs.com (Kees Bakker)
Date: Fri, 13 Jan 2017 13:59:25 +0100
Subject: [Freeipa-users] ipa topologysuffix-verify "Topology is disconnected"
Message-ID: <3378812b-0147-1442-63ae-7252329273c4@ghs.com>

Hi,

After messing around with CERTs on one of the replica's there is
a problem with replication. The topology is simple, just two
hosts.

I am searching for the proper command(s) to make replication
functional again. This is what I see right now (replaced actual
fqdn's with host1 and host2).

On host1 and host2:
# ipa topologysegment-find domain --all
-----------------
1 segment matched
-----------------
  dn: cn=host1-to-host2,cn=domain,cn=topology,cn=ipa,cn=etc,dc=ghs,dc=nl
  Segment name: host1-to-host2
  Left node: host1
  Right node: host2
  Connectivity: left-right
  iparepltoposegmentstatus: autogen
  objectclass: top, iparepltoposegment
----------------------------
Number of entries returned 1
----------------------------

On host1:
# ipa topologysuffix-verify domain
========================================================
Replication topology of suffix "domain" contains errors.
========================================================
------------------------
Topology is disconnected
------------------------
  Server host2 can't contact servers: host1

On host2:
# ipa topologysuffix-verify domain
========================================================
Replication topology of suffix "domain" contains errors.
========================================================
------------------------
Topology is disconnected
------------------------
  Server host2 can't contact servers: host1

In other words, the same error message on both hosts.

The command to connect (as described in almost every online doc) does not
work anymore.

On host2:
# ipa-replica-manage connect host1
Creation of IPA replication agreement is deprecated with managed IPA replication topology. Please use `ipa topologysegment-*` commands to manage the topology.

On host1:
# ipa-replica-manage connect host2
Creation of IPA replication agreement is deprecated with managed IPA replication topology. Please use `ipa topologysegment-*` commands to manage the topology.

OK. Try to re-initialize then

On host1:
# ipa topologysegment-reinitialize domain host1-to-host2 --right
-------------------------------------------------------------------------
Replication refresh for segment: "host1-to-host2" requested.
-------------------------------------------------------------------------

Hmm, ok. Now what? Replication refresh is requested, but what is the result?

TL;DR
Above I mentioned that I messed around with CERT's. I wanted to use Let's
Encrypt for a signed CERT on host2. After it was quite a struggle to install
the necessary PEM's here and there. It could very well be that I didn't follow
the correct procedures, but I can only say that I searched the web forth and
back for the correct commands.

So the key problem now is that host2 (with the new CERT) cannot connect to
host1 (with its original self-signed CERT).

How to debug this?
-- 
Kees




From sipazzo at yahoo.com  Mon Jan  9 19:30:57 2017
From: sipazzo at yahoo.com (sipazzo)
Date: Mon, 9 Jan 2017 19:30:57 +0000 (UTC)
Subject: [Freeipa-users] Replication has stopped and server errors
In-Reply-To: <1907030761.1499705.1483736627128@mail.yahoo.com>
References: <14572427.872232.1483658995510.ref@mail.yahoo.com>
	<14572427.872232.1483658995510@mail.yahoo.com>
	<c2d12eb6-1199-45bb-8f24-dc6b6347d5c9@redhat.com>
	<1907030761.1499705.1483736627128@mail.yahoo.com>
Message-ID: <2083793578.1363259.1483990257976@mail.yahoo.com>

I am happy to report this appears to be resolved. I found this post: https://www.redhat.com/archives/freeipa-users/2014-February/msg00007.html which pointed me to the csn skew issue which was causing all my replication failures. I performed the steps in the post and things look much better so far.
Thank you.

      From: sipazzo <sipazzo at yahoo.com>
 To: Martin Basti <mbasti at redhat.com>; Freeipa-users <freeipa-users at redhat.com> 
 Sent: Friday, January 6, 2017 1:03 PM
 Subject: Re: [Freeipa-users] Replication has stopped and server errors
   
I have changed the number of db locks to 40000. After restart, each server reports a lot of these type errors:
DSRetroclPlugin - delete_changerecord: could not delete change record 6038434 

As well as immediately coming up with these errors (even after re-initializing)

06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - changelog program - agmt="cn=meToipa1-dev.example.local" (ipa1-corp:389): CSN 586d8aab000400110000 not found, we aren't as up to date, or we purged
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-corp.example.local" (ipa1-dev:389): Data required to update replica has been purged. The replica must be reinitialized.
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-xo:389): Incremental update failed and requires administrator action
[06/Jan/2017:12:10:12 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-dev.example.local" (ipa1-corp:389): Incremental update failed and requires administrator action
06/Jan/2017:12:15:47 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-io:389) - Can't locate CSN 586ffaf5000300100000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.
[06/Jan/2017:12:15:49 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-io:389) - Can't locate CSN 586ffaf7000000100000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized.

Replication topology is:3 geographic locations each with 2 ipa servers (dr, prod, dev)
ipa1-dev replicates with all servers (ipa2-dev,ipa1-dr, ipa2-dr, ipa1-prod, ipa2-prod)ipa1-dr also replicates with ipa2-dripa1-prod also replicates with ipa2-prod

As a test I deleted one host on each of the servers. I have waited 30 minutes and the results are:ipa1-dev - deletion replicated to all serversipa2-dr - deletion replicated to all servers
ipa1-dr, ipa1-prod, ipa2-dev, ipa2-prod - deletions not replicated



      From: Martin Basti <mbasti at redhat.com>
 To: sipazzo <sipazzo at yahoo.com>; Freeipa-users <freeipa-users at redhat.com> 
 Sent: Friday, January 6, 2017 8:58 AM
 Subject: Re: [Freeipa-users] Replication has stopped and server errors
  
 
  
 On 06.01.2017 00:29, sipazzo wrote:
  
  I have 6 ipa servers in 3 locations running 4.2.0-15.0.1on RHEL 7. Ipa1-dev is the CA Renewal and CRL Master server and where most of our updates  (host enrollment, password changes) end up taking place. ? Servers had been running fine. Over the holidays we started having some replication issues and looking at /var/log/dirsrv/slapd-REALM-COM/errors showed the following: 
  All servers currently have these errors for each replica the respective IPA servers are connected to: NSMMReplicationPlugin - agmt="cn=meToipa2-dr.example.local" (ipa2-dr:389): Incremental update failed and requires administrator action [04/Jan/2017:15:39:48 -0800] agmt="cn=meToipa1-dr.example.local" (ipa1-dr:389) - Can't locate CSN 583c8e74000600110000 in the changelog (DB  rc=-30988). If replication stops, the consumer may need to be reinitialized NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Data required to update replica has been purged. The replica must be reinitialized. [04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - agmt="cn=meToipa2-dev.example.local" (ipa2-dev:389): Incremental update failed and requires administrator action ?[04/Jan/2017:13:33:26 -0800] NSMMReplicationPlugin - agmt="cn=meToipa1-prod.example.local" (ipa1-prod:389): Incremental update failed and requires administrator action [04/Jan/2017:13:33:27 -0800] agmt="cn=meToipa2-prod.example.local" (ipa2-prod:389) - Can't locate CSN 586d69f0000400120000 in the changelog (DB rc=-30988). If replication stops, the consumer may need to be reinitialized. ? And all servers have these types of errors which are worrisome but they go back quite a way
  NSACLPlugin - The ACL target cn=dns,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=dns,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=groups,cn=compat,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=computers,cn=compat,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist NSACLPlugin - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=example,dc=local does not exist NSACLPlugin - The ACL target ou=sudoers,dc=networkfleet,dc=local does not exist  
 ^^^ just INFO messages, you can ignore them
 
 
 
  ? All servers except one have a lot of these DSRetroclPlugin - delete_changerecord: could not delete change record ? Ipa1-dev only has this
  04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa1-prod.example.local-pki-tomcat" (ipa1-prod:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa2-dr.example.local-pki-tomcat" (ipa2-dr:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:52 -0800] NSMMReplicationPlugin - agmt="cn=masterAgreement1-ipa1-dr.example.local-pki-tomcat" (ipa1-dr:389): Replication bind with SIMPLE auth resumed [04/Jan/2017:18:36:53 -0800] NSMMReplicationPlugin -agmt="cn=masterAgreement1-ipa2-prod.example.local-pki-tomcat" (ipa2-prod:389): Replication bind with SIMPLE auth resumed ? 3 servers (ipa1-dr ipa2-dr ipa2-prod) have these errors:  [01/Jan/2017:14:43:06 -0800] - libdb: BDB2055 Lock table is out of available lock entries [01/Jan/2017:14:43:06 -0800] - compactdb: failed to compact changelog; db error - 12 Cannot allocate memory  
 
 you probably need https://access.redhat.com/solutions/1241063 to increase number of locks (or in this threadhttps://lists.fedoraproject.org/pipermail/389-users/2011-June/013299.html)
 
 I would first increase the number of locks, and then look if something improved.
 We also don't know how your topology looks like, which servers are connected together.
 
 Martin
 
 
  ? 4 servers (ipa1-dev, ipa2-dev, ipa1-dr and ipa2-dr) have these errors
  [04/Jan/2017:15:37:21 -0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) [04/Jan/2017:15:37:24 -0800] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: LDAP error -1 (Can't contact LDAP server) ((null)) errno 107 (Transport endpoint is not connected) ?
  I have tried various combinations or restarting, re-initializing, disconnecting and reconnecting replicas but am down to only two servers replicating with each other currently (ipa1-dev and ipa2-dev). We did have a power outage at the dev location but it does not seem to correspond to when the errors started? Not sure how to recover from this. Any help is appreciated ? ?  
  
 
 
 

   

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170109/9b733623/attachment.htm>

From armaan.esfahani at advancedopen.com  Wed Jan 11 21:00:57 2017
From: armaan.esfahani at advancedopen.com (Armaan Esfahani)
Date: Wed, 11 Jan 2017 16:00:57 -0500
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
Message-ID: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>

Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 

Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.? ?On all existing accounts, whereas all new accounts function properly (after resetting their passwords).

 

Anyone have any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170111/b010c3da/attachment.htm>

From hirofumi.morikawa at accenture.com  Thu Jan 12 10:59:04 2017
From: hirofumi.morikawa at accenture.com (hirofumi.morikawa at accenture.com)
Date: Thu, 12 Jan 2017 10:59:04 +0000
Subject: [Freeipa-users] Not able to replicate user keys across master
	and client
In-Reply-To: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
References: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
Message-ID: <b6ee03f3411945eda2ff416da6302eca@BY2PR42MB168.048d.mgd.msft.net>

Hi Free IPA team

Let me further clarify the question that is asked by Niraj below.

Currently, we have 1 master FreeIPA server and 1 client server. Evaluating your product for production deployment
Master and client connectivity is established and when creating the user in the web console, it is indeed creating the user in the client machine

However, When we add public key through the web console below, this key is not created(or transfered) to the client machine(checked by logging into the
server) that blocks the key based access to this machine

[cid:image003.jpg at 01D26CCB.55E68FA0]


Could you please let us know if this key is supposed to be created to the client machine natively with FreeIPA
when registering the key through the console above?  Are we missing any configuration to enable this
key registration to client machine? Thank you for your response in advance

Best regards

Hirofumi Morikawa
Accenture
Certified Technology Architect - Emerging Technologies group
Email : hirofumi.morikawa at accenture.com<mailto:hirofumi.morikawa at accenture.com>
Mobile phone : +33 (0)6 82 10 81 88

From: Singh, NirajKumar
Sent: mardi 10 janvier 2017 10:38
To: freeipa-users at redhat.com
Cc: Morikawa, Hirofumi; Shyam Gupta, Upendra
Subject: Not able to replicate user keys across master and client

Hi Team,

We have Created PPK key for the user on master FreeIPA server  which is there in /home/user/.ssh/authorized_keys file.

But the key are not reflecting in client machine.

Please suggest so that authorized_keys file added automatically in client as soon as it gets created in master server.

Thanks,
Niraj

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170112/16b47e10/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 31919 bytes
Desc: image003.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170112/16b47e10/attachment.jpg>

From alan at instinctualsoftware.com  Fri Jan 13 13:18:16 2017
From: alan at instinctualsoftware.com (Alan Latteri)
Date: Fri, 13 Jan 2017 05:18:16 -0800
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
Message-ID: <AD0DAAC6-251E-488B-A9DC-DD91B846AD0C@instinctualsoftware.com>

what steps did you use to connect samba to ipa?


> On Jan 11, 2017, at 1:00 PM, Armaan Esfahani <armaan.esfahani at advancedopen.com> wrote:
> 
> Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 
> Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.?  On all existing accounts, whereas all new accounts function properly (after resetting their passwords).
>  
> Anyone have any ideas?
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users <https://www.redhat.com/mailman/listinfo/freeipa-users>
> Go to http://freeipa.org <http://freeipa.org/> for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170113/6bb9eab4/attachment.htm>

From sbose at redhat.com  Fri Jan 13 13:29:25 2017
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 13 Jan 2017 14:29:25 +0100
Subject: [Freeipa-users] Not able to replicate user keys across master
 and client
In-Reply-To: <b6ee03f3411945eda2ff416da6302eca@BY2PR42MB168.048d.mgd.msft.net>
References: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
	<b6ee03f3411945eda2ff416da6302eca@BY2PR42MB168.048d.mgd.msft.net>
Message-ID: <20170113132925.GC11789@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Thu, Jan 12, 2017 at 10:59:04AM +0000, hirofumi.morikawa at accenture.com wrote:
> Hi Free IPA team
> 
> Let me further clarify the question that is asked by Niraj below.
> 
> Currently, we have 1 master FreeIPA server and 1 client server. Evaluating your product for production deployment
> Master and client connectivity is established and when creating the user in the web console, it is indeed creating the user in the client machine
> 
> However, When we add public key through the web console below, this key is not created(or transfered) to the client machine(checked by logging into the
> server) that blocks the key based access to this machine
> 
> [cid:image003.jpg at 01D26CCB.55E68FA0]

Does the web console show the key's fingerprint after you added it as
shown in
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/user-keys.html


> 
> 
> Could you please let us know if this key is supposed to be created to the client machine natively with FreeIPA
> when registering the key through the console above?  Are we missing any configuration to enable this
> key registration to client machine? Thank you for your response in advance

If you used ipa-join or realmd to join the IPA client to the IPA server
everything should be configured correctly.

In /etc/ssh/sshd_config you should find the line 'AuthorizedKeysCommand
/usr/bin/sss_ssh_authorizedkeys' which tells sshd to call
sss_ssh_authorizedkeys to get the key.

You can call 'sss_ssh_authorizedkeys' directly with the user name as
argument to see if the key is returned:

# sss_ssh_authorizedkeys testuser
ssh-rsa AAAAB3Nz.......

If nothing is returned you should check /var/log/sssd/sssd_ssh.log for
errors. You might need to increase in debug_level in the [ssh] section
of sssd.conf first, see
https://fedorahosted.org/sssd/wiki/Troubleshooting for details.

HTH

bye,
Sumit

> 
> Best regards
> 
> Hirofumi Morikawa
> Accenture
> Certified Technology Architect - Emerging Technologies group
> Email : hirofumi.morikawa at accenture.com<mailto:hirofumi.morikawa at accenture.com>
> Mobile phone : +33 (0)6 82 10 81 88
> 
> From: Singh, NirajKumar
> Sent: mardi 10 janvier 2017 10:38
> To: freeipa-users at redhat.com
> Cc: Morikawa, Hirofumi; Shyam Gupta, Upendra
> Subject: Not able to replicate user keys across master and client
> 
> Hi Team,
> 
> We have Created PPK key for the user on master FreeIPA server  which is there in /home/user/.ssh/authorized_keys file.
> 
> But the key are not reflecting in client machine.
> 
> Please suggest so that authorized_keys file added automatically in client as soon as it gets created in master server.
> 
> Thanks,
> Niraj
> 
> ________________________________
> 
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________________________
> 
> www.accenture.com



> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From sbose at redhat.com  Fri Jan 13 13:37:19 2017
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 13 Jan 2017 14:37:19 +0100
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
Message-ID: <20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Wed, Jan 11, 2017 at 04:00:57PM -0500, Armaan Esfahani wrote:
> Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 
> 
> Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.? ?On all existing accounts, whereas all new accounts function properly (after resetting their passwords).
> 
>  
> 
> Anyone have any ideas?

Maybe the sidgen task was run during ipa-adtrust-install, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#create-trust-existing-idm
how to run it.

HTH

bye,
Sumit

> 

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From armaan.esfahani at advancedopen.com  Fri Jan 13 17:00:36 2017
From: armaan.esfahani at advancedopen.com (Armaan Esfahani)
Date: Fri, 13 Jan 2017 12:00:36 -0500
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <AD0DAAC6-251E-488B-A9DC-DD91B846AD0C@instinctualsoftware.com>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
	<AD0DAAC6-251E-488B-A9DC-DD91B846AD0C@instinctualsoftware.com>
Message-ID: <918AB64A-6F6D-4DC8-9DC8-E0D84FC13938@advancedopen.com>

To connect Samba to FreeIPA, I did the following:

 

1.       Install IPA Server

2.       Configure IPA Server

3.       Run ipa-adtrust-install 

4.       Add shares to config using ?net conf?

 

 

I also ran the SID gen task when doing the ipa-adtrust-install, and even ran it later manually with an ldapmodify on the script link to be sure.

 

From: <freeipa-users-bounces at redhat.com> on behalf of Alan Latteri <alan at instinctualsoftware.com>
Date: Friday, January 13, 2017 at 8:18 AM
To: Armaan Esfahani <armaan.esfahani at advancedopen.com>
Cc: <freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail

 

what steps did you use to connect samba to ipa?

 

 

On Jan 11, 2017, at 1:00 PM, Armaan Esfahani <armaan.esfahani at advancedopen.com> wrote:

 

Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 

Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.?  On all existing accounts, whereas all new accounts function properly (after resetting their passwords).

 

Anyone have any ideas?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

 

-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170113/9a953d2e/attachment.htm>

From armaan.esfahani at advancedopen.com  Fri Jan 13 17:02:29 2017
From: armaan.esfahani at advancedopen.com (Armaan Esfahani)
Date: Fri, 13 Jan 2017 12:02:29 -0500
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
	<20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <8BBBAB1A-A375-4A7A-90A7-B64FC990EC33@advancedopen.com>

I have attempted running the SIDgen task via ipa-adtrust-install. I will also try the link you recommended, will update with results.

 

On 1/13/17, 8:37 AM, "Sumit Bose" <freeipa-users-bounces at redhat.com on behalf of sbose at redhat.com> wrote:

 

??? On Wed, Jan 11, 2017 at 04:00:57PM -0500, Armaan Esfahani wrote:

??? > Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 

????> 

????> Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.?? On all existing accounts, whereas all new accounts function properly (after resetting their passwords).

??? > 

????>? 

????> 

????> Anyone have any ideas?

??? 

????Maybe the sidgen task was run during ipa-adtrust-install, please see

??? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#create-trust-existing-idm

??? how to run it.

??? 

????HTH

??? 

????bye,

??? Sumit

??? 

????> 

????

????> -- 

????> Manage your subscription for the Freeipa-users mailing list:

??? > https://www.redhat.com/mailman/listinfo/freeipa-users

??? > Go to http://freeipa.org for more info on the project

??? 

????-- 

????Manage your subscription for the Freeipa-users mailing list:

??? https://www.redhat.com/mailman/listinfo/freeipa-users

??? Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170113/a404e1f4/attachment.htm>

From armaan.esfahani at advancedopen.com  Fri Jan 13 18:33:52 2017
From: armaan.esfahani at advancedopen.com (Armaan Esfahani)
Date: Fri, 13 Jan 2017 13:33:52 -0500
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
	<20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <86DB5B2B-D937-41C3-83CF-402EC7165A1C@advancedopen.com>

Upon running the ldapmodify command, I receive an ?ldap_bind: No such object (32)? error, any suggesions?

 

On 1/13/17, 8:37 AM, "Sumit Bose" <freeipa-users-bounces at redhat.com on behalf of sbose at redhat.com> wrote:

 

??? On Wed, Jan 11, 2017 at 04:00:57PM -0500, Armaan Esfahani wrote:

??? > Hi, I have setup a Samba server to use FreeIPA as a password backend, however whenever I try to use existing users to login I get ?NT_STATUS_LOGON_FAILURE?. 

????> 

????> Looking at the sssd_nss log on my ipa server, I get the following error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing SID.?? On all existing accounts, whereas all new accounts function properly (after resetting their passwords).

??? > 

????>? 

????> 

????> Anyone have any ideas?

??? 

????Maybe the sidgen task was run during ipa-adtrust-install, please see

??? https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#create-trust-existing-idm

??? how to run it.

??? 

????HTH

??? 

????bye,

??? Sumit

??? 

????> 

????

????> -- 

????> Manage your subscription for the Freeipa-users mailing list:

??? > https://www.redhat.com/mailman/listinfo/freeipa-users

??? > Go to http://freeipa.org for more info on the project

??? 

????-- 

????Manage your subscription for the Freeipa-users mailing list:

??? https://www.redhat.com/mailman/listinfo/freeipa-users

??? Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170113/1c4b666f/attachment.htm>

From r3pek at r3pek.org  Fri Jan 13 19:57:13 2017
From: r3pek at r3pek.org (Carlos Silva)
Date: Fri, 13 Jan 2017 19:57:13 +0000
Subject: [Freeipa-users] Error while issuing ipa-replica-install
Message-ID: <CA+ZvHYF4Bymx8UKRWk8F9noFbhJ+N1o3zVsxs5sA5Szg3ynEdw@mail.gmail.com>

Hi list.

I'm setting up a couple of FreeIPA servers and I hit an error while trying
to setup the replica. Master is fine AFAICT.
I'm running both servers on CentOS 7 and using the latest FreeIPA version:
# repoquery -i ipa-server

Name        : ipa-server
Version     : 4.4.0
Release     : 14.el7.centos.1.1

Now, the error I'm hitting is this one:
https://fedorahosted.org/freeipa/ticket/5561
It is supposed to be fixed in 4.4 but looks like something else is
triggering it.
"future-replica" server is running fine as a client (login and kinit works
fine). ipa-replica-conncheck also passes all the tests.

I can provide logs if necessary, but they are very very similiar to the
ones in that bug report.

Any hints on what can cause that?

Thanks in advance,
Carlos Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170113/bdfc06c4/attachment.htm>

From matrix.zj at qq.com  Sat Jan 14 11:03:00 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Sat, 14 Jan 2017 19:03:00 +0800
Subject: [Freeipa-users] where is ipa cache?
Message-ID: <tencent_103ECBB51BEF16653A5F3088@qq.com>

Hi, all


I have removed everything in /var/lib/sss/db. but sudo works fine. 


I have also tried to capture sudo search packets with tcpdump. I found that there is no packets transferred between ipa client and server. I am wondering where is ipa cache? in memory?


Best Regards


Matrix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170114/e1573891/attachment.htm>

From ftweedal at redhat.com  Sat Jan 14 11:29:18 2017
From: ftweedal at redhat.com (Fraser Tweedale)
Date: Sat, 14 Jan 2017 21:29:18 +1000
Subject: [Freeipa-users] where is ipa cache?
In-Reply-To: <tencent_103ECBB51BEF16653A5F3088@qq.com>
References: <tencent_103ECBB51BEF16653A5F3088@qq.com>
Message-ID: <20170114112918.GL4539@dhcp-40-8.bne.redhat.com>

On Sat, Jan 14, 2017 at 07:03:00PM +0800, Matrix wrote:
> Hi, all
> 
> 
> I have removed everything in /var/lib/sss/db. but sudo works fine. 
> 
> 
> I have also tried to capture sudo search packets with tcpdump. I found that there is no packets transferred between ipa client and server. I am wondering where is ipa cache? in memory?
> 
I think it is in memory.  Run `sss-cache -E' to dump the cache.

> 
> Best Regards
> 
> 
> Matrix

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From matrix.zj at qq.com  Sat Jan 14 12:39:45 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Sat, 14 Jan 2017 20:39:45 +0800
Subject: [Freeipa-users] where is ipa cache?
In-Reply-To: <20170114112918.GL4539@dhcp-40-8.bne.redhat.com>
References: <tencent_103ECBB51BEF16653A5F3088@qq.com>
	<20170114112918.GL4539@dhcp-40-8.bne.redhat.com>
Message-ID: <tencent_4CB0FF535EFCC3E32EA8F767@qq.com>

it should be. 

you mean 'sss_cache -E' ? i have also tried to use to invalidate everything. sudo did not trigger any packets between client and server. 

Matrix




------------------ Original ------------------
From:  "Fraser Tweedale";<ftweedal at redhat.com>;
Date:  Sat, Jan 14, 2017 07:29 PM
To:  "Matrix"<matrix.zj at qq.com>; 
Cc:  "freeipa-users"<freeipa-users at redhat.com>; 
Subject:  Re: [Freeipa-users] where is ipa cache?



On Sat, Jan 14, 2017 at 07:03:00PM +0800, Matrix wrote:
> Hi, all
> 
> 
> I have removed everything in /var/lib/sss/db. but sudo works fine. 
> 
> 
> I have also tried to capture sudo search packets with tcpdump. I found that there is no packets transferred between ipa client and server. I am wondering where is ipa cache? in memory?
> 
I think it is in memory.  Run `sss-cache -E' to dump the cache.

> 
> Best Regards
> 
> 
> Matrix

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170114/02c0f8f2/attachment.htm>

From raul at dias.com.br  Sat Jan 14 20:01:01 2017
From: raul at dias.com.br (Raul Dias)
Date: Sat, 14 Jan 2017 18:01:01 -0200
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
Message-ID: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>

Hello,

I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.

A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
This server works fine with my old bind server, google's dns server 
(8.8.8.8), but not FreeIPA's.
Using wireshark, I can see the the response gets to this host, but is 
simply ignored.  Clocks are in sync.

Not sure if the problem is in the FreeIPA's side, probably not.

Any ideas?

-rsd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170114/663e3d4a/attachment.htm>

From fdinoto at gmail.com  Sun Jan 15 00:08:34 2017
From: fdinoto at gmail.com (Fil Di Noto)
Date: Sat, 14 Jan 2017 16:08:34 -0800
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
Message-ID: <CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com>

Sounds more like a client problem (firewall, hosts file, network
settings/routes)

Other clients are able to resolve against the IPA server? You are seeing
the response come back on a packet capture taken from the windows server?

If yes to both of those, maybe the windows server thinks the IPA server is
not who it says it is. Is the IPA server hostname/domain name the same as a
previous windows host? If so that is probably not good.

On Sat, Jan 14, 2017 at 12:01 PM, Raul Dias <raul at dias.com.br> wrote:

> Hello,
>
> I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.
>
> A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
> This server works fine with my old bind server, google's dns server
> (8.8.8.8), but not FreeIPA's.
> Using wireshark, I can see the the response gets to this host, but is
> simply ignored.  Clocks are in sync.
>
> Not sure if the problem is in the FreeIPA's side, probably not.
>
> Any ideas?
> -rsd
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170114/1864a835/attachment.htm>

From gnotrica at candeal.com  Sun Jan 15 04:50:35 2017
From: gnotrica at candeal.com (Gady Notrica)
Date: Sun, 15 Jan 2017 04:50:35 +0000
Subject: [Freeipa-users] httpd broken
Message-ID: <0984AB34E553F54B8705D776686863E70FC52CB2@cd-exchange01.CD-PRD.candeal.ca>

Hey guys,

After updating my IPA and http packages, httpd and samba are not starting. Something weird happening to the python code.

Any idea?

httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
??ipa.conf
Active: failed (Result: exit-code) since Sat 2017-01-14 23:44:50 EST; 33s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 3445 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy (code=exited, status=1/FAILURE)

Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643, in __wait_for_connection
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: wait_for_open_socket(lurl.hostport, timeout)
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286, in wait_for_open_socket
Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: raise e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/8abed992/attachment.htm>

From r3pek at r3pek.org  Sun Jan 15 16:58:21 2017
From: r3pek at r3pek.org (Carlos Silva)
Date: Sun, 15 Jan 2017 16:58:21 +0000
Subject: [Freeipa-users] Error while issuing ipa-replica-install
In-Reply-To: <CA+ZvHYF4Bymx8UKRWk8F9noFbhJ+N1o3zVsxs5sA5Szg3ynEdw@mail.gmail.com>
References: <CA+ZvHYF4Bymx8UKRWk8F9noFbhJ+N1o3zVsxs5sA5Szg3ynEdw@mail.gmail.com>
Message-ID: <CA+ZvHYGEeZmNCspOLF=-aS2nREUqUPzZjG7Youzq56YRBqpFZw@mail.gmail.com>

In case someone stumbles in the message because it has the same problem,
all the debugging and solution found is in this ticket:
https://fedorahosted.org/freeipa/ticket/6613
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/4f11f341/attachment.htm>

From b.candler at pobox.com  Sun Jan 15 18:25:39 2017
From: b.candler at pobox.com (Brian Candler)
Date: Sun, 15 Jan 2017 18:25:39 +0000
Subject: [Freeipa-users] Not able to replicate user keys across master
 and client
In-Reply-To: <b6ee03f3411945eda2ff416da6302eca@BY2PR42MB168.048d.mgd.msft.net>
References: <55e300c9f6004e6a8ec4c46887860c61@BLUPR42MB0194.048d.mgd.msft.net>
	<b6ee03f3411945eda2ff416da6302eca@BY2PR42MB168.048d.mgd.msft.net>
Message-ID: <ef806203-0378-9c47-0477-c015987adf65@pobox.com>

On 12/01/2017 10:59, hirofumi.morikawa at accenture.com wrote:
>
> Let me further clarify the question that is asked by Niraj below.
>
> Currently, we have 1 master FreeIPA server and 1 client server. 
> Evaluating your product for production deployment
>
> Master and client connectivity is established and when creating the 
> user in the web console, it is indeed creating the user in the client 
> machine
>
> However, When we add public key through the web console below, this 
> key is not created(or transfered) to the client machine
>

That's correct: it doesn't copy them anywhere, nor is it supposed to.

Instead, the keys sit in the FreeIPA LDAP database. When you install the 
ipa-client package on a host, it configures sshd so it communicates via 
sssd to query the authorized keys in LDAP.  You will find:

# /etc/ssh/sshd_config
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys

# /etc/sssd/sssd.conf
[sssd]
services = nss, pam, ssh, sudo

That means you have central control of your authorized_keys with 
FreeIPA, without copying them onto every hosts' filesystem.

You also have central control of your user accounts, group memberships, 
uid and gid mappings, sudo policy, host access policy (i.e. which users 
are allowed to login to which hosts), ...  All this is done via sssd and 
LDAP as well.

HTH,

Brian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/b64ba05d/attachment.htm>

From raul at dias.com.br  Sun Jan 15 18:46:58 2017
From: raul at dias.com.br (Raul Dias)
Date: Sun, 15 Jan 2017 16:46:58 -0200
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com>
Message-ID: <04ab0e7e-282a-0cc3-4e0d-d010dc4d13f9@dias.com.br>


On 14/01/2017 22:08, Fil Di Noto wrote:
> Sounds more like a client problem (firewall, hosts file, network 
> settings/routes)
Unfortunally not that I have found.
>
> Other clients are able to resolve against the IPA server?
yes.
> You are seeing the response come back on a packet capture taken from 
> the windows server?
yes.
>
> If yes to both of those, maybe the windows server thinks the IPA 
> server is not who it says it is.
How does windows verifies this?  Note that there is no active directory 
in place or domain/remote authentication from the windows point of 
view.  Windows is using it only as an plain DNS server.

Note that there is another windows server (2008) that works fine. This 
one is 2008 r2 (if it matters).

> Is the IPA server hostname/domain name the same as a previous windows 
> host? If so that is probably not good.
>
> On Sat, Jan 14, 2017 at 12:01 PM, Raul Dias <raul at dias.com.br 
> <mailto:raul at dias.com.br>> wrote:
>
>     Hello,
>
>     I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.
>
>     A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS
>     query.
>     This server works fine with my old bind server, google's dns
>     server (8.8.8.8), but not FreeIPA's.
>     Using wireshark, I can see the the response gets to this host, but
>     is simply ignored.  Clocks are in sync.
>
>     Not sure if the problem is in the FreeIPA's side, probably not.
>
>     Any ideas?
>
>     -rsd
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>

-- 
Att. Raul Dias

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/d7cf3f79/attachment.htm>

From b.candler at pobox.com  Sun Jan 15 21:15:02 2017
From: b.candler at pobox.com (Brian Candler)
Date: Sun, 15 Jan 2017 21:15:02 +0000
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
Message-ID: <312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>

On 14/01/2017 20:01, Raul Dias wrote:
>
> I am migrating a network to FreeIPA. LDAP, NFS, no Active Directory.
>
> A Windows Server 2008 R2, cannot use FreeIPAs bind to resolve DNS query.
> This server works fine with my old bind server, google's dns server 
> (8.8.8.8), but not FreeIPA's.
> Using wireshark, I can see the the response gets to this host, but is 
> simply ignored.  Clocks are in sync.
>
> Not sure if the problem is in the FreeIPA's side, probably not.
>
> Any ideas?
>
On FreeIPA host:  tcpdump -i eth0 -nnv -s0 port 53 and host x.x.x.x

where x.x.x.x is IP address of the 2008R2 server, and assuming eth0 is 
the NIC.

See if any DNS queries arrive at the FreeIPA server. If no: then the 
problem is with the 2008R2 server, or the network in between. If yes: 
then see if FreeIPA is answering the queries or not.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/5f568818/attachment.htm>

From daniel at schimpfoessl.com  Mon Jan 16 00:47:13 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Sun, 15 Jan 2017 18:47:13 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
	<9988ea17-db76-aa1f-3009-387819189354@redhat.com>
	<CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>
Message-ID: <CAEz2YVncx-HPgDkFDELTCgdHGNyuXnCUvy0LGy_BL+wdC+dSBQ@mail.gmail.com>

Anything else I should look for?

2017-01-11 22:33 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com>:

> Flo,
>
> these are all the errors found:
> grep 'RESULT err=' access | perl -pe 's/.*(RESULT\s+err=\d+).*/$1/g' |
> sort -n | uniq -c | sort -n
>       2 RESULT err=6
>      95 RESULT err=32
>     200 RESULT err=14
>    2105 RESULT err=0
>
>
> 2017-01-05 8:10 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:
>
>> On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>> From the logs:
>>> /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>> ... a few warnings about cache size, NSACLPLugin and schema-compat-plugin
>>> [04/Jan/2017:12:14:21.392642021 -0600] slapd started.  Listening on All
>>> Interfaces port 389 for LDAP requests
>>>
>>> /var/log/dirsrv/slapd-DOMAIN-COM/access
>>> ... lots of entries, not sure what to look for some lines contain RESULT
>>> with err!=0
>>> [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT err=32
>>> tag=101 nentries=0 etime=0
>>> [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT err=14 tag=97
>>> nentries=0 etime=0, SASL bind in progress
>>>
>>> Hi Daniel,
>>
>> are there any RESULT err=48 that could correspond to the error seen on
>> pki logs?
>>
>> Flo
>>
>> /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>> [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down - signaling
>>> operation threads - op stack size 5 max work q size 2 max work q stack
>>> size 2
>>> [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down - closing
>>> down internal subsystems and plugins
>>>
>>>
>>> 2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
>>> <mailto:daniel at schimpfoessl.com>>:
>>>
>>>     Do you have a list of all log files involved in IPA?
>>>     Would be good to consolidate them into ELK for analysis.
>>>
>>>     2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>>>     <mailto:flo at redhat.com>>:
>>>
>>>
>>>         On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>>
>>>             Thanks for your reply.
>>>
>>>             This was the initial error I asked for help a while ago and
>>>             did not get
>>>             resolved. Further digging showed the recent errors.
>>>             The service was running (using ipactl start --force) and
>>>             only after a
>>>             restart I am getting a stack trace for two primary messages:
>>>
>>>             Could not connect to LDAP server host wwgwho01.webwim.com
>>>             <http://wwgwho01.webwim.com>
>>>             <http://wwgwho01.webwim.com> port 636 Error
>>>             netscape.ldap.LDAPException:
>>>             Authentication failed (48)
>>>             ...
>>>
>>>             Internal Database Error encountered: Could not connect to
>>>             LDAP server
>>>             host wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>>>             <http://wwgwho01.webwim.com> port 636 Error
>>>             netscape.ldap.LDAPException: Authentication failed (48)
>>>             ...
>>>
>>>             and finally:
>>>             [02/Jan/2017:12:20:34][localhost-startStop-1]:
>>>             CMSEngine.shutdown()
>>>
>>>
>>>             2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>>>             <flo at redhat.com <mailto:flo at redhat.com>
>>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>>>
>>>                 systemctl start pki-tomcatd at pki-tomcat.service
>>>
>>>
>>>
>>>         Hi Daniel,
>>>
>>>         the next step would be to understand the root cause of this
>>>         "Authentication failed (48)" error. Note the exact time of this
>>>         log and look for a corresponding log in the LDAP server logs
>>>         (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably a failing
>>>         BIND with err=48. This may help diagnose the issue (if we can
>>>         see which certificate is used for the bind or if there is a
>>>         specific error message).
>>>
>>>         For the record, a successful bind over SSL would produce this
>>>         type of log where we can see the certificate subject and the
>>>         user mapped to this certificate:
>>>         [...] conn=47 fd=84 slot=84 SSL connection from 10.34.58.150 to
>>>         10.34.58.150
>>>         [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>>>         Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>; issuer
>>>         CN=Certificate Authority,O=DOMAIN.COM <http://DOMAIN.COM>
>>>         [...] conn=47 TLS1.2 client bound as
>>> uid=pkidbuser,ou=people,o=ipaca
>>>         [...] conn=47 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
>>>         [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0 etime=0
>>>         dn="uid=pkidbuser,ou=people,o=ipaca"
>>>
>>>         Flo
>>>
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/90b185a1/attachment.htm>

From raul at dias.com.br  Mon Jan 16 00:52:34 2017
From: raul at dias.com.br (Raul Dias)
Date: Sun, 15 Jan 2017 22:52:34 -0200
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
Message-ID: <cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>


On 15/01/2017 19:15, Brian Candler wrote:
> On FreeIPA host:  tcpdump -i eth0 -nnv -s0 port 53 and host x.x.x.x
>
> where x.x.x.x is IP address of the 2008R2 server, and assuming eth0 is 
> the NIC.
>
> See if any DNS queries arrive at the FreeIPA server. If no: then the 
> problem is with the 2008R2 server, or the network in between. If yes: 
> then see if FreeIPA is answering the queries or not.
>

The  packets are getting back  That has being stablished already.

I am looking for possible reasons it would disregard the answer, but 
accept when using a non-freeipa bind9 one.

-rsd



From jeffclay at gmail.com  Mon Jan 16 02:15:25 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Sun, 15 Jan 2017 20:15:25 -0600
Subject: [Freeipa-users] 32 bit netmask detection and error during install
Message-ID: <F337EC6B-CA80-4C8B-9B1B-3A0C8410E815@gmail.com>

I?m trying to install FreeIPA on CentOS 7. The server I?m using is a Google Cloud Compute Engine instance. For some reason, they assign all instances a /32 bit netmask on the internal interface even though you have your own private /20 subnet. 
When installing freeipa on these vm's, you get the error "Error: Invalid IP Address 10.128.0.5: cannot use IP network address 10.128.0.5?

Here are the settings for the interface.
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
        inet 10.128.0.5  netmask 255.255.255.255  broadcast 10.128.0.5
        ether 42:01:0a:80:00:05  txqueuelen 1000  (Ethernet)
        RX packets 17904  bytes 116212393 (110.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19001  bytes 3287390 (3.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

How can I bypass that error and should /32 mask detection really be there?

Thanks,



From jeffclay at gmail.com  Mon Jan 16 02:28:03 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Sun, 15 Jan 2017 20:28:03 -0600
Subject: [Freeipa-users] report abuse
References: <d8b4b5c4a824739d096c34baa40b8a23@localhost>
Message-ID: <EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>

Not sure how this stuff is usually reported, but the person below needs removed from the group.

> Begin forwarded message:
> 
> From: Mary Noel <gaiagentiliqw at yahoo.com>
> Subject: Re: [Freeipa-users] 32 bit netmask detection and error during install
> Date: January 15, 2017 at 8:18:57 PM CST
> To: jeffclay at gmail.com
> Reply-To: Mary Noel <marynoel8841 at icaoq.com>
> 
> okk, let's start chating with something that will make me wet for you...
> 
> 
> On Mon, Jan 16, 2017 at 8:18 AM, Jeff Clay <jeffclay at gmail.com <mailto:jeffclay at gmail.com>> wrote:
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170115/76270961/attachment.htm>

From abokovoy at redhat.com  Mon Jan 16 05:53:18 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Mon, 16 Jan 2017 07:53:18 +0200
Subject: [Freeipa-users] report abuse
In-Reply-To: <EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>
References: <d8b4b5c4a824739d096c34baa40b8a23@localhost>
	<EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>
Message-ID: <20170116055318.dbvfxsem2l5befcl@redhat.com>

On su, 15 tammi 2017, Jeff Clay wrote:
>Not sure how this stuff is usually reported, but the person below needs removed from the group.
This is a spam bot and it is *not* on the list of subscribers. We ran
few experiments to find out that, you can check mailing list archives.

The spam bot actually mines the mailing list archives and sends emails
based on that one.

We could close down mail archives from the non-subscribers. As a negative
result, search engines will not be able to index it and this will reduce
your ability to search FreeIPA-related solutions via search engines.


>
>> Begin forwarded message:
>>
>> From: Mary Noel <gaiagentiliqw at yahoo.com>
>> Subject: Re: [Freeipa-users] 32 bit netmask detection and error during install
>> Date: January 15, 2017 at 8:18:57 PM CST
>> To: jeffclay at gmail.com
>> Reply-To: Mary Noel <marynoel8841 at icaoq.com>
>>
>> okk, let's start chating with something that will make me wet for you...
>>
>>
>> On Mon, Jan 16, 2017 at 8:18 AM, Jeff Clay <jeffclay at gmail.com <mailto:jeffclay at gmail.com>> wrote:
>>
>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy



From b.candler at pobox.com  Mon Jan 16 08:31:32 2017
From: b.candler at pobox.com (Brian Candler)
Date: Mon, 16 Jan 2017 08:31:32 +0000
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
	<cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>
Message-ID: <82079fc7-e51d-cc48-abe2-23ce259fe830@pobox.com>

On 16/01/2017 00:52, Raul Dias wrote:
> The  packets are getting back  That has being stablished already.
>
With Wireshark at the 2008R2 end?

> I am looking for possible reasons it would disregard the answer, but 
> accept when using a non-freeipa bind9 one.

Look at wireshark detail on both sets of responses; check for any 
differences including the flags. You're sure one of the servers isn't 
answering with a REFUSED answer for example? (That is, one of the bind 
servers might not allow queries from the source address of the 2008R2 
server)

Also compare the bind configs. For example, is DNSSEC enabled in one but 
not the other?



From dkupka at redhat.com  Mon Jan 16 08:43:44 2017
From: dkupka at redhat.com (David Kupka)
Date: Mon, 16 Jan 2017 09:43:44 +0100
Subject: [Freeipa-users] 32 bit netmask detection and error during
	install
In-Reply-To: <F337EC6B-CA80-4C8B-9B1B-3A0C8410E815@gmail.com>
References: <F337EC6B-CA80-4C8B-9B1B-3A0C8410E815@gmail.com>
Message-ID: <d442cd22-bbd9-f7bc-ab36-45557e2a11a7@redhat.com>

On 16/01/17 03:15, Jeff Clay wrote:
> I?m trying to install FreeIPA on CentOS 7. The server I?m using is a Google Cloud Compute Engine instance. For some reason, they assign all instances a /32 bit netmask on the internal interface even though you have your own private /20 subnet.
> When installing freeipa on these vm's, you get the error "Error: Invalid IP Address 10.128.0.5: cannot use IP network address 10.128.0.5?
>
> Here are the settings for the interface.
> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
>         inet 10.128.0.5  netmask 255.255.255.255  broadcast 10.128.0.5
>         ether 42:01:0a:80:00:05  txqueuelen 1000  (Ethernet)
>         RX packets 17904  bytes 116212393 (110.8 MiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 19001  bytes 3287390 (3.1 MiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> How can I bypass that error and should /32 mask detection really be there?
>
> Thanks,
>
Hello Jeff,
this issue was already fixed upstream [1]. The fix is part of 4.4.2 
release. I'm afraid it's not available in CentOS yet. The easiest way 
would be to wait for the release to get to the CentOS or use Fedora instead.

[1] https://fedorahosted.org/freeipa/ticket/5814
-- 
David Kupka



From mbasti at redhat.com  Mon Jan 16 08:53:54 2017
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 16 Jan 2017 09:53:54 +0100
Subject: [Freeipa-users] httpd broken
In-Reply-To: <0984AB34E553F54B8705D776686863E70FC52CB2@cd-exchange01.CD-PRD.candeal.ca>
References: <0984AB34E553F54B8705D776686863E70FC52CB2@cd-exchange01.CD-PRD.candeal.ca>
Message-ID: <6c0a6376-4460-336e-5eec-284703e6213f@redhat.com>



On 15.01.2017 05:50, Gady Notrica wrote:
>
> Hey guys,
>
> After updating my IPA and http packages, httpd and samba are not 
> starting. Something weird happening to the python code.
>
> Any idea?
>
> httpd.service - The Apache HTTP Server
>
> Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; 
> vendor preset: disabled)
>
> Drop-In: /etc/systemd/system/httpd.service.d
>
> ??ipa.conf
>
> Active: failed (Result: exit-code) since Sat 2017-01-14 23:44:50 EST; 
> 33s ago
>
> Docs: man:httpd(8)
>
> man:apachectl(8)
>
> Process: 3445 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy 
> (code=exited, status=1/FAILURE)
>
> Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File 
> "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1643, in 
> __wait_for_connection
>
> Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: 
> wait_for_open_socket(lurl.hostport, timeout)
>
> Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: File 
> "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1286, in 
> wait_for_open_socket
>
> Jan 14 23:44:50 master.mydomaine.local ipa-httpd-kdcproxy[3445]: raise e
>
>
>
Hello, could you look into /var/log/httpd/error_log  and provide full 
stacktrace and related debug messages if any?

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/2932d8f0/attachment.htm>

From mbasti at redhat.com  Mon Jan 16 08:55:37 2017
From: mbasti at redhat.com (Martin Basti)
Date: Mon, 16 Jan 2017 09:55:37 +0100
Subject: [Freeipa-users] where is ipa cache?
In-Reply-To: <tencent_4CB0FF535EFCC3E32EA8F767@qq.com>
References: <tencent_103ECBB51BEF16653A5F3088@qq.com>
	<20170114112918.GL4539@dhcp-40-8.bne.redhat.com>
	<tencent_4CB0FF535EFCC3E32EA8F767@qq.com>
Message-ID: <62bc4195-0358-cf82-dded-dc3e00be8594@redhat.com>

https://fedorahosted.org/sssd/wiki/Troubleshooting

Please try to troubleshoot using the page ^ above, it is weird that no 
communication between SSSD and server happened.

Martin


On 14.01.2017 13:39, Matrix wrote:
> it should be.
>
> you mean 'sss_cache -E' ? i have also tried to use to invalidate 
> everything. sudo did not trigger any packets between client and server.
>
> Matrix
>
>
> ------------------ Original ------------------
> *From: * "Fraser Tweedale";<ftweedal at redhat.com>;
> *Date: * Sat, Jan 14, 2017 07:29 PM
> *To: * "Matrix"<matrix.zj at qq.com>;
> *Cc: * "freeipa-users"<freeipa-users at redhat.com>;
> *Subject: * Re: [Freeipa-users] where is ipa cache?
>
> On Sat, Jan 14, 2017 at 07:03:00PM +0800, Matrix wrote:
> > Hi, all
> >
> >
> > I have removed everything in /var/lib/sss/db. but sudo works fine.
> >
> >
> > I have also tried to capture sudo search packets with tcpdump. I 
> found that there is no packets transferred between ipa client and 
> server. I am wondering where is ipa cache? in memory?
> >
> I think it is in memory.  Run `sss-cache -E' to dump the cache.
>
> >
> > Best Regards
> >
> >
> > Matrix
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/5cfa22aa/attachment.htm>

From flo at redhat.com  Mon Jan 16 09:10:42 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Mon, 16 Jan 2017 10:10:42 +0100
Subject: [Freeipa-users] Switch certificates from external CA to internal
In-Reply-To: <CA+No-6FoQLdTu=av5aJyeOug7_wLK4MMkx0yQdhsouuFnR_g8g@mail.gmail.com>
References: <CA+No-6G_XmrnkS2bAFwMw5iSy87WfOMD4-tHa=kkoptts2-uZg@mail.gmail.com>
	<28417421-2dd9-b98c-d40d-07aa5745030c@redhat.com>
	<CA+No-6FoQLdTu=av5aJyeOug7_wLK4MMkx0yQdhsouuFnR_g8g@mail.gmail.com>
Message-ID: <cee94194-7f68-2b37-940f-8657b8241987@redhat.com>

On 01/12/2017 05:40 PM, Jeff Goddard wrote:
> Thanks Flo,
>
> My system is still in a bad state as I got this as a result of the command:
>
> [root at id-management-1 ~]# ipa-cacert-manage renew --self-signed
> Renewing CA certificate, please wait
> Resubmitting certmonger request '20170101055025' timed out, please check
> the request manually
> The ipa-cacert-manage command failed.
>
> The relevant output from getcert list was:
> Request ID '20170101055025':
>         status: NEED_CSR_GEN_TOKEN
>         stuck: yes
>         key pair storage:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin set
>         certificate:
> type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
> cert-pki-ca',token='NSS Certificate DB'
>         CA: dogtag-ipa-ca-renew-agent
>         issuer: CN=Certificate Authority,O=INTERNAL.EMERLYN.COM
> <http://INTERNAL.EMERLYN.COM>
>         subject: CN=localhost
>         expires: 2037-01-01 06:28:46 UTC
>         key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
>         pre-save command:
>         post-save command:
>         track: yes
>         auto-renew: yes
>
> I took the step of stopping tracking on that cert which was a mistake
> and now I'm having a hard time with the syntax of adding it back.
>
Hi Jeff,

You would need the following to start-tracking the cert:
1. get the internal PIN
# grep 'internal=' /etc/pki/pki-tomcat/password.conf

2. monitor the cert
# getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'caSigningCert 
cert-pki-ca' -P <pin> -c dogtag-ipa-ca-renew-agent -B 
/usr/libexec/ipa/certmonger/stop_pkicad -C 
'/usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert cert-pki-ca"'

HTH,
Flo.
> Jeff
>
>
>
>
>
>
>
> On Thu, Jan 12, 2017 at 10:46 AM, Florence Blanc-Renaud <flo at redhat.com
> <mailto:flo at redhat.com>> wrote:
>
>     On 01/12/2017 02:57 PM, Jeff Goddard wrote:
>
>         I've had issues with expired certificates. In the course of
>         troubleshooting I've somehow set the cas to external. Is there a
>         way I
>         can switch back?
>
>         [root at id-management-1 conf]# getcert list-cas
>         CA 'SelfSign':
>                 is-default: no
>                 ca-type: INTERNAL:SELF
>                 next-serial-number: 01
>         CA 'IPA':
>                 is-default: no
>                 ca-type: EXTERNAL
>                 helper-location: /usr/libexec/certmonger/ipa-server-guard
>         /usr/libexec/certmonger/ipa-submit
>         CA 'certmaster':
>                 is-default: no
>                 ca-type: EXTERNAL
>                 helper-location: /usr/libexec/certmonger/certmaster-submit
>         CA 'dogtag-ipa-renew-agent':
>                 is-default: no
>                 ca-type: EXTERNAL
>                 helper-location: /usr/libexec/certmonger/ipa-server-guard
>         /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
>         CA 'local':
>                 is-default: no
>                 ca-type: EXTERNAL
>                 helper-location: /usr/libexec/certmonger/local-submit
>         CA 'dogtag-ipa-ca-renew-agent':
>                 is-default: no
>                 ca-type: EXTERNAL
>                 helper-location:
>         /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -vv
>
>         Thanks,
>
>         Jeff
>
>
>
>     Hi Jeff,
>
>     the following documentation explains how to change the certificate
>     chain from externally-signed to self-signed:
>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/change-cert-chaining.html
>     <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/change-cert-chaining.html>
>
>     HTH,
>     Flo.
>
>
>
>
>



From d.mueller2 at rto.de  Mon Jan 16 09:15:58 2017
From: d.mueller2 at rto.de (=?utf-8?B?RGVuaXMgTcO8bGxlcg==?=)
Date: Mon, 16 Jan 2017 09:15:58 +0000
Subject: [Freeipa-users] Managing AD Users in IPA
Message-ID: <1484558157.23763.32.camel@rto.de>

Hi FreeIpa Community,

i'm actually new to the software and have some basic questions. We have linux users in in active directory.

To be more flexible, we would like to install freeipa, import all users from ad and manage all the stuff like ssh, sudo etc. from ipa.

1. Do i need establish a trust first like mentioned here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/creating-trusts.html#trust-one-two-way

2. Or can we just create a sync to import all "linux-users" from ad into ipa and manage them just like ipa-users:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/managing-sync-agmt.html

3. ipa-replica-manage connect --winsync --binddn  cn=administrator,cn=users,dc=example,dc=com  --bindpw "***" --passsync "***" --cacert /root/dc1.crt dc1.example.com -v

getting an error:

Traceback (most recent call last):
  File "/usr/sbin/ipa-replica-manage", line 1607, in <module>
    main(options, args)
  File "/usr/sbin/ipa-replica-manage", line 1566, in main
    add_link(realm, replica1, replica2, dirman_passwd, options)
  File "/usr/sbin/ipa-replica-manage", line 1118, in add_link
    if not ds.add_ca_cert(options.cacert):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 1018, in add_ca_cert
    certdb.load_cacert(cacert_fname, 'C,,')
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 261, in load_cacert
    (rdn, subject_dn) = get_cert_nickname(cert)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 67, in get_cert_nickname
    return (str(dn[0]), dn)
  File "/usr/lib/python2.7/site-packages/ipapython/dn.py", line 1170, in __getitem__
    return self._get_rdn(self.rdns[key])
IndexError: list index out of range
Unexpected error: list index out of range

[root at ipa01<mailto:root at ipa01> ~]# uname -r
3.10.0-327.el7.x86_64
[root at ipa01<mailto:root at ipa01> ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

We would appreciate any help,

greets,
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/8509fd69/attachment.htm>

From tkrizek at redhat.com  Mon Jan 16 09:16:36 2017
From: tkrizek at redhat.com (Tomas Krizek)
Date: Mon, 16 Jan 2017 10:16:36 +0100
Subject: [Freeipa-users] Error while issuing ipa-replica-install
In-Reply-To: <CA+ZvHYGEeZmNCspOLF=-aS2nREUqUPzZjG7Youzq56YRBqpFZw@mail.gmail.com>
References: <CA+ZvHYF4Bymx8UKRWk8F9noFbhJ+N1o3zVsxs5sA5Szg3ynEdw@mail.gmail.com>
	<CA+ZvHYGEeZmNCspOLF=-aS2nREUqUPzZjG7Youzq56YRBqpFZw@mail.gmail.com>
Message-ID: <bb99fbbc-8fcb-182c-47e0-65c8bb0ac4b1@redhat.com>

On 01/15/2017 05:58 PM, Carlos Silva wrote:
> In case someone stumbles in the message because it has the same
> problem, all the debugging and solution found is in this
> ticket: https://fedorahosted.org/freeipa/ticket/6613
>
>
You're hitting a known issue. We're currently working on a fix.

You can fix the problem yourself by modifying
/var/lib/pki/pki-tomcat/conf/server.xml on the master server. In the
AJP/1.3 Connector settings, change address from '::1' to 'localhost'.
After you restart the pki-tomcat service, you should be able to install
replicas.

-- 
Tomas Krizek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/cd792921/attachment.htm>

From flo at redhat.com  Mon Jan 16 09:57:11 2017
From: flo at redhat.com (Florence Blanc-Renaud)
Date: Mon, 16 Jan 2017 10:57:11 +0100
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <CAEz2YVncx-HPgDkFDELTCgdHGNyuXnCUvy0LGy_BL+wdC+dSBQ@mail.gmail.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
	<9988ea17-db76-aa1f-3009-387819189354@redhat.com>
	<CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>
	<CAEz2YVncx-HPgDkFDELTCgdHGNyuXnCUvy0LGy_BL+wdC+dSBQ@mail.gmail.com>
Message-ID: <e7500d16-224c-f1cc-7cbd-d76047b41dd2@redhat.com>

On 01/16/2017 01:47 AM, Daniel Schimpfoessl wrote:
> Anything else I should look for?
>
Hi Daniel,

did you see this mail thread [1]? They had the same issue and found a 
temporary workaround to enable dogtag to connect to LDAP. If the 
workaround works, it definitely means that the issue comes from the 
secured communications between Dogtag and LDAP, and the following could 
be checked:

- LDAPs port 636 is enabled and answering
- The server certificate used by the LDAP server is valid (nickname 
'Server-Cert' in /etc/dirsrv/slapd-DOMAIN)
- The Server certificate used by the LDAP server has been delivered by a 
CA trusted by Dogtag (CA cert must be in /etc/pki/pki-tomcat/alias)
- The certificate used by Dogtag to authenticate to LDAP (nickname 
subsystemCert cert-pki-ca in /etc/pki/pki-tomcat/alias) is valid and 
stored in a corresponding user entry in LDAP 
(uid=pkidbuser,ou=people,o=ipaca).
- The certificates must match the ones in /etc/pki/pki-tomcat/ca/CS.cfg 
(line ca.signing.cert=... must match the CA cert and 
ca.subsystem.cert=... must match subsystemCert cert-pki-ca).

If the system is configured with SE linux mode = enforcing, it may 
explain the renewal issues (see BZ 1365188 [2] and 1366915 [3]).
Flo.

[1] https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1365188
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1366915

> 2017-01-11 22:33 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
> <mailto:daniel at schimpfoessl.com>>:
>
>     Flo,
>
>     these are all the errors found:
>     grep 'RESULT err=' access | perl -pe 's/.*(RESULT\s+err=\d+).*/$1/g'
>     | sort -n | uniq -c | sort -n
>           2 RESULT err=6
>          95 RESULT err=32
>         200 RESULT err=14
>        2105 RESULT err=0
>
>
>     2017-01-05 8:10 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>     <mailto:flo at redhat.com>>:
>
>         On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
>
>             From the logs:
>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>             ... a few warnings about cache size, NSACLPLugin and
>             schema-compat-plugin
>             [04/Jan/2017:12:14:21.392642021 -0600] slapd started.
>             Listening on All
>             Interfaces port 389 for LDAP requests
>
>             /var/log/dirsrv/slapd-DOMAIN-COM/access
>             ... lots of entries, not sure what to look for some lines
>             contain RESULT
>             with err!=0
>             [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT
>             err=32
>             tag=101 nentries=0 etime=0
>             [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT
>             err=14 tag=97
>             nentries=0 etime=0, SASL bind in progress
>
>         Hi Daniel,
>
>         are there any RESULT err=48 that could correspond to the error
>         seen on pki logs?
>
>         Flo
>
>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>             [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down -
>             signaling
>             operation threads - op stack size 5 max work q size 2 max
>             work q stack
>             size 2
>             [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down -
>             closing
>             down internal subsystems and plugins
>
>
>             2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl
>             <daniel at schimpfoessl.com <mailto:daniel at schimpfoessl.com>
>             <mailto:daniel at schimpfoessl.com
>             <mailto:daniel at schimpfoessl.com>>>:
>
>                 Do you have a list of all log files involved in IPA?
>                 Would be good to consolidate them into ELK for analysis.
>
>                 2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud
>             <flo at redhat.com <mailto:flo at redhat.com>
>                 <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>
>
>                     On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>
>                         Thanks for your reply.
>
>                         This was the initial error I asked for help a
>             while ago and
>                         did not get
>                         resolved. Further digging showed the recent errors.
>                         The service was running (using ipactl start
>             --force) and
>                         only after a
>                         restart I am getting a stack trace for two
>             primary messages:
>
>                         Could not connect to LDAP server host
>             wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>                         <http://wwgwho01.webwim.com>
>                         <http://wwgwho01.webwim.com> port 636 Error
>                         netscape.ldap.LDAPException:
>                         Authentication failed (48)
>                         ...
>
>                         Internal Database Error encountered: Could not
>             connect to
>                         LDAP server
>                         host wwgwho01.webwim.com
>             <http://wwgwho01.webwim.com> <http://wwgwho01.webwim.com>
>                         <http://wwgwho01.webwim.com> port 636 Error
>                         netscape.ldap.LDAPException: Authentication
>             failed (48)
>                         ...
>
>                         and finally:
>                         [02/Jan/2017:12:20:34][localhost-startStop-1]:
>                         CMSEngine.shutdown()
>
>
>                         2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>                         <flo at redhat.com <mailto:flo at redhat.com>
>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>
>                         <mailto:flo at redhat.com <mailto:flo at redhat.com>
>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>>:
>
>                             systemctl start pki-tomcatd at pki-tomcat.service
>
>
>
>                     Hi Daniel,
>
>                     the next step would be to understand the root cause
>             of this
>                     "Authentication failed (48)" error. Note the exact
>             time of this
>                     log and look for a corresponding log in the LDAP
>             server logs
>                     (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably
>             a failing
>                     BIND with err=48. This may help diagnose the issue
>             (if we can
>                     see which certificate is used for the bind or if
>             there is a
>                     specific error message).
>
>                     For the record, a successful bind over SSL would
>             produce this
>                     type of log where we can see the certificate subject
>             and the
>                     user mapped to this certificate:
>                     [...] conn=47 fd=84 slot=84 SSL connection from
>             10.34.58.150 to
>                     10.34.58.150
>                     [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>                     Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>
>             <http://DOMAIN.COM>; issuer
>                     CN=Certificate Authority,O=DOMAIN.COM
>             <http://DOMAIN.COM> <http://DOMAIN.COM>
>                     [...] conn=47 TLS1.2 client bound as
>             uid=pkidbuser,ou=people,o=ipaca
>                     [...] conn=47 op=0 BIND dn="" method=sasl version=3
>             mech=EXTERNAL
>                     [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0
>             etime=0
>                     dn="uid=pkidbuser,ou=people,o=ipaca"
>
>                     Flo
>
>
>
>
>
>



From raul at dias.com.br  Mon Jan 16 16:37:41 2017
From: raul at dias.com.br (Raul Dias)
Date: Mon, 16 Jan 2017 14:37:41 -0200
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <82079fc7-e51d-cc48-abe2-23ce259fe830@pobox.com>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
	<cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>
	<82079fc7-e51d-cc48-abe2-23ce259fe830@pobox.com>
Message-ID: <37512ea2-4581-d29f-8741-9b76de2f119e@dias.com.br>

Did some testing.

 From the windows server, did a port scanner on the IPA server (tcp + 
udp), no blocking between. (tested open).

The IPA has DNSSEC on, but that is for the zones only, right?  There is 
no indication of DNSSEC in the datagrams.

The wireshark in the windows server:

A - The query packet:
-----------------------
Ethernet II, Src: CadmusCo_58:90:cb (08:00:27:58:90:cb), Dst: 
fe:81:54:e3:7b:03 (fe:81:54:e3:7b:03)
Internet Protocol Version 4, Src: 10.10.24.12, Dst: 10.10.24.9
User Datagram Protocol, Src Port: 54680, Dst Port: 53
Domain Name System (query)
     Transaction ID: 0x0006
     Flags: 0x0100 Standard query
         0... .... .... .... = Response: Message is a query
         .000 0... .... .... = Opcode: Standard query (0)
         .... ..0. .... .... = Truncated: Message is not truncated
         .... ...1 .... .... = Recursion desired: Do query recursively
         .... .... .0.. .... = Z: reserved (0)
         .... .... ...0 .... = Non-authenticated data: Unacceptable
     Questions: 1
     Answer RRs: 0
     Authority RRs: 0
     Additional RRs: 0
     Queries
         google.com: type A, class IN
             Name: google.com
             [Name Length: 10]
             [Label Count: 2]
             Type: A (Host Address) (1)
             Class: IN (0x0001)

B - The response:
-----------------

Frame 10: 222 bytes on wire (1776 bits), 222 bytes captured (1776 bits)
Ethernet II, Src: fe:81:54:e3:7b:03 (fe:81:54:e3:7b:03), Dst: 
CadmusCo_58:90:cb (08:00:27:58:90:cb)
Internet Protocol Version 4, Src: 10.10.24.9, Dst: 10.10.24.12
User Datagram Protocol, Src Port: 53, Dst Port: 54680
Domain Name System (response)
     [Time: 0.057623000 seconds]
     Transaction ID: 0x0006
     Flags: 0x8180 Standard query response, No error
         1... .... .... .... = Response: Message is a response
         .000 0... .... .... = Opcode: Standard query (0)
         .... .0.. .... .... = Authoritative: Server is not an authority 
for domain
         .... ..0. .... .... = Truncated: Message is not truncated
         .... ...1 .... .... = Recursion desired: Do query recursively
         .... .... 1... .... = Recursion available: Server can do 
recursive queries
         .... .... .0.. .... = Z: reserved (0)
         .... .... ..0. .... = Answer authenticated: Answer/authority 
portion was not authenticated by the server
         .... .... ...0 .... = Non-authenticated data: Unacceptable
         .... .... .... 0000 = Reply code: No error (0)
     Questions: 1
     Answer RRs: 1
     Authority RRs: 4
     Additional RRs: 4
     Queries
         google.com: type A, class IN
             Name: google.com
             [Name Length: 10]
             [Label Count: 2]
             Type: A (Host Address) (1)
             Class: IN (0x0001)
     Answers
         google.com: type A, class IN, addr 216.58.222.14
             Name: google.com
             Type: A (Host Address) (1)
             Class: IN (0x0001)
             Time to live: 300
             Data length: 4
             Address: 216.58.222.14
     Authoritative nameservers
         google.com: type NS, class IN, ns ns4.google.com
             Name: google.com
             Type: NS (authoritative Name Server) (2)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 6
             Name Server: ns4.google.com
         google.com: type NS, class IN, ns ns1.google.com
             Name: google.com
             Type: NS (authoritative Name Server) (2)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 6
             Name Server: ns1.google.com
         google.com: type NS, class IN, ns ns3.google.com
             Name: google.com
             Type: NS (authoritative Name Server) (2)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 6
             Name Server: ns3.google.com
         google.com: type NS, class IN, ns ns2.google.com
             Name: google.com
             Type: NS (authoritative Name Server) (2)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 6
             Name Server: ns2.google.com
     Additional records
         ns2.google.com: type A, class IN, addr 216.239.34.10
             Name: ns2.google.com
             Type: A (Host Address) (1)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 4
             Address: 216.239.34.10
         ns1.google.com: type A, class IN, addr 216.239.32.10
             Name: ns1.google.com
             Type: A (Host Address) (1)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 4
             Address: 216.239.32.10
         ns3.google.com: type A, class IN, addr 216.239.36.10
             Name: ns3.google.com
             Type: A (Host Address) (1)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 4
             Address: 216.239.36.10
         ns4.google.com: type A, class IN, addr 216.239.38.10
             Name: ns4.google.com
             Type: A (Host Address) (1)
             Class: IN (0x0001)
             Time to live: 172792
             Data length: 4
             Address: 216.239.38.10

-rsd




On 16/01/2017 06:31, Brian Candler wrote:
> On 16/01/2017 00:52, Raul Dias wrote:
>> The  packets are getting back  That has being stablished already.
>>
> With Wireshark at the 2008R2 end?
>
>> I am looking for possible reasons it would disregard the answer, but 
>> accept when using a non-freeipa bind9 one.
>
> Look at wireshark detail on both sets of responses; check for any 
> differences including the flags. You're sure one of the servers isn't 
> answering with a REFUSED answer for example? (That is, one of the bind 
> servers might not allow queries from the source address of the 2008R2 
> server)
>
> Also compare the bind configs. For example, is DNSSEC enabled in one 
> but not the other?
>
>

-- 
Att. Raul Dias



From b.candler at pobox.com  Mon Jan 16 17:16:12 2017
From: b.candler at pobox.com (Brian Candler)
Date: Mon, 16 Jan 2017 17:16:12 +0000
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <37512ea2-4581-d29f-8741-9b76de2f119e@dias.com.br>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
	<cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>
	<82079fc7-e51d-cc48-abe2-23ce259fe830@pobox.com>
	<37512ea2-4581-d29f-8741-9b76de2f119e@dias.com.br>
Message-ID: <70e08dc7-936e-ff0a-5ada-0f19ddee9f4f@pobox.com>

On 16/01/2017 16:37, Raul Dias wrote:
> Did some testing.
>
> From the windows server, did a port scanner on the IPA server (tcp + 
> udp), no blocking between. (tested open).
>
> The IPA has DNSSEC on, but that is for the zones only, right? There is 
> no indication of DNSSEC in the datagrams.
>
You can have a DNSSEC-validating resolver (cache), but you're right 
you'd see things in the packet (EDNS).

> The wireshark in the windows server:
>
Looks like a perfectly good DNS response to me.  Windows is a strange 
beast :-(

Horrible workaround: if you can find a DNS server which Windows likes, 
you can configure that DNS server to forward all the IPA-hosted zones to 
the IPA server.



From raul at dias.com.br  Mon Jan 16 18:03:27 2017
From: raul at dias.com.br (Raul Dias)
Date: Mon, 16 Jan 2017 16:03:27 -0200
Subject: [Freeipa-users] Windows Server can't use FreeIPA's DNS server
In-Reply-To: <70e08dc7-936e-ff0a-5ada-0f19ddee9f4f@pobox.com>
References: <8a0e2afe-d10f-d796-f227-40b65c5383bb@dias.com.br>
	<312bc423-faa1-8227-d12b-dacedfc7e4b5@pobox.com>
	<cb88b665-b59e-f19e-ed03-1705c5e8f283@dias.com.br>
	<82079fc7-e51d-cc48-abe2-23ce259fe830@pobox.com>
	<37512ea2-4581-d29f-8741-9b76de2f119e@dias.com.br>
	<70e08dc7-936e-ff0a-5ada-0f19ddee9f4f@pobox.com>
Message-ID: <ee5a05da-1cdc-e44f-2e87-0ce7f577d54d@dias.com.br>

Ok,

Found the issue.  I believe it is a Fedora (25) issue, but not sure 
yet.  So, registering here for the archives.

My IPA is on a FC25 on a LXC container (2.0.6) on a Jessie host.

The IPA container ethernet is on a private bridge (not attached to any 
real one).

The FC container was configured to do an offloading checksum.  I believe 
it was FC's fault, but could be some other lxc host on the same bridge, 
if possible.

Anyways, this command disabled offloading and it start to work:

# ethtool --offload eth0 rx off tx off gso off

Still, why only the 2k8 r2 complained about this, still have to be verified.

-rsd




From jeffclay at gmail.com  Mon Jan 16 21:28:33 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Mon, 16 Jan 2017 15:28:33 -0600
Subject: [Freeipa-users] 32 bit netmask detection and error during
	install
In-Reply-To: <d442cd22-bbd9-f7bc-ab36-45557e2a11a7@redhat.com>
References: <F337EC6B-CA80-4C8B-9B1B-3A0C8410E815@gmail.com>
	<d442cd22-bbd9-f7bc-ab36-45557e2a11a7@redhat.com>
Message-ID: <CACJOGMNb+fQBYAxkVhD+mAznEQnt75ocQ8HdtfRpMmM4wK9Haw@mail.gmail.com>

I found where this had been fixed by
https://fedorahosted.org/freeipa/ticket/5814 and I have filed a bug report
requesting the patch to be backported
https://bugzilla.redhat.com/show_bug.cgi?id=1413742

On Mon, Jan 16, 2017 at 2:43 AM, David Kupka <dkupka at redhat.com> wrote:

> On 16/01/17 03:15, Jeff Clay wrote:
>
>> I?m trying to install FreeIPA on CentOS 7. The server I?m using is a
>> Google Cloud Compute Engine instance. For some reason, they assign all
>> instances a /32 bit netmask on the internal interface even though you have
>> your own private /20 subnet.
>> When installing freeipa on these vm's, you get the error "Error: Invalid
>> IP Address 10.128.0.5: cannot use IP network address 10.128.0.5?
>>
>> Here are the settings for the interface.
>> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1460
>>         inet 10.128.0.5  netmask 255.255.255.255  broadcast 10.128.0.5
>>         ether 42:01:0a:80:00:05  txqueuelen 1000  (Ethernet)
>>         RX packets 17904  bytes 116212393 (110.8 MiB)
>>         RX errors 0  dropped 0  overruns 0  frame 0
>>         TX packets 19001  bytes 3287390 (3.1 MiB)
>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>
>> How can I bypass that error and should /32 mask detection really be there?
>>
>> Thanks,
>>
>> Hello Jeff,
> this issue was already fixed upstream [1]. The fix is part of 4.4.2
> release. I'm afraid it's not available in CentOS yet. The easiest way would
> be to wait for the release to get to the CentOS or use Fedora instead.
>
> [1] https://fedorahosted.org/freeipa/ticket/5814
> --
> David Kupka
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170116/37a1fa80/attachment.htm>

From freeipa at 0xc0dedbad.com  Tue Jan 17 09:10:54 2017
From: freeipa at 0xc0dedbad.com (Peter Fern)
Date: Tue, 17 Jan 2017 20:10:54 +1100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
Message-ID: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>

Hello all,

It appears there have been quite a few changes to the FreeIPA plugin
infrastructure in the 4.4 series.  I've been trying to wade through the
commits, but it's a pretty tough slog.

Does anyone have details on how to migrate plugins from <=4.3 to 4.4?

Thanks,
Pete



From abokovoy at redhat.com  Tue Jan 17 09:36:51 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 17 Jan 2017 11:36:51 +0200
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
Message-ID: <20170117093651.r5gknjotdq7o3nbc@redhat.com>

On ti, 17 tammi 2017, Peter Fern wrote:
>Hello all,
>
>It appears there have been quite a few changes to the FreeIPA plugin
>infrastructure in the 4.4 series.  I've been trying to wade through the
>commits, but it's a pretty tough slog.
>
>Does anyone have details on how to migrate plugins from <=4.3 to 4.4?
Can you be more specific? What plugins?

Till 4.4.1 we did not support any external plugins officially. With
4.4.1 we have https://github.com/abbra/freeipa-desktop-profile/ as an
example of how to create a self-contained external plugin.

-- 
/ Alexander Bokovoy



From dkupka at redhat.com  Tue Jan 17 09:39:37 2017
From: dkupka at redhat.com (David Kupka)
Date: Tue, 17 Jan 2017 10:39:37 +0100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
Message-ID: <1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>

On 17/01/17 10:10, Peter Fern wrote:
> Hello all,
>
> It appears there have been quite a few changes to the FreeIPA plugin
> infrastructure in the 4.4 series.  I've been trying to wade through the
> commits, but it's a pretty tough slog.
>
> Does anyone have details on how to migrate plugins from <=4.3 to 4.4?
>
> Thanks,
> Pete
>
Hello Peter,
in 4.4 we split the plugins to the server and client plugins. Simple 
plugins (like server plugin) needs to exist only on server and all what 
is needed is to move it from ipalib/plugins to ipaserver/plugins.

But if commands in your plugin define interactive_prompt_callback (like 
dns plugin) or forward (like vault plugin) you will need to split the 
client and server part of the plugin.

-- 
David Kupka



From harald.dunkel at aixigo.de  Tue Jan 17 09:44:14 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 17 Jan 2017 10:44:14 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
Message-ID: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>

It seems something got corrupted in my ipa setup. I found this in the
sssd log file on Wheezy:

(Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
(Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
(Tue Jan 17 10:19:02 2017) [hbac_ctx_to_rules] (0x0020): Could not construct eval request
(Tue Jan 17 10:19:02 2017) [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules
(Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sending result [4][example.de]
(Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sent result [4][example.de]

This happens on a login via ssh, or if I run "su - username" as
root. The su session gives just a warning, but for sshd I have to
disable pam to allow remote logins.

Complete log is attached, of course.


Every helpful comment is highly appreciated.
Harri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd_example.de.log
Type: text/x-log
Size: 10757 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170117/3f39286d/attachment.bin>

From freeipa at 0xc0dedbad.com  Tue Jan 17 10:30:19 2017
From: freeipa at 0xc0dedbad.com (Peter Fern)
Date: Tue, 17 Jan 2017 21:30:19 +1100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
	<1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
Message-ID: <134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>

On 17/01/17 20:39, David Kupka wrote:
> in 4.4 we split the plugins to the server and client plugins. Simple
> plugins (like server plugin) needs to exist only on server and all
> what is needed is to move it from ipalib/plugins to ipaserver/plugins.
>
> But if commands in your plugin define interactive_prompt_callback
> (like dns plugin) or forward (like vault plugin) you will need to
> split the client and server part of the plugin.
>
Hi David,

I tried that, but it didn't end well.  My plugin is quite simple, just
adds an attribute to the user model and UI/CLI extensions to manage it. 
However it looks like plugin structure has changed (I see @register
decorators(?) and such), and ipalib.user no longer exists.  My old
plugin is available here:

https://github.com/pdf/freeipa-user-mailalternateaddress/blob/master/user_mailalternateaddress.py

Unfortunately Python is not a language I'm particularly familiar, so
I've not come across some of the patterns used in the new plugins, and
any pointers would be appreciated.

Thanks,

Pete



From sbose at redhat.com  Tue Jan 17 10:38:12 2017
From: sbose at redhat.com (Sumit Bose)
Date: Tue, 17 Jan 2017 11:38:12 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
Message-ID: <20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
> It seems something got corrupted in my ipa setup. I found this in the
> sssd log file on Wheezy:
> 
> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]

Looks like there was a replication conflict, please see
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
how to resolve it.

We already have a ticket for SSSD to ignore those object, but
unfortunately there is currently no patch available for SSSD so you have
to resolve the replication conflict to get it working again.

HTH

bye,
Sumit

> (Tue Jan 17 10:19:02 2017) [hbac_ctx_to_rules] (0x0020): Could not construct eval request
> (Tue Jan 17 10:19:02 2017) [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sending result [4][example.de]
> (Tue Jan 17 10:19:02 2017) [be_pam_handler_callback] (0x0100): Sent result [4][example.de]
> 
> This happens on a login via ssh, or if I run "su - username" as
> root. The su session gives just a warning, but for sshd I have to
> disable pam to allow remote logins.
> 
> Complete log is attached, of course.
> 
> 
> Every helpful comment is highly appreciated.
> Harri



From dkupka at redhat.com  Tue Jan 17 10:48:22 2017
From: dkupka at redhat.com (David Kupka)
Date: Tue, 17 Jan 2017 11:48:22 +0100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
	<1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
	<134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>
Message-ID: <11f45b5a-e381-0fb4-2e5b-5caf21fb3877@redhat.com>

On 17/01/17 11:30, Peter Fern wrote:
> On 17/01/17 20:39, David Kupka wrote:
>> in 4.4 we split the plugins to the server and client plugins. Simple
>> plugins (like server plugin) needs to exist only on server and all
>> what is needed is to move it from ipalib/plugins to ipaserver/plugins.
>>
>> But if commands in your plugin define interactive_prompt_callback
>> (like dns plugin) or forward (like vault plugin) you will need to
>> split the client and server part of the plugin.
>>
> Hi David,
>
> I tried that, but it didn't end well.  My plugin is quite simple, just
> adds an attribute to the user model and UI/CLI extensions to manage it.
> However it looks like plugin structure has changed (I see @register
> decorators(?) and such), and ipalib.user no longer exists.  My old
> plugin is available here:
>
> https://github.com/pdf/freeipa-user-mailalternateaddress/blob/master/user_mailalternateaddress.py
>
> Unfortunately Python is not a language I'm particularly familiar, so
> I've not come across some of the patterns used in the new plugins, and
> any pointers would be appreciated.
>
> Thanks,
>
> Pete
>

Ok, your plugin is not really a plugin but that should not be a problem.
To make it work:

1) replace "from ipalib.plugins.user import user" with "from 
ipaserver.plugins.user import user"
2) make sure "user_mailalternateaddress.py" is also in ipaserver/plugins/
3) restart httpd

-- 
David Kupka



From freeipa at 0xc0dedbad.com  Tue Jan 17 11:16:03 2017
From: freeipa at 0xc0dedbad.com (Peter Fern)
Date: Tue, 17 Jan 2017 22:16:03 +1100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <11f45b5a-e381-0fb4-2e5b-5caf21fb3877@redhat.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
	<1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
	<134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>
	<11f45b5a-e381-0fb4-2e5b-5caf21fb3877@redhat.com>
Message-ID: <2cd47fe1-fc4c-a8e0-d111-8d13ab01d4bf@0xc0dedbad.com>

On 17/01/17 21:48, David Kupka wrote:
> Ok, your plugin is not really a plugin but that should not be a problem.
> To make it work:
>
> 1) replace "from ipalib.plugins.user import user" with "from
> ipaserver.plugins.user import user"
> 2) make sure "user_mailalternateaddress.py" is also in ipaserver/plugins/
> 3) restart httpd
>
Thank you, that gets the web UI working as expected, but I seem to be
missing the CLI switch.

I'm also adding an objectclass to the default userobjectclasses (and
updating existing users) in my install script, but it looks like maybe I
can use the 'updates' mechanism for this, is that right?  If so, is that
mechanism documented anywhere?



From abokovoy at redhat.com  Tue Jan 17 11:30:13 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 17 Jan 2017 13:30:13 +0200
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <2cd47fe1-fc4c-a8e0-d111-8d13ab01d4bf@0xc0dedbad.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
	<1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
	<134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>
	<11f45b5a-e381-0fb4-2e5b-5caf21fb3877@redhat.com>
	<2cd47fe1-fc4c-a8e0-d111-8d13ab01d4bf@0xc0dedbad.com>
Message-ID: <20170117113013.pnoistlxyngrngip@redhat.com>

On ti, 17 tammi 2017, Peter Fern wrote:
>On 17/01/17 21:48, David Kupka wrote:
>> Ok, your plugin is not really a plugin but that should not be a problem.
>> To make it work:
>>
>> 1) replace "from ipalib.plugins.user import user" with "from
>> ipaserver.plugins.user import user"
>> 2) make sure "user_mailalternateaddress.py" is also in ipaserver/plugins/
>> 3) restart httpd
>>
>Thank you, that gets the web UI working as expected, but I seem to be
>missing the CLI switch.
>
>I'm also adding an objectclass to the default userobjectclasses (and
>updating existing users) in my install script, but it looks like maybe I
>can use the 'updates' mechanism for this, is that right?  If so, is that
>mechanism documented anywhere?
Look at the repository I pointed you to in another email thread.

I'd recommend you to build a proper package (RPM or DEB, depending what
distro we are talking about), move modification to the upgrade plugin
instead. Again, see example in the repo I mentioned. Having non-packaged
content on the package-managed machines is not going to help in longer
term, maintenance-wise.
-- 
/ Alexander Bokovoy



From dkupka at redhat.com  Tue Jan 17 11:35:27 2017
From: dkupka at redhat.com (David Kupka)
Date: Tue, 17 Jan 2017 12:35:27 +0100
Subject: [Freeipa-users] FreeIPA 4.4 plugin migration path
In-Reply-To: <2cd47fe1-fc4c-a8e0-d111-8d13ab01d4bf@0xc0dedbad.com>
References: <44c485fa-6a02-a412-2f50-67d4d1f96e65@0xc0dedbad.com>
	<1866f477-fbc6-fb96-c29f-41126440940d@redhat.com>
	<134183ce-2bdc-7213-cab8-07962cae3592@0xc0dedbad.com>
	<11f45b5a-e381-0fb4-2e5b-5caf21fb3877@redhat.com>
	<2cd47fe1-fc4c-a8e0-d111-8d13ab01d4bf@0xc0dedbad.com>
Message-ID: <7bb9075f-dec6-ec49-ecbf-2cf78d06420b@redhat.com>

On 17/01/17 12:16, Peter Fern wrote:
> On 17/01/17 21:48, David Kupka wrote:
>> Ok, your plugin is not really a plugin but that should not be a problem.
>> To make it work:
>>
>> 1) replace "from ipalib.plugins.user import user" with "from
>> ipaserver.plugins.user import user"
>> 2) make sure "user_mailalternateaddress.py" is also in ipaserver/plugins/
>> 3) restart httpd
>>
> Thank you, that gets the web UI working as expected, but I seem to be
> missing the CLI switch.

That is probably caused by client API schema cache that was also added 
in 4.4. Once the schema is downloaded and stored in cache it's validity 
is not checked for the next hour.
You can either force the check to be performed immediately:

$ ipa -v -e force_schema_check=1 user-add --help

or remove the cache:

$ rm -r ~/.cache/ipa/

You can find more about this feature and related changes on its design 
page [1]

>
> I'm also adding an objectclass to the default userobjectclasses (and
> updating existing users) in my install script, but it looks like maybe I
> can use the 'updates' mechanism for this, is that right?  If so, is that
> mechanism documented anywhere?
>

Adding objectclass or generally any attribute to many entries (users 
tends to be numerous) may take really really long and is not a good 
idea. It's better to add such objectclass on demand when the attribute 
is added to the entry for the first time.

But I agree with Alexander, in longer run it would be much better if you 
create and package proper plugin.

[1] http://www.freeipa.org/page/V4/API_Compatiblity

-- 
David Kupka



From alexanders.mailinglists+nospam at gmail.com  Tue Jan 17 14:24:35 2017
From: alexanders.mailinglists+nospam at gmail.com (Alexander Skwar)
Date: Tue, 17 Jan 2017 15:24:35 +0100
Subject: [Freeipa-users] ipa-replica-install fails: "an internal error has
 occurred" on Remote master - DBusException:
 org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was
 not provided by any .service files
Message-ID: <CADn-QaMQiaKk6P-aeyU2Z+0OgzXBWXNN4SU5=trLjz469J=zXw@mail.gmail.com>

Hello


Using freeipa 4.3.1-0ubuntu1 on Ubuntu 16.04 servers.

I have setup a FreeIPA master server with the following commands:

    apt install freeipa-server

    ipa-server-install --setup-dns --mkhomedir --auto-forwarders \
      --no-reverse --hostname=ewserv-auth01-prod.unix.ewadmin.ch \
      --ip-address=192.168.251.51 \
      --ds-password='dspassword' --admin-password='adminpassword' \
      --realm=UNIX.EWADMIN.CH --domain=unix.ewadmin.ch \
      --unattended

On a different server, I'm now trying to setup a replica. The
connection tests are good, see replica-master-conncheck.txt and
master-replica-conncheck.txt.

But ipa-replica-install fails (see ipa-replica-install.log.txt):

    $ sudo ipa-replica-install -P admin -w adminpassword
--domain=unix.ewadmin.ch --server=ewserv-auth01-prod.unix.ewadmin.ch
--realm=UNIX.EWADMIN.CH --hostname=ewserv-auth02-prod.unix.ewadmin.ch
    ?
    Client configuration complete.

    Run connection check to master
    Removing client side components
    Unenrolling client from IPA server
    ?
    ipa.ipapython.install.cli.install_tool(Replica): ERROR
Connection check failed!
    Please fix your network settings according to error messages above.
    If the check results are not valid it can be skipped with
--skip-conncheck parameter.
    ipa.ipapython.install.cli.install_tool(Replica): ERROR    The
ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information

In /var/log/ipareplica-install.log (attached as well), I find:

    [?]
       Kerberos Kpasswd: UDP (464): SKIPPED

    Connection from replica to master is OK.
    Start listening on required ports for remote master check
    Get credentials to log in to remote master
    Check RPC connection to remote master
    Execute check on remote master

    2017-01-17T14:48:00Z DEBUG stderr=Remote master check failed with
following error message(s):
    an internal error has occurred

    2017-01-17T14:48:00Z DEBUG Starting external process
    2017-01-17T14:48:00Z DEBUG args=/usr/sbin/ipa-client-install
--unattended --uninstall
    2017-01-17T14:48:06Z DEBUG Process finished, return code=0
    [?]

In /var/log/apache2/error.log, I find an error:

    [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [jsonserver_kerb] admin at UNIX.EWADMIN.CH:
ping(version=u'2.164'): SUCCESS
    ERROR:dbus.proxies:Introspect error on org.freeipa.server:/:
dbus.exceptions.DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.941909 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: ERROR: non-public: DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.942141 2017] [wsgi:error] [pid 21772:tid
139626190206720] Traceback (most recent call last):
    [Tue Jan 17 16:06:05.942325 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 350,
in wsgi_execute
    [Tue Jan 17 16:06:05.942543 2017] [wsgi:error] [pid 21772:tid
139626190206720]     result = self.Command[name](*args, **options)
    [Tue Jan 17 16:06:05.942946 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 446, in
__call__
    [Tue Jan 17 16:06:05.944110 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret = self.run(*args, **options)
    [Tue Jan 17 16:06:05.944272 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/frontend.py", line 763, in
run
    [Tue Jan 17 16:06:05.944459 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self.execute(*args, **options)
    [Tue Jan 17 16:06:05.944638 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/ipalib/plugins/server.py", line 247,
in execute
    [Tue Jan 17 16:06:05.944825 2017] [wsgi:error] [pid 21772:tid
139626190206720]     ret, stdout, stderr = server.conncheck(keys[-1])
    [Tue Jan 17 16:06:05.945075 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 70, in
__call__
    [Tue Jan 17 16:06:05.945245 2017] [wsgi:error] [pid 21772:tid
139626190206720]     return self._proxy_method(*args, **keywords)
    [Tue Jan 17 16:06:05.945394 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 145, in
__call__
    [Tue Jan 17 16:06:05.945567 2017] [wsgi:error] [pid 21772:tid
139626190206720]     **keywords)
    [Tue Jan 17 16:06:05.945734 2017] [wsgi:error] [pid 21772:tid
139626190206720]   File
"/usr/lib/python2.7/dist-packages/dbus/connection.py", line 651, in
call_blocking
    [Tue Jan 17 16:06:05.945914 2017] [wsgi:error] [pid 21772:tid
139626190206720]     message, timeout)
    [Tue Jan 17 16:06:05.946074 2017] [wsgi:error] [pid 21772:tid
139626190206720] DBusException:
org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
was not provided by any .service files
    [Tue Jan 17 16:06:05.946989 2017] [wsgi:error] [pid 21772:tid
139626190206720] ipa: INFO: [jsonserver_kerb] admin at UNIX.EWADMIN.CH:
server_conncheck(u'ewserv-auth01-prod.unix.ewadmin.ch',
u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.162'):
DBusException
    [Tue Jan 17 16:06:10.595846 2017] [wsgi:error] [pid 21773:tid
139626190206720] ipa: INFO: [xmlserver]
host/ewserv-auth02-prod.unix.ewadmin.ch at UNIX.EWADMIN.CH:
host_disable(u'ewserv-auth02-prod.unix.ewadmin.ch', version=u'2.51'):
SUCCESS


Thanks for any hints,


Alexander

PS: I also reported this as a bug on launchpad @
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1657134
-------------- next part --------------
$ sudo /usr/sbin/ipa-replica-conncheck --replica ewserv-auth02-prod.unix.ewadmin.ch
Check connection from master to remote replica 'ewserv-auth02-prod.unix.ewadmin.ch':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-install.log
Type: text/x-log
Size: 26310 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170117/30b0f411/attachment.bin>
-------------- next part --------------
$ sudo /usr/sbin/ipa-replica-conncheck --master=192.168.251.51
Check connection from replica to remote master '192.168.251.51':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Listeners are started. Use CTRL+C to terminate the listening part after the test.

Please run the following command on remote master:
/usr/sbin/ipa-replica-conncheck --replica ewserv-auth02-prod.unix.ewadmin.ch

^C
Cleaning up...
-------------- next part --------------
$ sudo ipa-replica-install -P admin -w adminpassword --domain=unix.ewadmin.ch --server=ewserv-auth01-prod.unix.ewadmin.ch --realm=UNIX.EWADMIN.CH --hostname=ewserv-auth02-prod.unix.ewadmin.ch
Configuring client side components
Client hostname: ewserv-auth02-prod.unix.ewadmin.ch
Realm: UNIX.EWADMIN.CH
DNS Domain: unix.ewadmin.ch
IPA Server: ewserv-auth01-prod.unix.ewadmin.ch
BaseDN: dc=unix,dc=ewadmin,dc=ch

Synchronizing time with KDC...
Attempting to sync time using ntpd.  Will timeout after 15 seconds
Unable to sync time with NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Issuer:      CN=Certificate Authority,O=UNIX.EWADMIN.CH
    Valid From:  Mon Jan 16 15:23:55 2017 UTC
    Valid Until: Fri Jan 16 15:23:55 2037 UTC

Enrolled in IPA realm UNIX.EWADMIN.CH
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm UNIX.EWADMIN.CH
trying https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json
Forwarding 'ping' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Systemwide CA database updated.
Hostname (ewserv-auth02-prod.unix.ewadmin.ch) does not have A/AAAA record.
Failed to update DNS records.
Missing A/AAAA record(s) for host ewserv-auth02-prod.unix.ewadmin.ch: 192.168.251.52.
Missing reverse record(s) for address(es): 192.168.251.52.
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to json server 'https://ewserv-auth01-prod.unix.ewadmin.ch/ipa/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
No SRV records of NTP servers found. IPA server address will be used
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring unix.ewadmin.ch as NIS domain.
Client configuration complete.

Run connection check to master
Removing client side components
Unenrolling client from IPA server
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
Restoring client configuration files
Unconfiguring the NIS domain.
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Systemwide CA database updated.
Client uninstall complete.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Connection check failed!
Please fix your network settings according to error messages above.
If the check results are not valid it can be skipped with --skip-conncheck parameter.
ipa.ipapython.install.cli.install_tool(Replica): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

From alexanders.mailinglists+nospam at gmail.com  Tue Jan 17 14:53:09 2017
From: alexanders.mailinglists+nospam at gmail.com (Alexander Skwar)
Date: Tue, 17 Jan 2017 15:53:09 +0100
Subject: [Freeipa-users] ipa-replica-install fails: "an internal error
 has occurred" on Remote master - DBusException:
 org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was
 not provided by any .service files
In-Reply-To: <CADn-QaMQiaKk6P-aeyU2Z+0OgzXBWXNN4SU5=trLjz469J=zXw@mail.gmail.com>
References: <CADn-QaMQiaKk6P-aeyU2Z+0OgzXBWXNN4SU5=trLjz469J=zXw@mail.gmail.com>
Message-ID: <CADn-QaNhOEXFm7TuA8A1H0CyLDPbg=6RdjGW7isNh6PaMXFQng@mail.gmail.com>

Hello again already?


2017-01-17 15:24 GMT+01:00 Alexander Skwar
<alexanders.mailinglists+nospam at gmail.com>:

?

>     [Tue Jan 17 16:06:05.825724 2017] [wsgi:error] [pid 21773:tid
> 139626190206720] ipa: INFO: [jsonserver_kerb] admin at UNIX.EWADMIN.CH:
> ping(version=u'2.164'): SUCCESS
>     ERROR:dbus.proxies:Introspect error on org.freeipa.server:/:
> dbus.exceptions.DBusException:
> org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server
> was not provided by any .service files

?

Hm, is that the error at hand here? On my Xenial system,
there are the following DBus services:

local at ewserv-auth01-prod ~ % dbus-send --system            \
  --dest=org.freedesktop.DBus \
  --type=method_call          \
  --print-reply               \
  /org/freedesktop/DBus       \
  org.freedesktop.DBus.ListNames
method return time=1484667282.766611 sender=org.freedesktop.DBus ->
destination=:1.14 serial=3 reply_serial=2
   array [
      string "org.freedesktop.DBus"
      string "org.freedesktop.login1"
      string "org.fedorahosted.certmonger"
      string ":1.8"
      string "org.freedesktop.systemd1"
      string "com.redhat.oddjob"
      string "com.redhat.oddjob_mkhomedir"
      string ":1.11"
      string ":1.12"
      string ":1.0"
      string ":1.14"
      string ":1.1"
      string ":1.2"
      string "org.freedesktop.Accounts"
      string ":1.5"
      string ":1.6"
   ]


On a RHEL 7.3 system, there's:

[root at snbng-auth01-prod ~]# dbus-send --system            \
>   --dest=org.freedesktop.DBus \
>   --type=method_call          \
>   --print-reply               \
>   /org/freedesktop/DBus       \
>   org.freedesktop.DBus.ListNames
method return sender=org.freedesktop.DBus -> dest=:1.604 reply_serial=2
   array [
      string "org.freedesktop.DBus"
      string "org.fedorahosted.certmonger"
      string "org.freedesktop.login1"
      string ":1.7"
      string ":1.604"
      string "org.freedesktop.systemd1"
      string "com.redhat.tuned"
      string "com.redhat.oddjob"
      string "org.freedesktop.PolicyKit1"
      string "com.redhat.oddjob_mkhomedir"
      string ":1.22"
      string "org.freedesktop.NetworkManager"
      string ":1.23"
      string ":1.24"
      string ":1.0"
      string ":1.1"
      string "com.redhat.ifcfgrh1"
      string ":1.2"
      string "org.freeipa.server"
      string ":1.5"
   ]

As you can see, the RHEL system does have a "org.freeipa.server".
The Xenial system does not.

Any ideas, why that might be missing?

Best regards,

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => a.skwar at gmail.com <==



From harald.dunkel at aixigo.de  Tue Jan 17 15:12:51 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 17 Jan 2017 16:12:51 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>

On 01/17/17 11:38, Sumit Bose wrote:
> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>> It seems something got corrupted in my ipa setup. I found this in the
>> sssd log file on Wheezy:
>>
>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
> 
> Looks like there was a replication conflict, please see
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> how to resolve it.
> 

% ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
26

:-(

I have 4 ipa servers. How can I make sure that no new problem arises
while I try to cleanup this mess? Can I freeze Freeipa somehow to
resolve this?

> We already have a ticket for SSSD to ignore those object, but
> unfortunately there is currently no patch available for SSSD so you have
> to resolve the replication conflict to get it working again.
> 

You mean sssd should ignore the conflict, not telling anybody?
I am not sure if thats the right way.


Thanx very much for your advice
Harri



From aebruno2 at buffalo.edu  Tue Jan 17 15:06:29 2017
From: aebruno2 at buffalo.edu (Andrew E. Bruno)
Date: Tue, 17 Jan 2017 10:06:29 -0500
Subject: [Freeipa-users] changelog entry cache size
Message-ID: <20170117150629.wxhjm6pbf3fluve2@dead.ccr.buffalo.edu>

Just upgraded to CentOS 7.3 (freeipa 4.3 -> 4.4). Seeing this in the
error logs:


[17/Jan/2017:08:41:38.057173466 -0500] WARNING: changelog: entry cache size 512000 B is less than db size 696377344 B; We recommend to increase
the entry cache size nsslapd-cachememsize.  [17/Jan/2017:08:41:38.058266046 -0500] Setting ncache to: 2 to keep each chunk below 4Gbytes


Is it worth increasing the changelog entry cache size? 

We're seeing high cpu utilization spikes for the ns-slapd proccess.
Roughly every 2 mins ns-slapd spikes up to 65% utilization. Could this
be the cause?


Thanks!

--Andrew



From georgijsr at scandiweb.com  Tue Jan 17 15:23:35 2017
From: georgijsr at scandiweb.com (Georgijs Radovs)
Date: Tue, 17 Jan 2017 17:23:35 +0200
Subject: [Freeipa-users] Limit regular user access only to self service
	portal
Message-ID: <d2e18b6d-db9d-afdf-f2d0-eac8ddcf7513@scandiweb.com>

Hello everyone!

Is it possible to configure Sef-service permissions in FreeIPA in a way, 
so that, when regular users log in, they don't have read access to other 
FreeIPA sections like "Policy", "Authentication", "IPA Server"...?

My goal is - when user logs in Self-service portal, he sees only his 
user account in "Identity" tab, no other tabs like "Policy" or 
"Authentication" and can read and write only to his profile.

Basically, I want to limit user to his account only, so he does not see 
information about other accounts.


-- 
 <https://www.youtube.com/watch?v=coVJlV1LJ84>



From harald.dunkel at aixigo.de  Tue Jan 17 15:48:57 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 17 Jan 2017 16:48:57 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
Message-ID: <74bb9222-66f7-2cb4-68ca-0743b7c2465e@aixigo.de>

On 01/17/17 16:12, Harald Dunkel wrote:
> On 01/17/17 11:38, Sumit Bose wrote:
>> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>>> It seems something got corrupted in my ipa setup. I found this in the
>>> sssd log file on Wheezy:
>>>
>>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>>
>> Looks like there was a replication conflict, please see
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>> how to resolve it.
>>
> 
> % ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
> 26
> 
PS:

nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=dns administrators,cn=privileges,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=dns servers,cn=privileges,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=example,dc=de
nsds5ReplConflict: namingConflict cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=example,dc=de

This looks like a problem of ipa-server-install. These entries were created
in the very first seconds.


Harri



From lkrispen at redhat.com  Tue Jan 17 16:01:54 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Tue, 17 Jan 2017 17:01:54 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <74bb9222-66f7-2cb4-68ca-0743b7c2465e@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
	<74bb9222-66f7-2cb4-68ca-0743b7c2465e@aixigo.de>
Message-ID: <587E3FF2.208@redhat.com>


On 01/17/2017 04:48 PM, Harald Dunkel wrote:
> On 01/17/17 16:12, Harald Dunkel wrote:
>> On 01/17/17 11:38, Sumit Bose wrote:
>>> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>>>> It seems something got corrupted in my ipa setup. I found this in the
>>>> sssd log file on Wheezy:
>>>>
>>>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>>>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>>> Looks like there was a replication conflict, please see
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>> how to resolve it.
>>>
>> % ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
>> 26
>>
> PS:
>
> nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=dns administrators,cn=privileges,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=dns servers,cn=privileges,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=example,dc=de
> nsds5ReplConflict: namingConflict cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=example,dc=de
>
> This looks like a problem of ipa-server-install. These entries were created
> in the very first seconds.
Conflict entries are created if an entry is added on different servers 
at the "same time", where same time means it is created on instance x 
before the add of the entry on instance y was replicated to x. This can 
happen if you run things in parallel, eg upgrades.

There is no simple way to get rid of them, you need to delete them one 
by one, so do:
ldapmodify .......
dn:  cn=System: Manage Host 
Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
changetype: delete

for all of your conflict entries
>
>
> Harri
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From william.muriithi at gmail.com  Tue Jan 17 16:04:31 2017
From: william.muriithi at gmail.com (William Muriithi)
Date: Tue, 17 Jan 2017 11:04:31 -0500
Subject: [Freeipa-users] (no subject)
Message-ID: <CAE9rU+7qnwOuxOpa2gWFbULyYGscgiOR+ubzSL1jxHvNsijErA@mail.gmail.com>

Hello,

I have been attempting to setup samba server on RHEL 7 and I haven't
had luck so far.  I am hoping to get some guidance on what I could be
missing.  I am using the link below as a guide.

http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA

My setup is made up of two IPA version 4.4 (Master master) with a
trust relationship to Windows AD. Samba is running on a separate
system (RHEL7.3) and fully to date.  Windows domain would be
ad.example.com and ipa domain is eng.example.com

Below is my samba config at present.  There is an ad group called eng
that is mapped to an external group called eng_external on ipa.
eng_external is a member of ipausers group

[global]


        workgroup = ENG
        realm = ENG.EXAMPLE.COM
        dedicated keytab file = FILE:/etc/samba/samba.keytab
        kerberos method = dedicated keytab
        server string = Samba Server Version %v


        log file = /var/log/samba/log.%m
        log level = 5
        max log size = 50


        security = ads
        passdb backend = tdbsam
        strict locking = no

        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes



[homes]
        comment = Home Directories
        path = /home
        browseable = yes
        writable = yes
        valid users = @ipausers

[projects]
        comment = Projects
        path = /projects
        browseable = yes
        writable = yes
        valid users = @ipausers



After restarting samba, an attempt to connect to samba from Windows
result in the following samba logs? Do you notice any problem from the
information that I have shared please?

Would appreciate any pointer at this point

[2017/01/17 10:17:55.905941,  5]
../source3/auth/token_util.c:639(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:17:55.905980,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:17:55.906751,  5]
../source3/smbd/share_access.c:120(token_contains_name)
  lookup_name ipausers failed
[2017/01/17 10:17:55.906789,  2]
../source3/smbd/service.c:427(create_connection_session_info)
  user 'william at ad.example.com' (from session setup) not permitted to
access this share (william at ad.example.com)
[2017/01/17 10:17:55.906818,  1]
../source3/smbd/service.c:560(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/01/17 10:17:55.906838,  5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:17:55.906871,  5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:17:55.906895,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135
[2017/01/17 10:18:02.815184,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:18:02.815224,  5]
../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2017/01/17 10:18:02.815242,  5]
../source3/auth/token_util.c:639(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:18:02.815270,  5]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2017/01/17 10:18:02.815304,  5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.815347,  5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.815375,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 192.168.15.41 (192.168.15.41)
[2017/01/17 10:18:02.815402,  3]
../libcli/security/dom_sid.c:209(dom_sid_parse_endp)
  string_to_sid: SID @ipausers is not in a valid format
[2017/01/17 10:18:02.815421,  5]
../source3/auth/user_util.c:151(user_in_netgroup)
  looking for user william at ad.example.com of domain eng.example.com in
netgroup ipausers
[2017/01/17 10:18:02.815774,  4] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2017/01/17 10:18:02.815814,  4] ../source3/smbd/uid.c:491(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2017/01/17 10:18:02.815835,  4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/01/17 10:18:02.815852,  5]
../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2017/01/17 10:18:02.815868,  5]
../source3/auth/token_util.c:639(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2017/01/17 10:18:02.815910,  4] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/01/17 10:18:02.823518,  5]
../source3/smbd/share_access.c:120(token_contains_name)
  lookup_name ipausers failed
[2017/01/17 10:18:02.823553,  2]
../source3/smbd/service.c:427(create_connection_session_info)
  user 'william at ad.example.com' (from session setup) not permitted to
access this share (william at ad.example.com)
[2017/01/17 10:18:02.823577,  1]
../source3/smbd/service.c:560(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/01/17 10:18:02.823597,  5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
  check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.823629,  5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
  release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2017/01/17 10:18:02.823654,  3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:135

Regards,
William



From alexanders.mailinglists+nospam at gmail.com  Tue Jan 17 16:34:42 2017
From: alexanders.mailinglists+nospam at gmail.com (Alexander Skwar)
Date: Tue, 17 Jan 2017 17:34:42 +0100
Subject: [Freeipa-users] [solved] Re: ipa-replica-install fails: "an
 internal error has occurred" on Remote master - DBusException:
 org.freedesktop.DBus.Error.ServiceUnknown: The name org.freeipa.server was
 not provided by any .service files
Message-ID: <CADn-QaNO=RqzfbGK4soFubeaohSqRbzHO0fqrSKMr=4BYiWk1g@mail.gmail.com>

Hi

2017-01-17 15:53 GMT+01:00 Alexander Skwar

> As you can see, the RHEL system does have a "org.freeipa.server".
> The Xenial system does not.
>
> Any ideas, why that might be missing?

Timo Aaltonen has helped me to find the issue on the launchpad bug.

The oddjob service needs to be restarted/reloaded:

systemctl reload-or-try-restart oddjobd

After that, DBus knows about the org.freeipa.server service and I can
setup the replica just fine with ipa-replica-install.

Cheers,
Alexander



From sbose at redhat.com  Tue Jan 17 17:45:29 2017
From: sbose at redhat.com (Sumit Bose)
Date: Tue, 17 Jan 2017 18:45:29 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
Message-ID: <20170117174529.GA3389@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Tue, Jan 17, 2017 at 04:12:51PM +0100, Harald Dunkel wrote:
> On 01/17/17 11:38, Sumit Bose wrote:
> > On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
> >> It seems something got corrupted in my ipa setup. I found this in the
> >> sssd log file on Wheezy:
> >>
> >> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
> >> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
> > 
> > Looks like there was a replication conflict, please see
> > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> > how to resolve it.
> > 
> 
> % ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
> 26
> 
> :-(
> 
> I have 4 ipa servers. How can I make sure that no new problem arises
> while I try to cleanup this mess? Can I freeze Freeipa somehow to
> resolve this?
> 
> > We already have a ticket for SSSD to ignore those object, but
> > unfortunately there is currently no patch available for SSSD so you have
> > to resolve the replication conflict to get it working again.
> > 
> 
> You mean sssd should ignore the conflict, not telling anybody?
> I am not sure if thats the right way.

SSSD will of course write a log messages when a DN is ignored. Since the
default for HBAC is deny and a rule must allow you access e.g. a missing
group membership will in the worst case cause a denied access because
not all criteria defined be the rule are matched.

bye,
Sumit

> 
> 
> Thanx very much for your advice
> Harri
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From lslebodn at redhat.com  Tue Jan 17 20:59:38 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Tue, 17 Jan 2017 21:59:38 +0100
Subject: [Freeipa-users] report abuse
In-Reply-To: <20170116055318.dbvfxsem2l5befcl@redhat.com>
References: <d8b4b5c4a824739d096c34baa40b8a23@localhost>
	<EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>
	<20170116055318.dbvfxsem2l5befcl@redhat.com>
Message-ID: <20170117205937.GA3540@10.4.128.1>

On (16/01/17 07:53), Alexander Bokovoy wrote:
>On su, 15 tammi 2017, Jeff Clay wrote:
>> Not sure how this stuff is usually reported, but the person below needs removed from the group.
>This is a spam bot and it is *not* on the list of subscribers. We ran
>few experiments to find out that, you can check mailing list archives.
>
>The spam bot actually mines the mailing list archives and sends emails
>based on that one.
>
>We could close down mail archives from the non-subscribers. As a negative
>result, search engines will not be able to index it and this will reduce
>your ability to search FreeIPA-related solutions via search engines.
>
Maybe it would help to obfuscate email addresses in HTML version of
archive (at least domain part).
And hide gzipped text version for non-subscribers.

LS



From orion at cora.nwra.com  Tue Jan 17 23:41:13 2017
From: orion at cora.nwra.com (Orion Poplawski)
Date: Tue, 17 Jan 2017 16:41:13 -0700
Subject: [Freeipa-users] documentation or example of using S42U for NFS
In-Reply-To: <5BCA6356-7A58-4867-BC6A-E0701F84FC1C@rutgers.edu>
References: <5BCA6356-7A58-4867-BC6A-E0701F84FC1C@rutgers.edu>
Message-ID: <b13b515e-d1be-6c43-681d-17e67d36b3e7@cora.nwra.com>

On 01/09/2017 09:52 AM, Charles Hedrick wrote:
> Various documentation suggests that it is possible for Gssproxy to get tickets for users who need to use NFS. This is a possible way to handle things like cron jobs.
> 
> However while a gssproxy.conf example is given, there?s no sign of what needs to be done in freeipa to authorize it. I tried following instructions for LDAP access, but it doesn?t work. NFS seems to use a different, two-stage method for getting credentials, so that?s not a surprise. There are, not surprisingly, no useful error messages even with logging turned all the way up.
> 
> 

I'm interested in this as well.  All I've been able to find so far is:

https://vda.li/en/posts/2013/07/29/Setting-up-S4U2Proxy-with-FreeIPA/

haven't tried anything.

-- 
Orion Poplawski
Technical Manager                          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com



From datakid at gmail.com  Wed Jan 18 03:02:13 2017
From: datakid at gmail.com (Lachlan Musicman)
Date: Wed, 18 Jan 2017 14:02:13 +1100
Subject: [Freeipa-users] security, sssd, pam and web apps
Message-ID: <CAGBeqiMovzRBt1poy0GEaSoGJgoSZRxcAUDPAMkjrCFyrpi2tw@mail.gmail.com>

Hi,

We have a new rstudio server that we'd like to have FreeIPA manage Auth on.

sssd works - I can login with my appropriate credentials via cli, but the
web interface doesn't accept the creds.

I've read http://www.freeipa.org/page/Web_App_Authentication#PAM_service
but we don't want to create a HBAC service - we aren't having much luck
with HBAC anyway (still working on that) but we also want all users to have
access to this web app.

The original /etc/pam.d/rstudio looks like:

#%PAM-1.0
auth      requisite      pam_succeed_if.so uid >= 500 quiet
auth      required       pam_unix.so nodelay

account   required       pam_unix.so


I've changed it to look like:

#%PAM-1.0
auth      required       pam_sss.so

account   required       pam_sss.so

This works - but does it create any other security issues?

cheers
L.


------
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170118/5fb3ed82/attachment.htm>

From pingram.au at gmail.com  Tue Jan 17 03:39:08 2017
From: pingram.au at gmail.com (Phil Ingram)
Date: Tue, 17 Jan 2017 14:09:08 +1030
Subject: [Freeipa-users] RFE: Documentation for creating OpenVPN
	certificates.
Message-ID: <ea679b48-0ef0-4361-a44a-346046acbba6@gmail.com>

An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170117/25a5ff4e/attachment.htm>

From hedrick at rutgers.edu  Wed Jan 18 02:44:14 2017
From: hedrick at rutgers.edu (Charles Hedrick)
Date: Wed, 18 Jan 2017 02:44:14 +0000
Subject: [Freeipa-users] documentation or example of using S42U for NFS
In-Reply-To: <b13b515e-d1be-6c43-681d-17e67d36b3e7@cora.nwra.com>
References: <5BCA6356-7A58-4867-BC6A-E0701F84FC1C@rutgers.edu>
	<b13b515e-d1be-6c43-681d-17e67d36b3e7@cora.nwra.com>
Message-ID: <90AAB443-7655-4153-8C09-A004370A2E46@cs.rutgers.edu>

Instructions like that are several places. But NFS is different, and I believe the configuration would be different from other services. 

I?ve given up on this approach, and have written my own utilities. I?ve actually got three. The first two assume that users who want to do cron jobs on a machine register a keytab for that machine on a secure system. I don?t want to put the actual keytab on the machine where the user is running, because if someone can become root, they can take the keytab and use it anywhere. (I?m in a computer science dept with systems run by faculty and grad students; also systems in public labs.)

So instead, I allow users to register that they want to do cron on a specific machine by putting a keytab on a secure server, associated with their username and the hostname. I expect to write a web app to set that up.

Credserv runs on the machine with the keytabs. It accepts a request from a server, authenticated using the host?s host key (i.e. /etc/krb5.keytab), with a username in the request. If the user has registered a keytab for that host, credserv returns a credential, locked to that IP address, with forwarding off. 

Kgetcred is the client side. It runs setuid root (so it can read /etc/krb5.keytab), though it drops privs as quickly as possible. It creates a credentials cache for the user from the credentials returned from credserv.

This gives the best granularity of control I can come up with.

There?s a third utility in the family: renewd. It gets the uids of all current processes, and renews credentials for all of the users. It?s more complex than you?d expect because a normal renewal (as in kinit -R or kstart) leaves a brief period of time when the credentials cache is unusable. This can result in NFS failing. I use a special approach that depends upon the details of the KEYRING implementation. It should be free of race conditions for NFS. If desired, a different approach to avoid race conditions could be used for caches located in /tmp. I haven?t written that code but there?s a comment in the source outlining it.

I?ll be creating a git repository for the code.


> On Jan 17, 2017, at 6:41:13 PM, Orion Poplawski <orion at cora.nwra.com> wrote:
> 
> On 01/09/2017 09:52 AM, Charles Hedrick wrote:
>> Various documentation suggests that it is possible for Gssproxy to get tickets for users who need to use NFS. This is a possible way to handle things like cron jobs.
>> 
>> However while a gssproxy.conf example is given, there?s no sign of what needs to be done in freeipa to authorize it. I tried following instructions for LDAP access, but it doesn?t work. NFS seems to use a different, two-stage method for getting credentials, so that?s not a surprise. There are, not surprisingly, no useful error messages even with logging turned all the way up.
>> 
>> 
> 
> I'm interested in this as well.  All I've been able to find so far is:
> 
> https://vda.li/en/posts/2013/07/29/Setting-up-S4U2Proxy-with-FreeIPA/
> 
> haven't tried anything.
> 
> -- 
> Orion Poplawski
> Technical Manager                          720-772-5637
> NWRA, Boulder/CoRA Office             FAX: 303-415-9702
> 3380 Mitchell Lane                       orion at nwra.com
> Boulder, CO 80301                   http://www.nwra.com




From harald.dunkel at aixigo.de  Wed Jan 18 07:13:57 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Wed, 18 Jan 2017 08:13:57 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <587E3FF2.208@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
	<74bb9222-66f7-2cb4-68ca-0743b7c2465e@aixigo.de>
	<587E3FF2.208@redhat.com>
Message-ID: <0538ee95-bbcf-b9bd-ffc4-a4cdef7e72a1@aixigo.de>

Hi Ludwig,

On 01/17/17 17:01, Ludwig Krispenz wrote:
> 
> On 01/17/2017 04:48 PM, Harald Dunkel wrote:
>> On 01/17/17 16:12, Harald Dunkel wrote:
>>> On 01/17/17 11:38, Sumit Bose wrote:
>>>> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>>>>> It seems something got corrupted in my ipa setup. I found this in the
>>>>> sssd log file on Wheezy:
>>>>>
>>>>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>>>>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>>>> Looks like there was a replication conflict, please see
>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>>> how to resolve it.
>>>>
>>> % ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
>>> 26
>>>
>> PS:
>>
>> nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=dns administrators,cn=privileges,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=dns servers,cn=privileges,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=example,dc=de
>> nsds5ReplConflict: namingConflict cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=example,dc=de
>>
>> This looks like a problem of ipa-server-install. These entries were created
>> in the very first seconds.
> Conflict entries are created if an entry is added on different servers at the "same time", where same time means it is created on instance x before the add of the entry on instance y was replicated to x. This can happen if you run things in parallel, eg upgrades.
> 

You mean Freeipa has a race condition? I use tools like clusterssh to
install or upgrade several hosts in parallel (n <= 49 due to available
screen and font size). The "same time" is built in.

Of course I understand that Freeipa is a special case, because it is
network application, but it should be able to handle n = 2.

> There is no simple way to get rid of them, you need to delete them one by one, so do:
> ldapmodify .......
> dn:  cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
> changetype: delete
> 
> for all of your conflict entries

I am surely no specialist for ldap, so hopefully its allowed to ask
a question:

This is a tree-like structure. If I delete a conflicting node, what
happens to the leafs? Is there any indication that these leafs
contain information that is not needed anymore? Isn't it possible
that server b created a huge tree with tons of subnodes and leafs
before the conflict is detected?



Every helpful comment is highly appreciated
Harri



From harald.dunkel at aixigo.de  Wed Jan 18 07:27:17 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Wed, 18 Jan 2017 08:27:17 +0100
Subject: [Freeipa-users] report abuse
In-Reply-To: <20170117205937.GA3540@10.4.128.1>
References: <d8b4b5c4a824739d096c34baa40b8a23@localhost>
	<EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>
	<20170116055318.dbvfxsem2l5befcl@redhat.com>
	<20170117205937.GA3540@10.4.128.1>
Message-ID: <6a347b8c-345d-06b1-46df-3b73cadc6e4b@aixigo.de>

On 01/17/17 21:59, Lukas Slebodnik wrote:
> On (16/01/17 07:53), Alexander Bokovoy wrote:
>>
>> The spam bot actually mines the mailing list archives and sends emails
>> based on that one.
>>

I am not sure how to apply it in this case, but time is money for these
spammers. Maybe it is possible to tarpit first access to the mailing list
archive index.html?

Another idea: fake entries in the mailing list archive with tons of
fake EMail addresses.


Regards
Harri



From abokovoy at redhat.com  Wed Jan 18 07:37:20 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 18 Jan 2017 09:37:20 +0200
Subject: [Freeipa-users] report abuse
In-Reply-To: <6a347b8c-345d-06b1-46df-3b73cadc6e4b@aixigo.de>
References: <d8b4b5c4a824739d096c34baa40b8a23@localhost>
	<EB5AE410-006F-4B3A-9215-A58B909BBC31@gmail.com>
	<20170116055318.dbvfxsem2l5befcl@redhat.com>
	<20170117205937.GA3540@10.4.128.1>
	<6a347b8c-345d-06b1-46df-3b73cadc6e4b@aixigo.de>
Message-ID: <20170118073720.4bnatqszcruwca6c@redhat.com>

On ke, 18 tammi 2017, Harald Dunkel wrote:
>On 01/17/17 21:59, Lukas Slebodnik wrote:
>> On (16/01/17 07:53), Alexander Bokovoy wrote:
>>>
>>> The spam bot actually mines the mailing list archives and sends emails
>>> based on that one.
>>>
>
>I am not sure how to apply it in this case, but time is money for these
>spammers. Maybe it is possible to tarpit first access to the mailing list
>archive index.html?
>
>Another idea: fake entries in the mailing list archive with tons of
>fake EMail addresses.
Both these ideas require modification to the archive software in use. We
don't have access or control over that right now other than closing down
the access altogether.

-- 
/ Alexander Bokovoy



From dkupka at redhat.com  Wed Jan 18 08:09:06 2017
From: dkupka at redhat.com (David Kupka)
Date: Wed, 18 Jan 2017 09:09:06 +0100
Subject: [Freeipa-users] Limit regular user access only to self service
 portal
In-Reply-To: <d2e18b6d-db9d-afdf-f2d0-eac8ddcf7513@scandiweb.com>
References: <d2e18b6d-db9d-afdf-f2d0-eac8ddcf7513@scandiweb.com>
Message-ID: <f3e8574b-fcfa-3460-9c7d-5b51d189e069@redhat.com>

On 17/01/17 16:23, Georgijs Radovs wrote:
> Hello everyone!
>
> Is it possible to configure Sef-service permissions in FreeIPA in a way,
> so that, when regular users log in, they don't have read access to other
> FreeIPA sections like "Policy", "Authentication", "IPA Server"...?
>
> My goal is - when user logs in Self-service portal, he sees only his
> user account in "Identity" tab, no other tabs like "Policy" or
> "Authentication" and can read and write only to his profile.
>
> Basically, I want to limit user to his account only, so he does not see
> information about other accounts.
>
>

Hello,
by default user without any added roles can see "Users" and "OTP Tokens" 
tabs and is able to read other users and modify only his attributes.

You can find permissions that affects reading user attributes in IPA 
Server->Role Based Access Control->Permissions (eg. System: Read User 
Addressbook Attributes) and change "Bind rule type" from all to 
"permission".
But be aware that modifying the permissions may result in SSSD being 
unable to resolve users unless you add those permissions to hosts (SSSD 
always uses host principal in FreeIPA deployment).

-- 
David Kupka



From abokovoy at redhat.com  Wed Jan 18 08:21:58 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 18 Jan 2017 10:21:58 +0200
Subject: [Freeipa-users] Limit regular user access only to self service
 portal
In-Reply-To: <f3e8574b-fcfa-3460-9c7d-5b51d189e069@redhat.com>
References: <d2e18b6d-db9d-afdf-f2d0-eac8ddcf7513@scandiweb.com>
	<f3e8574b-fcfa-3460-9c7d-5b51d189e069@redhat.com>
Message-ID: <20170118082158.lbq5ihg7ufngvpqs@redhat.com>

On ke, 18 tammi 2017, David Kupka wrote:
>On 17/01/17 16:23, Georgijs Radovs wrote:
>>Hello everyone!
>>
>>Is it possible to configure Sef-service permissions in FreeIPA in a way,
>>so that, when regular users log in, they don't have read access to other
>>FreeIPA sections like "Policy", "Authentication", "IPA Server"...?
>>
>>My goal is - when user logs in Self-service portal, he sees only his
>>user account in "Identity" tab, no other tabs like "Policy" or
>>"Authentication" and can read and write only to his profile.
>>
>>Basically, I want to limit user to his account only, so he does not see
>>information about other accounts.
>>
>>
>
>Hello,
>by default user without any added roles can see "Users" and "OTP 
>Tokens" tabs and is able to read other users and modify only his 
>attributes.
>
>You can find permissions that affects reading user attributes in IPA 
>Server->Role Based Access Control->Permissions (eg. System: Read User 
>Addressbook Attributes) and change "Bind rule type" from all to 
>"permission".
>But be aware that modifying the permissions may result in SSSD being 
>unable to resolve users unless you add those permissions to hosts 
>(SSSD always uses host principal in FreeIPA deployment).
Even with that, I'd not recommend tightening permissions so that users
would not be able to see other users. There are always ways to break
through this 'enforcement', even start with the fact that a user could
actually authenticate with the host principal of their desktop system.
Access to the identity information is not arbitrated in POSIX
environment. Any process under any user could ask for other user and
group identities with standard libc API.

Security through obscurity never works well in a longer term.

-- 
/ Alexander Bokovoy



From lkrispen at redhat.com  Wed Jan 18 08:51:21 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Wed, 18 Jan 2017 09:51:21 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <0538ee95-bbcf-b9bd-ffc4-a4cdef7e72a1@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<301164b0-09e6-bd7f-1303-7f07badc4971@aixigo.de>
	<74bb9222-66f7-2cb4-68ca-0743b7c2465e@aixigo.de>
	<587E3FF2.208@redhat.com>
	<0538ee95-bbcf-b9bd-ffc4-a4cdef7e72a1@aixigo.de>
Message-ID: <587F2C89.5060008@redhat.com>


On 01/18/2017 08:13 AM, Harald Dunkel wrote:
> Hi Ludwig,
>
> On 01/17/17 17:01, Ludwig Krispenz wrote:
>> On 01/17/2017 04:48 PM, Harald Dunkel wrote:
>>> On 01/17/17 16:12, Harald Dunkel wrote:
>>>> On 01/17/17 11:38, Sumit Bose wrote:
>>>>> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>>>>>> It seems something got corrupted in my ipa setup. I found this in the
>>>>>> sssd log file on Wheezy:
>>>>>>
>>>>>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>>>>>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>>>>> Looks like there was a replication conflict, please see
>>>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>>>> how to resolve it.
>>>>>
>>>> % ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
>>>> 26
>>>>
>>> PS:
>>>
>>> nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=dns administrators,cn=privileges,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=dns servers,cn=privileges,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Add IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Read IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Remove IPA Locations,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Read Locations of IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Read Status of Services on IPA Servers,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Manage Service Principals,cn=permissions,cn=pbac,dc=example,dc=de
>>> nsds5ReplConflict: namingConflict cn=System: Manage User Principals,cn=permissions,cn=pbac,dc=example,dc=de
>>>
>>> This looks like a problem of ipa-server-install. These entries were created
>>> in the very first seconds.
>> Conflict entries are created if an entry is added on different servers at the "same time", where same time means it is created on instance x before the add of the entry on instance y was replicated to x. This can happen if you run things in parallel, eg upgrades.
>>
> You mean Freeipa has a race condition? I use tools like clusterssh to
> install or upgrade several hosts in parallel (n <= 49 due to available
> screen and font size). The "same time" is built in.
>
> Of course I understand that Freeipa is a special case, because it is
> network application, but it should be able to handle n = 2.
it is handling it (389-ds does), but the way it is handling it has the 
conflict entries as a result.

If you add an entry to an instance it is assigned a unique identifier, 
the nsuniqeuid. The dn of an entry can change by modrdn, but the 
nsuniqueid is not changed. The nsuniqueid is also used in replication to 
identify which is the entry the replicated op has to be applied to.If 
you add entries with the same dn in parallel you have entries with the 
same dn but different nsuniqueids, this cannot be prevented, on instance 
has no control of what happens on another instance.
But if these entries are replicated you have two entries with the same 
dn but different nsuniqueids on the same server. This violates the ldap 
data model and ds needs to handle it. The way we do it is to transform 
one of the entries (always the same on all instances) into a conflict entry.

There have been several proposal to change this and there is work in 
progress to  make the conflict enties invisible (only visible on 
explicite request) to client operations. But this is no trivial task, 
the main problem is that you can not only add entries with the same dn 
in parallel, but you can also add children to these entries, or rename 
them, or delete them before they are replicated and then, if you are 
hiding them entries will have no visible parent or there will be 
problems in deletion.
I definitely want to resolve this, but all proposed and tried solutions 
ended up in some unresolved issues, corner case but still existent.

>
>> There is no simple way to get rid of them, you need to delete them one by one, so do:
>> ldapmodify .......
>> dn:  cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
>> changetype: delete
>>
>> for all of your conflict entries
> I am surely no specialist for ldap, so hopefully its allowed to ask
> a question:
>
> This is a tree-like structure. If I delete a conflicting node, what
> happens to the leafs? Is there any indication that these leafs
> contain information that is not needed anymore? Isn't it possible
> that server b created a huge tree with tons of subnodes and leafs
> before the conflict is detected?
if you try to delete a node which has children the deletion will be 
rejected. The bad thing is that you could have conflict entries with 
children. In that case you needd to decide if you want to delete them or 
move them to the "valid" entries before deleting the conflict entry
>
>
>
> Every helpful comment is highly appreciated
> Harri
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From harald.dunkel at aixigo.de  Wed Jan 18 13:57:53 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Wed, 18 Jan 2017 14:57:53 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>

On 01/17/17 11:38, Sumit Bose wrote:
> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>> It seems something got corrupted in my ipa setup. I found this in the
>> sssd log file on Wheezy:
>>
>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
> 
> Looks like there was a replication conflict, please see
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> how to resolve it.
> 

This is *way* too hot for me. How can I try this in a sandbox?


Every helpful comment is highly appreciated
Harri



From lslebodn at redhat.com  Wed Jan 18 14:02:58 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Wed, 18 Jan 2017 15:02:58 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <20170118140258.GB8356@10.4.128.1>

On (17/01/17 11:38), Sumit Bose wrote:
>On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>> It seems something got corrupted in my ipa setup. I found this in the
>> sssd log file on Wheezy:
>> 
>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>
>Looks like there was a replication conflict, please see
>https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>how to resolve it.
>
>We already have a ticket for SSSD to ignore those object, but
>unfortunately there is currently no patch available for SSSD so you have
>to resolve the replication conflict to get it working again.
>
HBAC replication conflicts are already ignored in sssd.
But debian wheezy (oldstable) has very old version of sssd 1.8.4-2.
I would recommend to use at least 1.11.7-3 from jessie (debian stable)

LS



From georgijsr at scandiweb.com  Wed Jan 18 14:19:13 2017
From: georgijsr at scandiweb.com (Georgijs Radovs)
Date: Wed, 18 Jan 2017 16:19:13 +0200
Subject: [Freeipa-users] Limit regular user access only to self service
 portal
In-Reply-To: <20170118082158.lbq5ihg7ufngvpqs@redhat.com>
References: <d2e18b6d-db9d-afdf-f2d0-eac8ddcf7513@scandiweb.com>
	<f3e8574b-fcfa-3460-9c7d-5b51d189e069@redhat.com>
	<20170118082158.lbq5ihg7ufngvpqs@redhat.com>
Message-ID: <2339f242-a9c6-0703-2a7e-8a02eb60b107@scandiweb.com>

Thank you for your help.


On 2017.01.18. 10:21, Alexander Bokovoy wrote:
> On ke, 18 tammi 2017, David Kupka wrote:
>> On 17/01/17 16:23, Georgijs Radovs wrote:
>>> Hello everyone!
>>>
>>> Is it possible to configure Sef-service permissions in FreeIPA in a 
>>> way,
>>> so that, when regular users log in, they don't have read access to 
>>> other
>>> FreeIPA sections like "Policy", "Authentication", "IPA Server"...?
>>>
>>> My goal is - when user logs in Self-service portal, he sees only his
>>> user account in "Identity" tab, no other tabs like "Policy" or
>>> "Authentication" and can read and write only to his profile.
>>>
>>> Basically, I want to limit user to his account only, so he does not see
>>> information about other accounts.
>>>
>>>
>>
>> Hello,
>> by default user without any added roles can see "Users" and "OTP 
>> Tokens" tabs and is able to read other users and modify only his 
>> attributes.
>>
>> You can find permissions that affects reading user attributes in IPA 
>> Server->Role Based Access Control->Permissions (eg. System: Read User 
>> Addressbook Attributes) and change "Bind rule type" from all to 
>> "permission".
>> But be aware that modifying the permissions may result in SSSD being 
>> unable to resolve users unless you add those permissions to hosts 
>> (SSSD always uses host principal in FreeIPA deployment).
> Even with that, I'd not recommend tightening permissions so that users
> would not be able to see other users. There are always ways to break
> through this 'enforcement', even start with the fact that a user could
> actually authenticate with the host principal of their desktop system.
> Access to the identity information is not arbitrated in POSIX
> environment. Any process under any user could ask for other user and
> group identities with standard libc API.
>
> Security through obscurity never works well in a longer term.
>


-- 
 <https://www.youtube.com/watch?v=coVJlV1LJ84>



From rakesh.rajasekharan at gmail.com  Wed Jan 18 15:07:20 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Wed, 18 Jan 2017 20:37:20 +0530
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <jlg7f64kpnh.fsf@thriss.redhat.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
	<jlg7f64kpnh.fsf@thriss.redhat.com>
Message-ID: <CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>

Hi There,

Sorry could not get back on this  earlier,

> Great, glad it's fixed!  Are these VMs?  If not, you may wish to
> (re?)configure automatic syncing.
 yes these are AWS instances. How do  I reconfigure auto syncing . Is there
a documentation I can follow.
Sorry, haven't done this before and not much info on that part


Apart from this , I also have a correlation between the "Clock skew" issue
and an earlier issue that I posted in another thread.
Basically , noticed that whenver I see clock skew errors, I see a lot of
connections in SYNC_RECV state.

this is the list of SYNC_RECV connections

tcp        0      0 10.0.8.45:88           10.0.30.49:42695        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.15.72:44991        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.2.82:53265         SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.31.253:57682       SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.34.208:53488       SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.27.17:47245        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.17.53:54504        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.24.78:47796        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.4.246:33607        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.27.91:34190        SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.27.248:38012       SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.15.139:51319       SYN_RECV
tcp        0      0 10.0.8.45:88           10.0.15.175:41188       SYN_RECV


Thanks,
Rakesh



On Tue, Jan 10, 2017 at 12:48 AM, Robbie Harwood <rharwood at redhat.com>
wrote:

> Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:
>
> > There were about 1500 hosts that were alerting for "clock skew" and the
> > issue went away only after I did a resync using ntpdate on all those
> hosts
>
> Great, glad it's fixed!  Are these VMs?  If not, you may wish to
> (re?)configure automatic syncing.
>
> > Is it possible that so many higher number of minor offsets adds up and
> > causes it. Coz from the individual offset it looks much below the 5min
> limit
>
> Not as such, if I understand you correctly?  This should only be a
> problem between any two machines that need to communicate (including the
> freeipa KDC).
>
> > Or, is there a way to tell whats the offset limit its actually looking
> for.
>
> 5 minutes almost certainly.  The parameter to configure it is
> "clockskew" in the config files, but I don't think IPA touches that.
>
> Hope that helps,
> --Robbie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170118/754fecfb/attachment.htm>

From lkrispen at redhat.com  Wed Jan 18 15:22:21 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Wed, 18 Jan 2017 16:22:21 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
Message-ID: <587F882D.30804@redhat.com>


On 01/18/2017 02:57 PM, Harald Dunkel wrote:
> On 01/17/17 11:38, Sumit Bose wrote:
>> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>>> It seems something got corrupted in my ipa setup. I found this in the
>>> sssd log file on Wheezy:
>>>
>>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>> Looks like there was a replication conflict, please see
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>> how to resolve it.
>>
> This is *way* too hot for me.
I think the procedure in the link about renaming is only needed if you 
want to keep both entries with a "normal" dn. But you want to get rid of 
the conflict entries.  Since you have to cleanup each of them 
individually I would suggest to start with one of them.

First get both the conflict entry and the normal entry and compare them:
ldapsearch   -D "cn=directory manager" ..... -b "cn=System: Manage Host 
Principals,cn=permissions,cn=pbac,dc=example,dc=de" -s base
ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host 
Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" 
-s base

They should be identical.
Next check if the conflict entry has child entries:
ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host 
Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" 
dn

If there are no entries below the conflict entry you can remove it:
ldapmodify - D "cn=directory manager" ......
dn: cn=System: Manage Host 
Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
changetype: delete

> How can I try this in a sandbox?
you can try to reproduce this state on two other machines.
and if you have an established backup and restore process do a backup 
before doing the cleanup
>
>
> Every helpful comment is highly appreciated
> Harri
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From jochen at jochen.org  Wed Jan 18 17:08:15 2017
From: jochen at jochen.org (Jochen Hein)
Date: Wed, 18 Jan 2017 18:08:15 +0100
Subject: [Freeipa-users] RFE: Documentation for creating OpenVPN
	certificates.
In-Reply-To: <ea679b48-0ef0-4361-a44a-346046acbba6@gmail.com> (Phil Ingram's
	message of "Tue, 17 Jan 2017 14:09:08 +1030")
References: <ea679b48-0ef0-4361-a44a-346046acbba6@gmail.com>
Message-ID: <83lgu82t4w.fsf@jochen.org>

Phil Ingram <pingram.au at gmail.com> writes:

> I use FreeIPA and I would like to create certificates for peer-to-peer
> and remote-access VPNs.

I tried to replace may manual easy-CA certificates with FreeIPA ones,
but that didn't work out (but my fallback also broke). My "productive"
VPN connection for now is ocserv, but I'd like to get OpenVPN running
again.

> In speaking with Fraser Tweedale, we agree that the best way forward
> is to create a secondary CA for insulation; but we may also need to
> create a custom certificate profile, which is non-trivial. As an end
> user of FreeIPA, I would like documentation on how to do this.

I'm happy to try something and give feedback.  I think I'll have time at
the end of this month to work on OpenVPN again.

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.



From jason at tresgeek.net  Wed Jan 18 19:52:47 2017
From: jason at tresgeek.net (Jason B. Nance)
Date: Wed, 18 Jan 2017 13:52:47 -0600 (CST)
Subject: [Freeipa-users] Lookups Failing With AD Forwarder (and DNSSEC)
In-Reply-To: <98eb6aab-1412-e63c-8251-6fce8d737b77@redhat.com>
References: <1875491957.2678.1483569638544.JavaMail.zimbra@tresgeek.net>
	<98eb6aab-1412-e63c-8251-6fce8d737b77@redhat.com>
Message-ID: <1456367495.2483.1484769167751.JavaMail.zimbra@tresgeek.net>

>> I have a pair of FreeIPA 4.4.0 servers setup whose forwarders are each set to an
>> Active Directory domain controller.  When a client attempts to lookup any DNS
>> record other than those to which FreeIPA is authoritative the client reports
>> NXDOMAIN and the FreeIPA server has the following in its logs:
>>
>> (first lookup)
>> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no
>> valid RRSIG) resolving 'zone/DS/IN': 10.48.8.18#53
>> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no
>> valid DS) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53
>>
>> (subsequent lookups)
>> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: validating
>> @0x7f7a40983ea0: sl1mmgpwtdc0001.tkc.gen.zone A: bad cache hit (zone/DS)
>> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error
>> (broken trust chain) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN':
>> 10.48.8.18#53
>>
>> In my case, ipa.tkc.gen.zone is served by FreeIPA and tkc.gen.zone is served by
>> AD (as is gen.zone).  10.48.8.18 is an AD domain controller for tkc.gen.zone
>> (and the forwarder the FreeIPA servers are pointed at).
>>
>> I've tried "rndc flush" and "rndc flushname ." on the FreeIPA boxes.  We've
>> tried both NSEC3 and NSEC.
>>
>> Anyone have guidance as to what may be going on?
>>
>> Thanks,
>>
>> j
>>
> 
> you use non-existent TLD domain or TLD domain doesn't have DS record of
> your zone, so this is expected behavior for DNSSEC considered as attack.
> You have to disable DNSSEC validation on all IPA DNS servers in
> /etc/named.conf in first case or fix incorrect/missing DS record in
> second case.
> 
> The 'zone.' is registered TLD, so if you own it you have probably
> missing DS record in path, thus broken trust chain.
> If you don't own the TLD, you shouldn't use it at all.

Hi Martin,

Thank you for the reply, and sorry for the delay in response.  My employer owns the "gen.zone" domain.  It is used internally only, and served by an Active Directory domain controller.

It appears, though, that our registrar does not support DNSSEC for .zone domains even though the .zone TLD in general does support DNSSEC.

:-\

j






From amessina at messinet.com  Wed Jan 18 23:10:50 2017
From: amessina at messinet.com (Anthony Joseph Messina)
Date: Wed, 18 Jan 2017 17:10:50 -0600
Subject: [Freeipa-users] RFE: Documentation for creating OpenVPN
	certificates.
In-Reply-To: <ea679b48-0ef0-4361-a44a-346046acbba6@gmail.com>
References: <ea679b48-0ef0-4361-a44a-346046acbba6@gmail.com>
Message-ID: <4271043.fUVYIxdjmu@linux-ws1.messinet.com>

On Tuesday, January 17, 2017 2:09:08 PM CST Phil Ingram wrote:
> To whom this may concern,
> 
> I use FreeIPA and I would like to create certificates for peer-to-peer and
> remote-access VPNs. In speaking with Fraser Tweedale, we agree that the
> best way forward is to create a secondary CA for insulation; but we may
> also need to create a custom certificate profile, which is non-trivial. As
> an end user of FreeIPA, I would like documentation on how to do this.
> 
> I use pfSense which requires that I upload the CA cert, a server cert and
> its private key. The private key for the CA is optional and only required
> for pfSense to self manage a CRL. On the server side I can also enforce the
> certificate depth; from none, to one through five. The only existing
> references to VPN in the current docs are:
> 
> * http://www.freeipa.org/page/V4/Sub-CAs#VPN_authentication
> 
> * http://www.freeipa.org/page/User_certificate_use_cases
> 
> 
> Regards,
> 
> Phil

I haven't used a sub-CA yet, but the attached certificate profiles have worked 
well for me using OpenVPN.  -A

-- 
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
F9B6 560E 68EA 037D 8C3D  D1C9 FF31 3BDB D9D8 99B6
-------------- next part --------------
auth.instance_id=raCertAuth
classId=caEnrollImpl
desc=This certificate profile is for enrolling OpenVPN client certificates with IPA-RA agent authentication.
enable=true
enableBy=ipara
input.i1.class_id=certReqInputImpl
input.i2.class_id=submitterInfoInputImpl
input.list=i1,i2
name=IPA-RA Agent-Authenticated OpenVPN Client Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=serverCertSet
policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.serverCertSet.1.constraint.name=Subject Name Constraint
policyset.serverCertSet.1.constraint.params.accept=true
policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl
policyset.serverCertSet.1.default.name=Subject Name Default
policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM 
policyset.serverCertSet.10.constraint.class_id=noConstraintImpl
policyset.serverCertSet.10.constraint.name=No Constraint
policyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl
policyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default
policyset.serverCertSet.10.default.params.critical=false
policyset.serverCertSet.11.constraint.class_id=noConstraintImpl
policyset.serverCertSet.11.constraint.name=No Constraint
policyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl
policyset.serverCertSet.11.default.name=User Supplied Extension Default
policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
policyset.serverCertSet.2.constraint.name=Validity Constraint
policyset.serverCertSet.2.constraint.params.notAfterCheck=false
policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
policyset.serverCertSet.2.constraint.params.range=740
policyset.serverCertSet.2.default.class_id=validityDefaultImpl
policyset.serverCertSet.2.default.name=Validity Default
policyset.serverCertSet.2.default.params.range=731
policyset.serverCertSet.2.default.params.startTime=0
policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
policyset.serverCertSet.3.constraint.name=Key Constraint
policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.serverCertSet.3.constraint.params.keyType=RSA
policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
policyset.serverCertSet.3.default.name=Key Default
policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
policyset.serverCertSet.4.constraint.name=No Constraint
policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.serverCertSet.4.default.name=Authority Key Identifier Default
policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
policyset.serverCertSet.5.constraint.name=No Constraint
policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.serverCertSet.5.default.name=AIA Extension Default
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true
policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false
policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false
policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.serverCertSet.6.default.name=Key Usage Default
policyset.serverCertSet.6.default.params.keyUsageCritical=true
policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true
policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false
policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false
policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
policyset.serverCertSet.7.constraint.name=No Constraint
policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
policyset.serverCertSet.7.default.params.exKeyUsageCritical=true
policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
policyset.serverCertSet.8.constraint.name=No Constraint
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
policyset.serverCertSet.8.default.name=Signing Alg
policyset.serverCertSet.8.default.params.signingAlg=-
policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.9.default.params.crlDistPointsNum=1
policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin
policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
policyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11
visible=false
-------------- next part --------------
auth.instance_id=raCertAuth
classId=caEnrollImpl
desc=This certificate profile is for enrolling OpenVPN server certificates with IPA-RA agent authentication.
enable=true
enableBy=ipara
input.i1.class_id=certReqInputImpl
input.i2.class_id=submitterInfoInputImpl
input.list=i1,i2
name=IPA-RA Agent-Authenticated OpenVPN Server Certificate Enrollment
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=serverCertSet
policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.serverCertSet.1.constraint.name=Subject Name Constraint
policyset.serverCertSet.1.constraint.params.accept=true
policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl
policyset.serverCertSet.1.default.name=Subject Name Default
policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=EXAMPLE.COM 
policyset.serverCertSet.10.constraint.class_id=noConstraintImpl
policyset.serverCertSet.10.constraint.name=No Constraint
policyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl
policyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default
policyset.serverCertSet.10.default.params.critical=false
policyset.serverCertSet.11.constraint.class_id=noConstraintImpl
policyset.serverCertSet.11.constraint.name=No Constraint
policyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl
policyset.serverCertSet.11.default.name=User Supplied Extension Default
policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
policyset.serverCertSet.2.constraint.name=Validity Constraint
policyset.serverCertSet.2.constraint.params.notAfterCheck=false
policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
policyset.serverCertSet.2.constraint.params.range=740
policyset.serverCertSet.2.default.class_id=validityDefaultImpl
policyset.serverCertSet.2.default.name=Validity Default
policyset.serverCertSet.2.default.params.range=731
policyset.serverCertSet.2.default.params.startTime=0
policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
policyset.serverCertSet.3.constraint.name=Key Constraint
policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.serverCertSet.3.constraint.params.keyType=RSA
policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
policyset.serverCertSet.3.default.name=Key Default
policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
policyset.serverCertSet.4.constraint.name=No Constraint
policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.serverCertSet.4.default.name=Authority Key Identifier Default
policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
policyset.serverCertSet.5.constraint.name=No Constraint
policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.serverCertSet.5.default.name=AIA Extension Default
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.example.com/ca/ocsp
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=true
policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=false
policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false
policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.serverCertSet.6.default.name=Key Usage Default
policyset.serverCertSet.6.default.params.keyUsageCritical=true
policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=true
policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=false
policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false
policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
policyset.serverCertSet.7.constraint.name=No Constraint
policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
policyset.serverCertSet.7.default.params.exKeyUsageCritical=true
policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1
policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
policyset.serverCertSet.8.constraint.name=No Constraint
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
policyset.serverCertSet.8.default.name=Signing Alg
policyset.serverCertSet.8.default.params.signingAlg=-
policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.9.default.params.crlDistPointsNum=1
policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.example.com/ipa/crl/MasterCRL.bin
policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
policyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11
visible=false
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170118/fc09c238/attachment.sig>

From piolet.y at gmail.com  Thu Jan 19 00:27:57 2017
From: piolet.y at gmail.com (Youenn PIOLET)
Date: Thu, 19 Jan 2017 01:27:57 +0100
Subject: [Freeipa-users] FreeIPA as Samba Backend, Existing Users Fail
In-Reply-To: <86DB5B2B-D937-41C3-83CF-402EC7165A1C@advancedopen.com>
References: <1DECE016-66F0-4C82-8793-9E91317614E2@advancedopen.com>
	<20170113133719.GD11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<86DB5B2B-D937-41C3-83CF-402EC7165A1C@advancedopen.com>
Message-ID: <CAF7cxueOcEuh8kJZiXGt6ZmyLyqcimYUGSY=R0ud9u=jpSV3MQ@mail.gmail.com>

Hi,

ipa-adtrust-install populates the ipaNTHash in LDAP for each user/group,
but you still need a samba backend to read these new attributes.
Do you use ipasam.so ?
If you don't, you should recompile your version of FreeIPA, move ipasam.so
to your password backend directory containing other .so files, and put this
in your smb.conf :

passdb backend = ldapsam:ldap//ipaserver


Procedure / best practices may have change now, if anyone from redhat is
around to confirm...
I just can tell it's working with any Centos 7 and FreeIPA > 4.1.4 server.

--
Youenn Piolet
piolet.y at gmail.com


2017-01-13 19:33 GMT+01:00 Armaan Esfahani <armaan.esfahani at advancedopen.com
>:

> Upon running the ldapmodify command, I receive an ?ldap_bind: No such
> object (32)? error, any suggesions?
>
>
>
> On 1/13/17, 8:37 AM, "Sumit Bose" <freeipa-users-bounces at redhat.com on
> behalf of sbose at redhat.com> wrote:
>
>
>
>     On Wed, Jan 11, 2017 at 04:00:57PM -0500, Armaan Esfahani wrote:
>
>     > Hi, I have setup a Samba server to use FreeIPA as a password
> backend, however whenever I try to use existing users to login I get
> ?NT_STATUS_LOGON_FAILURE?.
>
>     >
>
>     > Looking at the sssd_nss log on my ipa server, I get the following
> error ?(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing
> SID.?  On all existing accounts, whereas all new accounts function properly
> (after resetting their passwords).
>
>     >
>
>     >
>
>     >
>
>     > Anyone have any ideas?
>
>
>
>     Maybe the sidgen task was run during ipa-adtrust-install, please see
>
>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterp
> rise_Linux/7/html/Windows_Integration_Guide/creating-
> trusts.html#create-trust-existing-idm
>
>     how to run it.
>
>
>
>     HTH
>
>
>
>     bye,
>
>     Sumit
>
>
>
>     >
>
>
>
>     > --
>
>     > Manage your subscription for the Freeipa-users mailing list:
>
>     > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>     > Go to http://freeipa.org for more info on the project
>
>
>
>     --
>
>     Manage your subscription for the Freeipa-users mailing list:
>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>     Go to http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/500d3224/attachment.htm>

From mbasti at redhat.com  Thu Jan 19 08:54:52 2017
From: mbasti at redhat.com (Martin Basti)
Date: Thu, 19 Jan 2017 09:54:52 +0100
Subject: [Freeipa-users] Lookups Failing With AD Forwarder (and DNSSEC)
In-Reply-To: <1456367495.2483.1484769167751.JavaMail.zimbra@tresgeek.net>
References: <1875491957.2678.1483569638544.JavaMail.zimbra@tresgeek.net>
	<98eb6aab-1412-e63c-8251-6fce8d737b77@redhat.com>
	<1456367495.2483.1484769167751.JavaMail.zimbra@tresgeek.net>
Message-ID: <97b9ba5b-0bdd-39a7-1254-ce80de60dbb4@redhat.com>



On 18.01.2017 20:52, Jason B. Nance wrote:
>>> I have a pair of FreeIPA 4.4.0 servers setup whose forwarders are each set to an
>>> Active Directory domain controller.  When a client attempts to lookup any DNS
>>> record other than those to which FreeIPA is authoritative the client reports
>>> NXDOMAIN and the FreeIPA server has the following in its logs:
>>>
>>> (first lookup)
>>> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no
>>> valid RRSIG) resolving 'zone/DS/IN': 10.48.8.18#53
>>> Jan 04 16:05:21 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error (no
>>> valid DS) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN': 10.48.8.18#53
>>>
>>> (subsequent lookups)
>>> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: validating
>>> @0x7f7a40983ea0: sl1mmgpwtdc0001.tkc.gen.zone A: bad cache hit (zone/DS)
>>> Jan 04 16:10:57 sl1mmgplidm0001.ipa.tkc.gen.zone named-pkcs11[1632]: error
>>> (broken trust chain) resolving 'sl1mmgpwtdc0001.tkc.gen.zone/A/IN':
>>> 10.48.8.18#53
>>>
>>> In my case, ipa.tkc.gen.zone is served by FreeIPA and tkc.gen.zone is served by
>>> AD (as is gen.zone).  10.48.8.18 is an AD domain controller for tkc.gen.zone
>>> (and the forwarder the FreeIPA servers are pointed at).
>>>
>>> I've tried "rndc flush" and "rndc flushname ." on the FreeIPA boxes.  We've
>>> tried both NSEC3 and NSEC.
>>>
>>> Anyone have guidance as to what may be going on?
>>>
>>> Thanks,
>>>
>>> j
>>>
>> you use non-existent TLD domain or TLD domain doesn't have DS record of
>> your zone, so this is expected behavior for DNSSEC considered as attack.
>> You have to disable DNSSEC validation on all IPA DNS servers in
>> /etc/named.conf in first case or fix incorrect/missing DS record in
>> second case.
>>
>> The 'zone.' is registered TLD, so if you own it you have probably
>> missing DS record in path, thus broken trust chain.
>> If you don't own the TLD, you shouldn't use it at all.
> Hi Martin,
>
> Thank you for the reply, and sorry for the delay in response.  My employer owns the "gen.zone" domain.  It is used internally only, and served by an Active Directory domain controller.
>
> It appears, though, that our registrar does not support DNSSEC for .zone domains even though the .zone TLD in general does support DNSSEC.
>
> :-\
>
> j
>
>
>
>

Ok if you own the zone the it is ok, from logs I see it has actually 
issues with "zone." itself. It may mean that the forwarders you are 
using are not DNSSEC compatible, can you try dig +dnssec @forwarder-ip 
zone. DS if answer contains RRSIG records?

Martin



From sjuhasz at chemaxon.com  Thu Jan 19 13:29:01 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Thu, 19 Jan 2017 14:29:01 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
	<1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
Message-ID: <251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>

One more issue. Service user cannot see the new attribute. It does see the objectclass. 

ldif: 
dn: cn=schema 
changetype: modify 
add: objectclasses 
objectclasses: ( 1.3.6.1.4.1.49232.1.1 
NAME 'groupMail' 
SUP top 
STRUCTURAL 
MAY ( mail $ displayname ) 
X-ORIGIN 'Extending FreeIPA' ) 

Service user: 
uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 

Regular user: 
uid=admin,cn=users,cn=accounts,dc=test,dc=tld 

They both see objectclass=groupmail, but uid=googlesync does not birng back 
mail and displyaname, while using ldapsearch. 


S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
To: "Petr Vobornik" <pvoborni at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, January 11, 2017 3:26:41 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

It is fixed. The location was fine. We had to do some digging there. 
The group module works different than the user and is giving 
var section = get_item(facet.sections, 'name', 'details'); 
instead of 
var section = get_item(facet.sections, 'name', 'identity'); 
as the user would do. 

Yup figured that index generation is auto. 

So all check, all happy in the end. 
Thx. 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Petr Vobornik" <pvoborni at redhat.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com>, "Ludwig Krispenz" <lkrispen at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Wednesday, January 11, 2017 3:04:09 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On 01/11/2017 01:58 PM, Sandor Juhasz wrote: 
> Ok, 
> 
> OID - check 
> ldapmodify - check 
> python scripts - check 
> These works on both ipa 3.x and ipa 4.x. 
> So the basic functionality is there for the new object class. 
> 
> js - i am stuck with, i have created the js files for the plugin, see below. 
> 
> But i don't know how to generate the the index. Also i might be completely wrong. 
> 
> On ipa 3.x the js files are there, most probably the groups.js would exist as i 
> expect it. 
> But on the other hand on the ipa 4.x there is nothing but freeipa/core.js is there. 

You don't need to generate plugin index, it is generated automatically. 

Just: 
mkdir /usr/share/ipa/ui/js/plugins/myplugin 
cp myplugin.js /usr/share/ipa/ui/js/plugins/myplugin 

It should be automatically picked up by Web UI. 

It will work only in RHEL 7/CentOS 7(FreeIPA 3.3+). Not RHEL 6(sort of 
3.0/3.1/3.2) 

On RHEL 6, there is /usr/share/ipa/ui/ext/extension.js which can contain 
custom content to extend UI, but writing a plugin for it is much more 
complicated so I'd rather avoid it. 

> 
> Here is the plugin, i am trying to use: 
> define([ 
> 'freeipa/phases', 
> 'freeipa/group'], 
> function(phases, group_mod) { 
> // helper function 
> function get_item(array, attr, value) { 
> for (var i=0,l=array.length; i<l; i++) { 
> if (array[i][attr] === value) return array[i]; 
> } 
> return null; 
> } 
> var groupmail_plugin = {}; 
> // adds 'mail' field into group details facet 
> groupmail_plugin.add_group_mail_pre_op = function() { 
> var facet = get_item(group_mod.entity_spec.facets, '$type', 'details'); 
> var section = get_item(facet.sections, 'name', 'identity'); 
> section.fields.push({ 
> name: 'mail', 
> label: 'Mail' 
> }); 
> return true; 
> }; 
> phases.on('customization', groupmail_plugin.add_group_mail_pre_op); 
> return groupmail_plugin; 
> }); 
> 
> 
> *S?ndor Juh?sz* 
> System Administrator 
> *ChemAxon**Ltd*. 
> Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
> Cell: +36704258964 
> 
> -------------------------------------------------------------------------------- 
> *From: *"Brian Candler" <b.candler at pobox.com> 
> *To: *"Sandor Juhasz" <sjuhasz at chemaxon.com> 
> *Cc: *freeipa-users at redhat.com 
> *Sent: *Monday, January 2, 2017 6:41:02 PM 
> *Subject: *Re: [Freeipa-users] modify schema - add group email and display attribute 
> 
> On 02/01/2017 11:53, Sandor Juhasz wrote: 
> > I would be really happy if anybody could assign an OID for the new 
> > objectcalss 
> 
> You can get your own enterprise OID for free from here: 
> 
> http://pen.iana.org/pen/PenApplication.page 
> 
> Note that you only get one, so it's up to you to subdivide the space. 
> For example: if you get 1.3.6.1.4.1.99999, then you might decide to use: 
> 
> 1.3.6.1.4.1.99999.1 = LDAP object classes 
> 
> 1.3.6.1.4.1.99999.1.1 = myMailObjectClass 
> 
> 1.3.6.1.4.1.99999.1.2 = someOtherObjectClass 
> 
> 1.3.6.1.4.1.99999.2 = LDAP attributes 
> 
> 1.3.6.1.4.1.99999.2.1 = mySpecialAttribute 
> 
> then later you can assign under 1.3.6.1.4.1.99999.3 for something else 
> that needs OIDs (e.g. SNMP MIBs) and so on. 
> 
> 
> 


-- 
Petr Vobornik 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/da7a5191/attachment.htm>

From abokovoy at redhat.com  Thu Jan 19 14:22:34 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 19 Jan 2017 16:22:34 +0200
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<585A92DB.5080907@redhat.com>
	<1935325431.129080.1482334772814.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
	<1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
	<251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>
Message-ID: <20170119142234.skyc6342h5xb45as@redhat.com>

On to, 19 tammi 2017, Sandor Juhasz wrote:
>One more issue. Service user cannot see the new attribute. It does see the objectclass.
>
>ldif:
>dn: cn=schema
>changetype: modify
>add: objectclasses
>objectclasses: ( 1.3.6.1.4.1.49232.1.1
>NAME 'groupMail'
>SUP top
>STRUCTURAL
>MAY ( mail $ displayname )
>X-ORIGIN 'Extending FreeIPA' )
>
>Service user:
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld
>
>Regular user:
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld
admin is not a regular user.

>They both see objectclass=groupmail, but uid=googlesync does not birng back
>mail and displyaname, while using ldapsearch.
Do you have an ACI that allows to actually see the attribute?

-- 
/ Alexander Bokovoy



From sjuhasz at chemaxon.com  Thu Jan 19 14:31:58 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Thu, 19 Jan 2017 15:31:58 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <20170119142234.skyc6342h5xb45as@redhat.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<2041148526.26477.1483357992339.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
	<1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
	<251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>
	<20170119142234.skyc6342h5xb45as@redhat.com>
Message-ID: <969523567.67987.1484836318971.JavaMail.zimbra@chemaxon.com>

Most probably i don't. At least i have never created one, neither did this http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
refer anything like that. 

How do i do it? 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Alexander Bokovoy" <abokovoy at redhat.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
Cc: freeipa-users at redhat.com 
Sent: Thursday, January 19, 2017 3:22:34 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On to, 19 tammi 2017, Sandor Juhasz wrote: 
>One more issue. Service user cannot see the new attribute. It does see the objectclass. 
> 
>ldif: 
>dn: cn=schema 
>changetype: modify 
>add: objectclasses 
>objectclasses: ( 1.3.6.1.4.1.49232.1.1 
>NAME 'groupMail' 
>SUP top 
>STRUCTURAL 
>MAY ( mail $ displayname ) 
>X-ORIGIN 'Extending FreeIPA' ) 
> 
>Service user: 
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 
> 
>Regular user: 
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld 
admin is not a regular user. 

>They both see objectclass=groupmail, but uid=googlesync does not birng back 
>mail and displyaname, while using ldapsearch. 
Do you have an ACI that allows to actually see the attribute? 

-- 
/ Alexander Bokovoy 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/52c9bb4a/attachment.htm>

From sjuhasz at chemaxon.com  Thu Jan 19 15:10:54 2017
From: sjuhasz at chemaxon.com (Sandor Juhasz)
Date: Thu, 19 Jan 2017 16:10:54 +0100 (CET)
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <969523567.67987.1484836318971.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
	<1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
	<251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>
	<20170119142234.skyc6342h5xb45as@redhat.com>
	<969523567.67987.1484836318971.JavaMail.zimbra@chemaxon.com>
Message-ID: <745663009.72910.1484838654620.JavaMail.zimbra@chemaxon.com>

I think 
ipa permission-mod "System: Read Groups" --includedattrs=mail --includedattrs=displayname 
solved my issue. 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
To: "Alexander Bokovoy" <abokovoy at redhat.com> 
Cc: freeipa-users at redhat.com 
Sent: Thursday, January 19, 2017 3:31:58 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

Most probably i don't. At least i have never created one, neither did this http://www.freeipa.org/images/5/5b/FreeIPA33-extending-freeipa.pdf 
refer anything like that. 

How do i do it? 

S?ndor Juh?sz 
System Administrator 
ChemAxon Ltd . 
Building Hx, GraphiSoft Park, Z?hony utca 7, Budapest, Hungary, H-1031 
Cell: +36704258964 


From: "Alexander Bokovoy" <abokovoy at redhat.com> 
To: "Sandor Juhasz" <sjuhasz at chemaxon.com> 
Cc: freeipa-users at redhat.com 
Sent: Thursday, January 19, 2017 3:22:34 PM 
Subject: Re: [Freeipa-users] modify schema - add group email and display attribute 

On to, 19 tammi 2017, Sandor Juhasz wrote: 
>One more issue. Service user cannot see the new attribute. It does see the objectclass. 
> 
>ldif: 
>dn: cn=schema 
>changetype: modify 
>add: objectclasses 
>objectclasses: ( 1.3.6.1.4.1.49232.1.1 
>NAME 'groupMail' 
>SUP top 
>STRUCTURAL 
>MAY ( mail $ displayname ) 
>X-ORIGIN 'Extending FreeIPA' ) 
> 
>Service user: 
>uid=googlesync,cn=sysaccounts,cn=etc,dc=test,dc=tld 
> 
>Regular user: 
>uid=admin,cn=users,cn=accounts,dc=test,dc=tld 
admin is not a regular user. 

>They both see objectclass=groupmail, but uid=googlesync does not birng back 
>mail and displyaname, while using ldapsearch. 
Do you have an ACI that allows to actually see the attribute? 

-- 
/ Alexander Bokovoy 

-- 
Manage your subscription for the Freeipa-users mailing list: 
https://www.redhat.com/mailman/listinfo/freeipa-users 
Go to http://freeipa.org for more info on the project 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/3ff8cbbf/attachment.htm>

From abokovoy at redhat.com  Thu Jan 19 15:17:04 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 19 Jan 2017 17:17:04 +0200
Subject: [Freeipa-users] modify schema - add group email and display
 attribute
In-Reply-To: <745663009.72910.1484838654620.JavaMail.zimbra@chemaxon.com>
References: <795612095.18818.1482325628676.JavaMail.zimbra@chemaxon.com>
	<2c9db8bb-61dd-8d99-39f8-6278b2d2a845@pobox.com>
	<1370441540.46117.1484139499874.JavaMail.zimbra@chemaxon.com>
	<faec75fa-55c6-493b-ea33-13a7396b2b97@redhat.com>
	<1041080572.68297.1484144801589.JavaMail.zimbra@chemaxon.com>
	<251060584.58031.1484832541331.JavaMail.zimbra@chemaxon.com>
	<20170119142234.skyc6342h5xb45as@redhat.com>
	<969523567.67987.1484836318971.JavaMail.zimbra@chemaxon.com>
	<745663009.72910.1484838654620.JavaMail.zimbra@chemaxon.com>
Message-ID: <20170119151704.vlaccgqu742h6m4v@redhat.com>

On to, 19 tammi 2017, Sandor Juhasz wrote:
>I think
>ipa permission-mod "System: Read Groups" --includedattrs=mail --includedattrs=displayname
>solved my issue.
Yep, that's one solution.


-- 
/ Alexander Bokovoy



From harald.dunkel at aixigo.de  Thu Jan 19 15:23:15 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Thu, 19 Jan 2017 16:23:15 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <587F882D.30804@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
Message-ID: <b34c052c-a856-3ed6-6f85-e22b68c7ba20@aixigo.de>

Now I get this:

[root at ipa1 ~]# kinit admin
kinit: Generic error (see e-text) while getting initial credentials



From bret.wortman at damascusgrp.com  Thu Jan 19 15:27:46 2017
From: bret.wortman at damascusgrp.com (Bret Wortman)
Date: Thu, 19 Jan 2017 10:27:46 -0500
Subject: [Freeipa-users] Signing certs with longer lifetimes (FreeIPA CA)
Message-ID: <bc43c3f6-aff7-3c70-d869-c42adc4224f9@damascusgrp.com>

It seems all our certs being signed by the FreeIPA CA are given 2 year 
expirations. We'd like to increase that to 5 years. I've added "-v 60" 
to our certutil commands generating the CSRs, but the CA is still only 
issuing 24 month certs.

What do I need to change to issue certs with longer lifetimes? We really 
don't want to go around every 2 years and reissue certs...


-- 
*Bret Wortman*
Damascus Products
ph/fax: 1-855-644-2783
Wrap Buddies InDemand <wrapbuddies.co/store> at http://bwortman.us/2ieQN4t
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/89957a32/attachment.htm>

From huston at astro.princeton.edu  Thu Jan 19 15:49:31 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Thu, 19 Jan 2017 10:49:31 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
Message-ID: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>

I'm running a RHEL derivative (Springdale Linux) and discovered that
between 7.2 and 7.3 there were quite a few changes, one of which was
the version of FreeIPA installed.  Fortunately my server is still in
the testing phase, and I hadn't finished things for deployment yet.  I
discovered that plugins changed drastically some time in 4.4.x, and
seemed to have found how to modify the plugin I wrote to function
again:

   http://www.astro.princeton.edu/~huston/astrocustom/

The basics are that we add puppetvar and owner to hosts, and the
majority of changes are rebranding existing attributes to fit our
environment better for the AAs that will have access to add stage
users.  So far, that is all working fine - on the add stage user
pop-up, everything looks as expected, and on the mod stageuser page
everything works there as well.  However, I am trying to copy some of
these changes to the regular user page, and finding they're not
working at all; for example, the "manager" field works fine on the
adduser pop-up, but on the moduser page it is blank and errors for not
having a proper value set when trying to save changes.  Interestingly
the "employee type" (renamed "User tier") shows up fine, and it too
was basically a copy from the mod stageuser section so I'm not sure
why one works and one doesn't.

It also seems most of the documentation I'd found previously to talk
about writing plugins hasn't been updated for the new systems - I did
find the pages at https://github.com/abbra/freeipa-desktop-profile/
but I wasn't able to follow them well or figure out how/if they
applied to my case.

-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From bret.wortman at damascusgrp.com  Thu Jan 19 15:55:12 2017
From: bret.wortman at damascusgrp.com (Bret Wortman)
Date: Thu, 19 Jan 2017 10:55:12 -0500
Subject: [Freeipa-users] Signing certs with longer lifetimes (FreeIPA CA)
In-Reply-To: <79c62d4b7840053125ee8bb668d289ae@localhost>
References: <79c62d4b7840053125ee8bb668d289ae@localhost>
Message-ID: <cc0ec753-d60a-39f9-62a3-3b027aae0103@damascusgrp.com>

I'm generating CSRs like this:

    # certutil -R -d $DB -a -g 2048 -v 60 -s "CN=${HOST},O=DAMASCUSGRP.COM" -8 ${SHORTHOST},${HOST}

Then pasting this into the web interface of our IPA instance under 
"Actions->New Certificate" on the host's page. I then use Actions->View 
Certificate and see that it expires in 2019.

I want that cert to expire in 2022. What do I need to change to make 
that happen, and what's the right way to do it? I looked at some of the 
scripts & files under /etc/pki and see references to $DAYS that look to 
do what I want, but I don't want to do something that'll get clobbered 
at the next IPA upgrade.


Bret


On 01/19/2017 10:30 AM, Kimi Rachel wrote:
> Mail
>
> heyy Bret, how are you? lets talk details ..
>
>
> On Thu, Jan 19, 2017 at 9:30 PM, Bret Wortman 
> <bret.wortman at damascusgrp.com <mailto:bret.wortman at damascusgrp.com>> 
> wrote:
>
>     It seems all our certs being signed by the FreeIPA CA are given 2
>     year expirations. We'd like to increase that to 5 years. I've
>     added "-v 60" to our certutil commands generating the CSRs, but
>     the CA is still only issuing 24 month certs.
>
>     What do I need to change to issue certs with longer lifetimes? We
>     really don't want to go around every 2 years and reissue certs...
>
>
>     -- 
>     *Bret Wortman*
>     Damascus Products
>     ph/fax: 1-855-644-2783
>     Wrap Buddies InDemand <wrapbuddies.co/store> at
>     http://bwortman.us/2ieQN4t
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/ab133c5f/attachment.htm>

From abokovoy at redhat.com  Thu Jan 19 15:57:06 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 19 Jan 2017 17:57:06 +0200
Subject: [Freeipa-users] Signing certs with longer lifetimes (FreeIPA CA)
In-Reply-To: <bc43c3f6-aff7-3c70-d869-c42adc4224f9@damascusgrp.com>
References: <bc43c3f6-aff7-3c70-d869-c42adc4224f9@damascusgrp.com>
Message-ID: <20170119155706.vd5fkgsmqo23b37k@redhat.com>

On to, 19 tammi 2017, Bret Wortman wrote:
>It seems all our certs being signed by the FreeIPA CA are given 2 year 
>expirations. We'd like to increase that to 5 years. I've added "-v 60" 
>to our certutil commands generating the CSRs, but the CA is still only 
>issuing 24 month certs.
>
>What do I need to change to issue certs with longer lifetimes? We 
>really don't want to go around every 2 years and reissue certs...
You need to update your certificate profile.

Something like

ipa certprofile-show caIPAserviceCert --out=caIPAserviceCert.profile

edit file.profile and change the constraint and the default for
Validity:

policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
policyset.serverCertSet.2.constraint.name=Validity Constraint
policyset.serverCertSet.2.constraint.params.notAfterCheck=false
policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
policyset.serverCertSet.2.constraint.params.range=740
policyset.serverCertSet.2.default.class_id=validityDefaultImpl
policyset.serverCertSet.2.default.name=Validity Default
policyset.serverCertSet.2.default.params.range=731
policyset.serverCertSet.2.default.params.startTime=0

The value is in days and by default is 2*365+1 while constraint is
2*365+10 days.

After you changed them so that default is less than the constraint,
update the profile:

ipa certprofile-mod caIPAserviceCert --file=caIPAserviceCert.profile 


Now you can re-submit the request to get the certificate updated.

-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Thu Jan 19 16:16:35 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 19 Jan 2017 18:16:35 +0200
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
Message-ID: <20170119161635.56vlybbhvnfn44tc@redhat.com>

Steve,

On to, 19 tammi 2017, Steve Huston wrote:
>I'm running a RHEL derivative (Springdale Linux) and discovered that
>between 7.2 and 7.3 there were quite a few changes, one of which was
>the version of FreeIPA installed.  Fortunately my server is still in
>the testing phase, and I hadn't finished things for deployment yet.  I
>discovered that plugins changed drastically some time in 4.4.x, and
>seemed to have found how to modify the plugin I wrote to function
>again:
>
>   http://www.astro.princeton.edu/~huston/astrocustom/
>
>The basics are that we add puppetvar and owner to hosts, and the
>majority of changes are rebranding existing attributes to fit our
>environment better for the AAs that will have access to add stage
>users.  So far, that is all working fine - on the add stage user
>pop-up, everything looks as expected, and on the mod stageuser page
>everything works there as well.  However, I am trying to copy some of
>these changes to the regular user page, and finding they're not
>working at all; for example, the "manager" field works fine on the
>adduser pop-up, but on the moduser page it is blank and errors for not
>having a proper value set when trying to save changes.  Interestingly
>the "employee type" (renamed "User tier") shows up fine, and it too
>was basically a copy from the mod stageuser section so I'm not sure
>why one works and one doesn't.
>
>It also seems most of the documentation I'd found previously to talk
>about writing plugins hasn't been updated for the new systems - I did
>find the pages at https://github.com/abbra/freeipa-desktop-profile/
>but I wasn't able to follow them well or figure out how/if they
>applied to my case.

In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
side plugins into different paths (ipaserver/plugins and
ipaclient/plugins instead of being common in ipalib/plugins). The client
code was also changed to always read metadata about API from the server
side. This means the client can adopt to any server version that
supports API metadata.

In my sample external plugin you referenced above you can see that I
have client-side change that replaces an input string by a file
reference so that a file can supplied instead of typing the content of
the file on the command line. This is one of most used patterns for
client side plugins.

We haven't yet qualified FreeIPA Python API for plugins as supported
one. One of reasons is that we continue shaping it up and we still lack
proper documentation for them.

-- 
/ Alexander Bokovoy



From huston at astro.princeton.edu  Thu Jan 19 17:50:26 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Thu, 19 Jan 2017 12:50:26 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <20170119161635.56vlybbhvnfn44tc@redhat.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
Message-ID: <CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>

On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
> side plugins into different paths (ipaserver/plugins and
> ipaclient/plugins instead of being common in ipalib/plugins). The client
> code was also changed to always read metadata about API from the server
> side. This means the client can adopt to any server version that
> supports API metadata.

Right, and I think that the most of the plugin I had belongs
server-side; in fact, that's where I migrated it to, and things work
fine.  I haven't tested if I can change those values with the cli, but
I'm less concerned about that at the moment.

> In my sample external plugin you referenced above you can see that I
> have client-side change that replaces an input string by a file
> reference so that a file can supplied instead of typing the content of
> the file on the command line. This is one of most used patterns for
> client side plugins.

In this case, my biggest problem is with the web UI.  The 'manager'
drop down (which I have renamed through the UI plugins to "Requested
By" to show what user requested and is responsible for this account)
works fine in the 'add/modify stageuser' context, but not at all in
the adduser/moduser context, and I can't seem to find out why.

-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From abokovoy at redhat.com  Thu Jan 19 18:14:40 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Thu, 19 Jan 2017 20:14:40 +0200
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
Message-ID: <20170119181440.x77gboawdyjep7pp@redhat.com>

On to, 19 tammi 2017, Steve Huston wrote:
>On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
>> side plugins into different paths (ipaserver/plugins and
>> ipaclient/plugins instead of being common in ipalib/plugins). The client
>> code was also changed to always read metadata about API from the server
>> side. This means the client can adopt to any server version that
>> supports API metadata.
>
>Right, and I think that the most of the plugin I had belongs
>server-side; in fact, that's where I migrated it to, and things work
>fine.  I haven't tested if I can change those values with the cli, but
>I'm less concerned about that at the moment.
>
>> In my sample external plugin you referenced above you can see that I
>> have client-side change that replaces an input string by a file
>> reference so that a file can supplied instead of typing the content of
>> the file on the command line. This is one of most used patterns for
>> client side plugins.
>
>In this case, my biggest problem is with the web UI.  The 'manager'
>drop down (which I have renamed through the UI plugins to "Requested
>By" to show what user requested and is responsible for this account)
>works fine in the 'add/modify stageuser' context, but not at all in
>the adduser/moduser context, and I can't seem to find out why.
I'll defer answer for this to our web UI wizards but they would need to
see your code to help, I'd guess.

-- 
/ Alexander Bokovoy



From huston at astro.princeton.edu  Thu Jan 19 19:44:47 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Thu, 19 Jan 2017 14:44:47 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <20170119181440.x77gboawdyjep7pp@redhat.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
Message-ID: <CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>

Even more interesting...

I tried to modify one of the records that was not displaying properly
in the "active users" group, and sure enough the webui complained that
the "Requested By" (relabeled "manager") field was not filled in since
it was blank.  It also, however, complained that the "User tier"
(relabeled "employeetype") was incorrect, even though it showed the
label associated with the value 1.  I clicked the search drop-down for
manager, typed in my own uid, and even though everything had been
blank in the drop down before now my uid showed up.  I clicked on it,
and my uid was now in the manager field.  I then clicked the drop down
for employeetype, and chose one of the other options.  I was now able
to save the changes to the record.

Upon reloading the page, the "Employee Information" facet now shoed up
on the right side bottom, instead of the left side bottom where it was
appearing.  I was also now able to change the drop-down fields for
manager and employeetype to another value, and save them, and they
worked fine even filling in all the data that should have been there.
This almost seemed like the data being returned by the server was
flawed somehow, and confusing the webui, but once it was forced to
have the right data and re-saved it worked fine subsequently.

I looked at the output of "ipa user-show <uid> --all --raw" both
before and after making such changes on a user, and can detect no
difference between them.

On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> On to, 19 tammi 2017, Steve Huston wrote:
>>
>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com>
>> wrote:
>>>
>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
>>> side plugins into different paths (ipaserver/plugins and
>>> ipaclient/plugins instead of being common in ipalib/plugins). The client
>>> code was also changed to always read metadata about API from the server
>>> side. This means the client can adopt to any server version that
>>> supports API metadata.
>>
>>
>> Right, and I think that the most of the plugin I had belongs
>> server-side; in fact, that's where I migrated it to, and things work
>> fine.  I haven't tested if I can change those values with the cli, but
>> I'm less concerned about that at the moment.
>>
>>> In my sample external plugin you referenced above you can see that I
>>> have client-side change that replaces an input string by a file
>>> reference so that a file can supplied instead of typing the content of
>>> the file on the command line. This is one of most used patterns for
>>> client side plugins.
>>
>>
>> In this case, my biggest problem is with the web UI.  The 'manager'
>> drop down (which I have renamed through the UI plugins to "Requested
>> By" to show what user requested and is responsible for this account)
>> works fine in the 'add/modify stageuser' context, but not at all in
>> the adduser/moduser context, and I can't seem to find out why.
>
> I'll defer answer for this to our web UI wizards but they would need to
> see your code to help, I'd guess.
>
> --
> / Alexander Bokovoy



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From rharwood at redhat.com  Thu Jan 19 21:39:58 2017
From: rharwood at redhat.com (Robbie Harwood)
Date: Thu, 19 Jan 2017 16:39:58 -0500
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
	<jlg7f64kpnh.fsf@thriss.redhat.com>
	<CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>
Message-ID: <jlglgu63f0x.fsf@thriss.redhat.com>

Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:

>> Great, glad it's fixed!  Are these VMs?  If not, you may wish to
>> (re?)configure automatic syncing.
>
> yes these are AWS instances. How do I reconfigure auto syncing . Is
> there a documentation I can follow.

During install of the IPA server, it will set up an NTP server (unless
you ask it not to).  During enrollment of each IPA client, it will
configure NTP against that server (unless you ask it not to).  Disabling
it is the -N flag in both cases.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/c886488f/attachment.sig>

From dsullivan2 at bsd.uchicago.edu  Thu Jan 19 22:14:50 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Thu, 19 Jan 2017 22:14:50 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
Message-ID: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>

Hi,

I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.

We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.  

Here is some background information:

1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
  a) ldap_opt_timeout = 60
  b) ldap_search_timeout = 60
4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
6) I have made no additional performance tuning changes other than what has been described.

Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.

Thank you,

Dan Sullivan





From michael.rainey.ctr at nrlssc.navy.mil  Thu Jan 19 22:33:59 2017
From: michael.rainey.ctr at nrlssc.navy.mil (Michael Rainey (Contractor))
Date: Thu, 19 Jan 2017 16:33:59 -0600
Subject: [Freeipa-users] IPA Client will authenticate users
Message-ID: <ad82634e-8d1f-8143-1f8f-6f14edb84391@nrlssc.navy.mil>

Hello everyone,

I have come across a problem which you might find interesting. With all 
of the systems I have running, there is one system which refuses to 
authenticate any user who needs to login.  I have deleted and 
reinstalled the to the domain in the hopes it would resolve the 
problem.  I have copied pam files from working systems to the failing 
system to see if this action would fix the problem.  No such luck.

I've included the sssd_pam.log file starters.

Thanks in advance.
-- 
*Michael Rainey*
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [server_setup] (0x0400): CONFDB: 
/var/lib/sss/db/config.ldb
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [confdb_get_domain_internal] 
(0x0400): No enumeration for [domain.example.com]!
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [confdb_get_domain_internal] 
(0x1000): pwd_expiration_warning is -1
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_init_connection] (0x0400): 
Adding connection 0x7f297b4c37c0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_opath_hash_add_iface] 
(0x0400): Registering interface org.freedesktop.sssd.service with path 
/org/freedesktop/sssd/service
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_conn_register_path] 
(0x0400): Registering object path /org/freedesktop/sssd/service with 
D-Bus connection
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_opath_hash_add_iface] 
(0x0400): Registering interface org.freedesktop.DBus.Properties with 
path /org/freedesktop/sssd/service
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_opath_hash_add_iface] 
(0x0400): Registering interface org.freedesktop.DBus.Introspectable with 
path /org/freedesktop/sssd/service
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [monitor_common_send_id] 
(0x0100): Sending ID: (pam,1)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c4360
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_names_init_from_args] 
(0x0100): Using re 
[(((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))].
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_fqnames_init] (0x0100): 
Using fq format [%1$s@%2$s].
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_init_connection] (0x0400): 
Adding connection 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_add_watch] (0x2000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [rdp_message_send_internal] 
(0x0400): DP Request: /org/freedesktop/sssd/dataprovider 
org.freedesktop.sssd.DataProvider.Client.Register
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c7da0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sysdb_domain_init_internal] 
(0x0200): DB File for domain.example.com: 
/var/lib/sss/db/cache_domain.example.com.ldb
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sysdb_domain_init_internal] 
(0x0200): Timestamp file for domain.example.com: 
/var/lib/sss/db/timestamps_domain.example.com.ldb
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4ca6f0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4ca7b0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4ca6f0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4ca7b0 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4ca6f0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x0400): asq: Unable to 
register control with rootdse!
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4ca890

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4ca950

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4ca890 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4ca950 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4ca890 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4caaf0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cabb0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4caaf0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cabb0 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4caaf0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cac70

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cc0f0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cac70 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cc0f0 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cac70 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): no modules 
required by the db
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): No modules 
specified for this database
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cc0f0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cc1b0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cc0f0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cc1b0 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cc0f0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cc350

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cc410

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cc350 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cc410 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cc350 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_process_init] (0x0400): 
Responder Initialization complete
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [get_trusted_uids] (0x0400): All 
UIDs are allowed.
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'root' matched without domain, user is root
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): 
Adding [NCE/USER/domain.example.com/root at domain.example.com] to negative 
cache permanently
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'root' matched without domain, user is root
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): 
Adding [NCE/GROUP/domain.example.com/root at domain.example.com] to 
negative cache permanently
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [responder_set_fd_limit] 
(0x0100): Maximum file descriptors set to [8192]
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for [0x7f29796044f0:domains at domain.example.com]
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_dp_get_domains_msg] 
(0x0400): Sending get domains request for [domain.example.com][]
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4ca780
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request [0x7f29796044f0:domains at domain.example.com]
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c37c0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c37c0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3030 (15), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c4ec0/0x7f297b4c3670 (15), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c4360
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c37c0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [id_callback] (0x0100): Got id 
ack and version (1) from Monitor
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c63c0 (16), R/- (enabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_toggle_watch] (0x4000): 
0x7f297b4c7590/0x7f297b4c6370 (16), -/W (disabled)
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c7da0
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [rdp_process_pending_call] 
(0x0400): DP Success
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [rdp_register_client_done] 
(0x0400): Client is registered with DP
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4ca780
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d14c0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d1580

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d14c0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d1580 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d14c0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d14c0

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d1580

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d14c0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d1580 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d14c0 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4c5020

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4c5830

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4c5020 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4c5830 "ltdb_timeout"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4c5020 "ltdb_callback"

(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'root' matched without domain, user is root
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): 
Adding [NCE/USER/domain.example.com/root at domain.example.com] to negative 
cache permanently
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'root' matched without domain, user is root
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_ncache_set_str] (0x0400): 
Adding [NCE/GROUP/domain.example.com/root at domain.example.com] to 
negative cache permanently
(Wed Jan 18 15:31:30 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: [0x7f29796044f0:domains at domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [get_client_cred] (0x4000): 
Client creds: euid[0] egid[0] pid[4047].
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [get_client_cred] (0x0020): 
SELINUX_getpeercon failed [-1][Unknown error -1].
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [accept_fd_handler] (0x0400): 
Client connected to privileged pipe!
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Received client version [3].
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Offered version [3].
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100): 
entering pam_cmd_preauth
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c7710
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c7710
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d6950

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d6a10

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d6950 "ltdb_callback"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d6a10 "ltdb_timeout"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d6950 "ltdb_callback"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4ca5b0

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d77b0

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4ca5b0 "ltdb_callback"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d77b0 "ltdb_timeout"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4ca5b0 "ltdb_callback"

(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[my_username] added to PAM initgroup cache
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.example.com]
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 49
(Wed Jan 18 15:32:23 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:28 2017) [sssd[pam]] [pam_initgr_cache_remove] 
(0x2000): [my_username] removed from PAM initgroup cache
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): 
entering pam_cmd_authenticate
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_AUTHENTICATE
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d8440

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d8500

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d8440 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d8500 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d8440 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d8060

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cc790

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d8060 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cc790 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d8060 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[my_username] added to PAM initgroup cache
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_AUTHENTICATE
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4cb230
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4cb230
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4ce3a0

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4da100

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4ce3a0 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4da100 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4ce3a0 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): start ldb 
transaction (nesting: 0)
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4e53d0

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4e5490

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4e53d0 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4e5490 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4e53d0 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): commit ldb 
transaction (nesting: 0)
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 90
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): 
entering pam_cmd_acct_mgmt
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_ACCT_MGMT
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x2000): User [my_username] found in PAM cache.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4c7a00

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d7b20

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4c7a00 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d7b20 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4c7a00 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d7b20

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d7660

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d7b20 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d7660 "ltdb_timeout"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d7b20 "ltdb_callback"

(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_ACCT_MGMT
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4047
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c5ab0
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [4 (System error)][domain.example.com]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [4]: System error.
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 41
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [client_recv] (0x0200): Client 
disconnected!
(Wed Jan 18 15:32:30 2017) [sssd[pam]] [client_close_fn] (0x2000): 
Terminated client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:35 2017) [sssd[pam]] [pam_initgr_cache_remove] 
(0x2000): [my_username] removed from PAM initgroup cache
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [get_client_cred] (0x4000): 
Client creds: euid[0] egid[0] pid[4096].
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [get_client_cred] (0x0020): 
SELINUX_getpeercon failed [-1][Unknown error -1].
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [accept_fd_handler] (0x0400): 
Client connected to privileged pipe!
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Received client version [3].
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Offered version [3].
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100): 
entering pam_cmd_preauth
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4d8240
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4d8240
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d7c50

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d7d10

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d7c50 "ltdb_callback"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d7d10 "ltdb_timeout"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d7c50 "ltdb_callback"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d6700

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d7660

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d6700 "ltdb_callback"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d7660 "ltdb_timeout"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d6700 "ltdb_callback"

(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[my_username] added to PAM initgroup cache
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4cca10
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4cca10
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.example.com]
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 49
(Wed Jan 18 15:32:49 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:54 2017) [sssd[pam]] [pam_initgr_cache_remove] 
(0x2000): [my_username] removed from PAM initgroup cache
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): 
entering pam_cmd_authenticate
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_AUTHENTICATE
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 1
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4d6da0
(Wed Jan 18 15:32:55 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4d6da0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cc990

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4c7860

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cc990 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4c7860 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cc990 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cbf00

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4cb3b0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cbf00 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4cb3b0 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cbf00 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[my_username] added to PAM initgroup cache
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_AUTHENTICATE
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 1
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4e4b80
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4e4b80
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4e5bf0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4dac00

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4e5bf0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4dac00 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4e5bf0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): start ldb 
transaction (nesting: 0)
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4d1eb0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4e5610

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4d1eb0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4e5610 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4d1eb0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): commit ldb 
transaction (nesting: 0)
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 90
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_cmd_acct_mgmt] (0x0100): 
entering pam_cmd_acct_mgmt
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_ACCT_MGMT
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x2000): User [my_username] found in PAM cache.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4cb3b0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d1eb0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4cb3b0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d1eb0 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4cb3b0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4ccba0

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4db030

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4ccba0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4db030 "ltdb_timeout"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4ccba0 "ltdb_callback"

(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_ACCT_MGMT
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 4096
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c9bf0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c9bf0
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [4 (System error)][domain.example.com]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [4]: System error.
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 41
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c0f60][21]
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [client_recv] (0x0200): Client 
disconnected!
(Wed Jan 18 15:32:56 2017) [sssd[pam]] [client_close_fn] (0x2000): 
Terminated client [0x7f297b4c0f60][21]
(Wed Jan 18 15:33:01 2017) [sssd[pam]] [pam_initgr_cache_remove] 
(0x2000): [my_username] removed from PAM initgroup cache
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [get_client_cred] (0x4000): 
Client creds: euid[0] egid[0] pid[5545].
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [get_client_cred] (0x0020): 
SELINUX_getpeercon failed [-1][Unknown error -1].
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [accept_fd_handler] (0x0400): 
Client connected to privileged pipe!
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Received client version [3].
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): 
Offered version [3].
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_cmd_preauth] (0x0100): 
entering pam_cmd_preauth
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 5545
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4d6da0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4d6da0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4db170

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4d6870

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4db170 "ltdb_callback"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4d6870 "ltdb_timeout"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4db170 "ltdb_callback"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4db170

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4daee0

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4db170 "ltdb_callback"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4daee0 "ltdb_timeout"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4db170 "ltdb_callback"

(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_check_user_search] (0x0400): 
Returning info for user [my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pd_set_primary_name] (0x0400): 
User's primary name is my_username at domain.example.com
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_initgr_cache_set] (0x2000): 
[my_username] added to PAM initgroup cache
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_dp_send_req] (0x0100): 
Sending request with the following data:
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_PREAUTH
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: domain.example.com
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username at domain.example.com
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 5545
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4db5d0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_dom_forwarder] (0x0100): 
pam_dp_send_req returned 0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sss_dp_req_destructor] (0x0400): 
Deleting request: 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4db5d0
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_dp_process_reply] (0x0200): 
received: [0 (Success)][domain.example.com]
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_reply] (0x0200): pam_reply 
called with result [0]: Success.
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [pam_reply] (0x0200): blen: 49
(Wed Jan 18 15:49:07 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:12 2017) [sssd[pam]] [pam_initgr_cache_remove] 
(0x2000): [my_username] removed from PAM initgroup cache
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle 
timer re-set for client [0x7f297b4c9b50][21]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_cmd_authenticate] (0x0100): 
entering pam_cmd_authenticate
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_parse_name_for_domains] 
(0x0200): name 'my_username' matched without domain, user is my_username
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
command: SSS_PAM_AUTHENTICATE
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
domain: not set
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): user: 
my_username
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
service: sshd
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): tty: ssh
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): ruser: 
not set
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): rhost: 
relentless
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
authtok type: 1
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
newauthtok type: 0
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): priv: 1
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): 
cli_pid: 5545
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_print_data] (0x0100): logon 
name: my_username
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_ncache_check_str] (0x2000): 
Checking negative cache for 
[NCE/USER/domain.example.com/my_username at domain.example.com]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_initgr_check_timeout] 
(0x4000): User [my_username] not found in PAM cache.
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_dp_issue_request] (0x0400): 
Issuing request for 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_dp_get_account_msg] 
(0x0400): Creating request for 
[domain.example.com][0x3][BE_REQ_INITGROUPS][1][name=my_username at domain.example.com:-]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sbus_add_timeout] (0x2000): 
0x7f297b4c8070
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_dp_internal_get_send] 
(0x0400): Entering request 
[0x7f2979602c30:3:my_username at domain.example.com@domain.example.com]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sbus_remove_timeout] (0x2000): 
0x7f297b4c8070
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus 
conn: 0x7f297b4c6870
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sbus_dispatch] (0x4000): 
Dispatching.
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [sss_dp_get_reply] (0x1000): Got 
reply from Data Provider - DP error code: 0 errno: 0 error message: Success
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [pam_check_user_search] (0x0100): 
Requesting info for [my_username at domain.example.com]
(Wed Jan 18 15:49:15 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_callback": 0x7f297b4c9eb0

(Wed Jan 18 15:49:15 2017) [sssd[pam]] [ldb] (0x4000): Added timed event 
"ltdb_timeout": 0x7f297b4c9f70

(Wed Jan 18 15:49:15 2017) [sssd[pam]] [ldb] (0x4000): Running timer 
event 0x7f297b4c9eb0 "ltdb_callback"

(Wed Jan 18 15:49:15 2017) [sssd[pam]] [ldb] (0x4000): Destroying timer 
event 0x7f297b4c9f70 "ltdb_timeout"

(Wed Jan 18 15:49:15 2017) [sssd[pam]] [ldb] (0x4000): Ending timer 
event 0x7f297b4c9eb0 "ltdb_callback"

(Wed Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/4dd9cc50/attachment.htm>

From jeffclay at gmail.com  Fri Jan 20 05:23:40 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Thu, 19 Jan 2017 23:23:40 -0600
Subject: [Freeipa-users] manually apply patches from upstream
Message-ID: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>

I?m using Centos 7 and have installed 4.4.0-14, however I?m using Google Cloud and needing some updates that have already been made upstream at https://fedorahosted.org/freeipa/ticket/5814 <https://fedorahosted.org/freeipa/ticket/5814>  

I have downloaded the diffs from the 3 commits to the 4.4 branch. Searching my system for the proper directories, I found that many of the files (like replicainstall.py) can be found in a sub dir of of /usr/lib/python2.7/site-packages/ while other parts can be found in /usr/sbin/ 

I?m just wondering what is the best and proper way for me to apply those code changes?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170119/10418786/attachment.htm>

From abokovoy at redhat.com  Fri Jan 20 07:03:06 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Fri, 20 Jan 2017 09:03:06 +0200
Subject: [Freeipa-users] manually apply patches from upstream
In-Reply-To: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
References: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
Message-ID: <20170120070306.xry3uusjti4ua2z5@redhat.com>

On to, 19 tammi 2017, Jeff Clay wrote:
>I?m using Centos 7 and have installed 4.4.0-14, however I?m using
>Google Cloud and needing some updates that have already been made
>upstream at https://fedorahosted.org/freeipa/ticket/5814
><https://fedorahosted.org/freeipa/ticket/5814>
>
>I have downloaded the diffs from the 3 commits to the 4.4 branch.
>Searching my system for the proper directories, I found that many of
>the files (like replicainstall.py) can be found in a sub dir of of
>/usr/lib/python2.7/site-packages/ while other parts can be found in
>/usr/sbin/
>
>I?m just wondering what is the best and proper way for me to apply
>those code changes?
A proper way would be by adding these patches to the source package and
rebuilding the rpms. The sources for CentOS builds can be found at
https://git.centos.org/summary/?r=rpms/ipa git repository (c7 branch for
CentOS 7).

-- 
/ Alexander Bokovoy



From dkupka at redhat.com  Fri Jan 20 07:06:07 2017
From: dkupka at redhat.com (David Kupka)
Date: Fri, 20 Jan 2017 08:06:07 +0100
Subject: [Freeipa-users] manually apply patches from upstream
In-Reply-To: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
References: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
Message-ID: <7b9794db-6d64-e33c-11e9-ae5e1986242d@redhat.com>

On 20/01/17 06:23, Jeff Clay wrote:
> I?m using Centos 7 and have installed 4.4.0-14, however I?m using Google Cloud and needing some updates that have already been made upstream at https://fedorahosted.org/freeipa/ticket/5814 <https://fedorahosted.org/freeipa/ticket/5814>
>
> I have downloaded the diffs from the 3 commits to the 4.4 branch. Searching my system for the proper directories, I found that many of the files (like replicainstall.py) can be found in a sub dir of of /usr/lib/python2.7/site-packages/ while other parts can be found in /usr/sbin/
>
> I?m just wondering what is the best and proper way for me to apply those code changes?
>
> Thanks.
>
>
>
Hello Jeff,
modifying package-installed "binaries" or "libraries" on production 
system is really bad idea. You may easily end up with system broken in 
numerous ways.
Proper way is to get CentOS downstream git clone [1] add the desired 
patches and build your own package.

[1] https://git.centos.org/commit/rpms!ipa.git

-- 
David Kupka



From sbose at redhat.com  Fri Jan 20 07:39:55 2017
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 20 Jan 2017 08:39:55 +0100
Subject: [Freeipa-users] IPA Client will authenticate users
In-Reply-To: <ad82634e-8d1f-8143-1f8f-6f14edb84391@nrlssc.navy.mil>
References: <ad82634e-8d1f-8143-1f8f-6f14edb84391@nrlssc.navy.mil>
Message-ID: <20170120073955.GC21016@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Thu, Jan 19, 2017 at 04:33:59PM -0600, Michael Rainey (Contractor) wrote:
> Hello everyone,
> 
> I have come across a problem which you might find interesting. With all of
> the systems I have running, there is one system which refuses to
> authenticate any user who needs to login.  I have deleted and reinstalled
> the to the domain in the hopes it would resolve the problem.  I have copied
> pam files from working systems to the failing system to see if this action
> would fix the problem.  No such luck.
> 
> I've included the sssd_pam.log file starters.

Looks like authentication is ok but access control denies access. You
should check the domain log for reasons why access is denied.

HTH

bye,
Sumit

> 
> Thanks in advance.
> -- 



From jeffclay at gmail.com  Fri Jan 20 08:17:09 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Fri, 20 Jan 2017 02:17:09 -0600
Subject: [Freeipa-users] manually apply patches from upstream
In-Reply-To: <7b9794db-6d64-e33c-11e9-ae5e1986242d@redhat.com>
References: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
	<7b9794db-6d64-e33c-11e9-ae5e1986242d@redhat.com>
Message-ID: <665A9553-2140-4EAC-9CE9-C1785874F9F6@gmail.com>

I found this information here http://www.freeipa.org/page/Build <http://www.freeipa.org/page/Build> on building, which makes sense enough? I setup that environment on my Centos box, tracked down all the dependancies to satisfy yum-builddep freeipa-builddep.spec. However, when I checkout the 4.4.3 branch, there isn?t a makerpms.sh file so that really through me off. When trying to run the makerpms.sh on the master branch, it kept erroring at:

checking for POPT... no
configure: error: Package requirements (popt) were not met:

No package 'popt' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables POPT_CFLAGS
and POPT_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

I have the following installed:

Installed Packages
popt.x86_64                                                                                                           1.13-16.el7                                                                                                    @anaconda
popt-devel.x86_64                                                                                                     1.13-16.el7                                                                                                    @base    
popt-static.x86_64                                                                                                    1.13-16.el7 

and verified its location

/usr/include/popt.h
/usr/lib/rpm/rpmpopt-4.11.3
/usr/lib64/libpopt.so
/usr/lib64/libpopt.so.0
/usr/lib64/libpopt.so.0.0.0

All of the above was done prior to seeing the last reply giving the location of the Centos IPA repo. I?m not the most familiar with git stuff, but all i could find in that repo were .patch files. I couldn?t locate any actual files other than a readme.

Thanks for the help.


> On Jan 20, 2017, at 1:06 AM, David Kupka <dkupka at redhat.com> wrote:
> 
> On 20/01/17 06:23, Jeff Clay wrote:
>> I?m using Centos 7 and have installed 4.4.0-14, however I?m using Google Cloud and needing some updates that have already been made upstream at https://fedorahosted.org/freeipa/ticket/5814 <https://fedorahosted.org/freeipa/ticket/5814>
>> 
>> I have downloaded the diffs from the 3 commits to the 4.4 branch. Searching my system for the proper directories, I found that many of the files (like replicainstall.py) can be found in a sub dir of of /usr/lib/python2.7/site-packages/ while other parts can be found in /usr/sbin/
>> 
>> I?m just wondering what is the best and proper way for me to apply those code changes?
>> 
>> Thanks.
>> 
>> 
>> 
> Hello Jeff,
> modifying package-installed "binaries" or "libraries" on production system is really bad idea. You may easily end up with system broken in numerous ways.
> Proper way is to get CentOS downstream git clone [1] add the desired patches and build your own package.
> 
> [1] https://git.centos.org/commit/rpms!ipa.git
> 
> -- 
> David Kupka

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170120/1312f47b/attachment.htm>

From abokovoy at redhat.com  Fri Jan 20 08:30:28 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Fri, 20 Jan 2017 10:30:28 +0200
Subject: [Freeipa-users] manually apply patches from upstream
In-Reply-To: <665A9553-2140-4EAC-9CE9-C1785874F9F6@gmail.com>
References: <FD5188D0-13F4-42DF-9712-0D9B137FD2BD@gmail.com>
	<7b9794db-6d64-e33c-11e9-ae5e1986242d@redhat.com>
	<665A9553-2140-4EAC-9CE9-C1785874F9F6@gmail.com>
Message-ID: <20170120083028.flzd3ximlmq4wktv@redhat.com>

On pe, 20 tammi 2017, Jeff Clay wrote:
>I found this information here http://www.freeipa.org/page/Build
><http://www.freeipa.org/page/Build> on building, which makes sense
>enough? I setup that environment on my Centos box, tracked down all the
>dependancies to satisfy yum-builddep freeipa-builddep.spec. However,
>when I checkout the 4.4.3 branch, there isn?t a makerpms.sh file so
>that really through me off. When trying to run the makerpms.sh on the
>master branch, it kept erroring at:
>
>checking for POPT... no
>configure: error: Package requirements (popt) were not met:
>
>No package 'popt' found
>
>Consider adjusting the PKG_CONFIG_PATH environment variable if you
>installed software in a non-standard prefix.
>
>Alternatively, you may set the environment variables POPT_CFLAGS
>and POPT_LIBS to avoid the need to call pkg-config.
>See the pkg-config man page for more details.
>
>I have the following installed:
>
>Installed Packages
>popt.x86_64                                                                                                           1.13-16.el7                                                                                                    @anaconda
>popt-devel.x86_64                                                                                                     1.13-16.el7                                                                                                    @base
>popt-static.x86_64                                                                                                    1.13-16.el7
>
>and verified its location
>
>/usr/include/popt.h
>/usr/lib/rpm/rpmpopt-4.11.3
>/usr/lib64/libpopt.so
>/usr/lib64/libpopt.so.0
>/usr/lib64/libpopt.so.0.0.0
>
>All of the above was done prior to seeing the last reply giving the
>location of the Centos IPA repo. I?m not the most familiar with git
>stuff, but all i could find in that repo were .patch files. I couldn?t
>locate any actual files other than a readme.
Read https://wiki.centos.org/Sources which describes how to work with
CentOS git repositories. There is an example workflow how to download
patches, spec, and sources, and then rebuild the packages.

-- 
/ Alexander Bokovoy



From harald.dunkel at aixigo.de  Fri Jan 20 10:43:33 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Fri, 20 Jan 2017 11:43:33 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <b34c052c-a856-3ed6-6f85-e22b68c7ba20@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<b34c052c-a856-3ed6-6f85-e22b68c7ba20@aixigo.de>
Message-ID: <fffaf386-9c87-9cb5-649b-8526014ef6c4@aixigo.de>

On 01/19/17 16:23, Harald Dunkel wrote:
> Now I get this:
> 
> [root at ipa1 ~]# kinit admin
> kinit: Generic error (see e-text) while getting initial credentials
> 
Fortunately this went away after a reboot of the servers.

Phew
Harri



From lkrispen at redhat.com  Fri Jan 20 10:51:07 2017
From: lkrispen at redhat.com (Ludwig Krispenz)
Date: Fri, 20 Jan 2017 11:51:07 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <fffaf386-9c87-9cb5-649b-8526014ef6c4@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<b34c052c-a856-3ed6-6f85-e22b68c7ba20@aixigo.de>
	<fffaf386-9c87-9cb5-649b-8526014ef6c4@aixigo.de>
Message-ID: <5881EB9B.2000308@redhat.com>

thanks for the info

Ludwig

On 01/20/2017 11:43 AM, Harald Dunkel wrote:
> On 01/19/17 16:23, Harald Dunkel wrote:
>> Now I get this:
>>
>> [root at ipa1 ~]# kinit admin
>> kinit: Generic error (see e-text) while getting initial credentials
>>
> Fortunately this went away after a reboot of the servers.
>
> Phew
> Harri
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander



From harald.dunkel at aixigo.de  Fri Jan 20 11:23:53 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Fri, 20 Jan 2017 12:23:53 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <587F882D.30804@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
Message-ID: <00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>

On 01/18/17 16:22, Ludwig Krispenz wrote:
> I think the procedure in the link about renaming is only needed if you want to keep both entries with a "normal" dn. But you want to get rid of the conflict entries.  Since you have to cleanup each of them individually I would suggest to start with one of them.
> 
> First get both the conflict entry and the normal entry and compare them:
> ldapsearch   -D "cn=directory manager" ..... -b "cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de" -s base
> ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" -s base
> 
> They should be identical.
> Next check if the conflict entry has child entries:
> ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" dn
> 
> If there are no entries below the conflict entry you can remove it:
> ldapmodify - D "cn=directory manager" ......
> dn: cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
> changetype: delete
> 

Of course they are not identical :-(. Worst case seems to be this
one:

% ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de" -s base
# extended LDIF
#
# LDAPv3
# base <cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# DNS Servers + 109be317-ccd911e6-a5b3d0c8-d8da17db, privileges, pbac, example.de
dn: cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
cn: DNS Servers
description: DNS Servers

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



% ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de" -s base
# extended LDIF
#
# LDAPv3
# base <cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# DNS Servers, privileges, pbac, example.de
dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
cn: DNS Servers
description: DNS Servers

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Looks like the wrong record has been marked as a duplicate. Can I just copy
the missing "memberOf" attributes to the good record, delete the bad record,
and all is fine?


Next ldapmodify returned these error messages:

	deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
	ldap_delete: Server is unwilling to perform (53)
	        additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.


	deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
	ldap_delete: Operations error (1)


I am highly concerned especially about the "Operations error". Sounds
like something internal.


Every helpful comment is highly appreciated.
Harri



From tbordaz at redhat.com  Fri Jan 20 13:17:25 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Fri, 20 Jan 2017 14:17:25 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
Message-ID: <58820DE5.9070303@redhat.com>



On 01/20/2017 12:23 PM, Harald Dunkel wrote:
> On 01/18/17 16:22, Ludwig Krispenz wrote:
>> I think the procedure in the link about renaming is only needed if you want to keep both entries with a "normal" dn. But you want to get rid of the conflict entries.  Since you have to cleanup each of them individually I would suggest to start with one of them.
>>
>> First get both the conflict entry and the normal entry and compare them:
>> ldapsearch   -D "cn=directory manager" ..... -b "cn=System: Manage Host Principals,cn=permissions,cn=pbac,dc=example,dc=de" -s base
>> ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" -s base
>>
>> They should be identical.
>> Next check if the conflict entry has child entries:
>> ldapsearch  -D "cn=directory manager"  ..... -b "cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de" dn
>>
>> If there are no entries below the conflict entry you can remove it:
>> ldapmodify - D "cn=directory manager" ......
>> dn: cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
>> changetype: delete
>>
> Of course they are not identical :-(. Worst case seems to be this
> one:
>
> % ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de" -s base
> # extended LDIF
> #
> # LDAPv3
> # base <cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # DNS Servers + 109be317-ccd911e6-a5b3d0c8-d8da17db, privileges, pbac, example.de
> dn: cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
> objectClass: top
> objectClass: groupofnames
> objectClass: nestedgroup
> cn: DNS Servers
> description: DNS Servers
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
>
> % ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de" -s base
> # extended LDIF
> #
> # LDAPv3
> # base <cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # DNS Servers, privileges, pbac, example.de
> dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> objectClass: top
> objectClass: groupofnames
> objectClass: nestedgroup
> cn: DNS Servers
> description: DNS Servers
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> Looks like the wrong record has been marked as a duplicate. Can I just copy
> the missing "memberOf" attributes to the good record, delete the bad record,
> and all is fine?

I agree that it is looking like the conflict entry is the most 
up-to-date one.
To try to repair, it would help if you can search groups

cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de

Hopefully the two last are identical, but the others may refer to  '
cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db' instead of the non conflict one.

We may try to fix groups (with conflict members).

thanks




>
>
> Next ldapmodify returned these error messages:
>
> 	deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
> 	ldap_delete: Server is unwilling to perform (53)
> 	        additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.
>
>
> 	deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
> 	ldap_delete: Operations error (1)
>
>
> I am highly concerned especially about the "Operations error". Sounds
> like something internal.
>
>
> Every helpful comment is highly appreciated.
> Harri
>



From bret.wortman at damascusgrp.com  Fri Jan 20 14:31:49 2017
From: bret.wortman at damascusgrp.com (Bret Wortman)
Date: Fri, 20 Jan 2017 09:31:49 -0500
Subject: [Freeipa-users] Best way to upgrade IPA servers from Fedora
Message-ID: <f1d3c7f4-c164-83a0-a151-7aba09b52131@damascusgrp.com>

Our IPA infrastructure is based entirely on servers running Fedora 21. 
We need (desperately) to upgrade these to C7 or RHEL. All are currently VMs.

Does it make sense to:

 1. Add a new host already running C7 to increase our total servers from
    3 to 4 (call it IPA4)
 2. Remove IPA1 and upgrade it to C7, install the IPA server packages
    and join it back into the collective
 3. Remove IPA2 and upgrade it like IPA1. Add it back.
 4. Somehow migrate the CA function to one of the C7 nodes from IPA3.
    Trash or repurpose this VM.

What's the right way to do this? If I've got it right here, what's the 
best way to move the CA function from the node it's on now to one of the 
freshly-upgraded hosts?

Thanks!


-- 
*Bret Wortman*
Damascus Products
ph/fax: 1-855-644-2783
Wrap Buddies InDemand <wrapbuddies.co/store> at http://bwortman.us/2ieQN4t
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170120/822b2020/attachment.htm>

From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 15:41:46 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 15:41:46 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
Message-ID: <50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>

Hi,

I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.

On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:

(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 155 timeout 60

Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:

[20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
[20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U

Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).

(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_dom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu offline
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_subdom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu as inactive
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::bsdad.uchicago.edu:name=userame at domain.uchicago.edu] from reply table
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 1

It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.

Dan


> On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
> 
> Hi,
> 
> I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.
> 
> We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.  
> 
> Here is some background information:
> 
> 1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
> 2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
> 3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
>  a) ldap_opt_timeout = 60
>  b) ldap_search_timeout = 60
> 4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
> 6) I have made no additional performance tuning changes other than what has been described.
> 
> Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.
> 
> Thank you,
> 
> Dan Sullivan
> 
> 




From sbose at redhat.com  Fri Jan 20 16:27:08 2017
From: sbose at redhat.com (Sumit Bose)
Date: Fri, 20 Jan 2017 17:27:08 +0100
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
Message-ID: <20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
> Hi,
> 
> I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.
> 
> On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:
> 
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
> 
> Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:
> 
> [20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
> [20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U
> 
> Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).

So it looks like ns-ldap send the response but it never reached SSSD in
time. Can you send what it happening in the SSSD logs between 08:42:34
and 08:43:34 (if you prefer you can send it to me directly). Maybe there
is an operation which blocks SSSD for too long so that it returns too
late to the main loop to process the response?

bye,
Sumit

> 
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_dom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu offline
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_subdom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu as inactive
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::bsdad.uchicago.edu:name=userame at domain.uchicago.edu] from reply table
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 1
> 
> It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.
> 
> Dan
> 
> 
> > On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
> > 
> > Hi,
> > 
> > I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.
> > 
> > We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.  
> > 
> > Here is some background information:
> > 
> > 1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
> > 2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
> > 3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
> >  a) ldap_opt_timeout = 60
> >  b) ldap_search_timeout = 60
> > 4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
> > 6) I have made no additional performance tuning changes other than what has been described.
> > 
> > Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.
> > 
> > Thank you,
> > 
> > Dan Sullivan
> > 
> > 
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project



From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 16:58:06 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 16:58:06 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <EA44B151-EDDD-438F-A1AF-48300B7EE6B6@bsd.uchicago.edu>

Sumit,

Thank you for taking the time to help me; I know you are very active on supporting this project and I am thankful that you are willing to help me analyze this data.  As per your request here is the log data from SSSD from the time window you specified.  I anonymized the data but used find/replace so AAA /BBB/CCC/domain is consistent.

I really appreciate your help.

Thank you,

Dan

(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x2000): Operation 153 finished
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:AAA))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 1/4
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group BBB
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 154
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 154 timeout 60
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x2000): Operation 154 finished
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 2/4
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group CCC
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sbus_dispatch] (0x4000): dbus conn: 0x7f5b5c3f8850
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=apache at domain]
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_attach_req] (0x0400): DP Request [Account #4293]: New request. Flags [0x0001].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_attach_req] (0x0400): Number of active DP request: 2
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=apache))].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=apache))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 156
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 156 timeout 60
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_dom_offline] (0x1000): Marking subdomain domain offline
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_subdom_offline] (0x1000): Marking subdomain domain as inactive
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::domain:name=user at domain] from reply table
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 1









> On Jan 20, 2017, at 10:27 AM, Sumit Bose <sbose at redhat.com> wrote:
> 
> On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
>> Hi,
>> 
>> I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.
>> 
>> On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:
>> 
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
>> 
>> Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:
>> 
>> [20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
>> [20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U
>> 
>> Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).
> 
> So it looks like ns-ldap send the response but it never reached SSSD in
> time. Can you send what it happening in the SSSD logs between 08:42:34
> and 08:43:34 (if you prefer you can send it to me directly). Maybe there
> is an operation which blocks SSSD for too long so that it returns too
> late to the main loop to process the response?
> 
> bye,
> Sumit
> 
>> 
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_dom_offline] (0x1000): Marking subdomain domain offline
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_subdom_offline] (0x1000): Marking subdomain domain as inactive
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::domain:name=userame at domain.uchicago.edu] from reply table
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 1
>> 
>> It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.
>> 
>> Dan
>> 
>> 
>>> On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
>>> 
>>> Hi,
>>> 
>>> I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.
>>> 
>>> We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.  
>>> 
>>> Here is some background information:
>>> 
>>> 1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
>>> 2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
>>> 3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
>>> a) ldap_opt_timeout = 60
>>> b) ldap_search_timeout = 60
>>> 4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
>>> 6) I have made no additional performance tuning changes other than what has been described.
>>> 
>>> Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.
>>> 
>>> Thank you,
>>> 
>>> Dan Sullivan
>>> 
>>> 
>> 
>> 
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 17:16:54 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 17:16:54 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>

Sorry I didn?t realize you might want all sssd logs? Working on it.

Dan

> On Jan 20, 2017, at 10:27 AM, Sumit Bose <sbose at redhat.com> wrote:
> 
> On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
>> Hi,
>> 
>> I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.
>> 
>> On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:
>> 
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
>> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
>> 
>> Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:
>> 
>> [20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
>> [20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U
>> 
>> Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).
> 
> So it looks like ns-ldap send the response but it never reached SSSD in
> time. Can you send what it happening in the SSSD logs between 08:42:34
> and 08:43:34 (if you prefer you can send it to me directly). Maybe there
> is an operation which blocks SSSD for too long so that it returns too
> late to the main loop to process the response?
> 
> bye,
> Sumit
> 
>> 
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_dom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu offline
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [be_mark_subdom_offline] (0x1000): Marking subdomain bsdad.uchicago.edu as inactive
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::bsdad.uchicago.edu:name=userame at domain.uchicago.edu] from reply table
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
>> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu]]] [dp_req_destructor] (0x0400): Number of active DP request: 1
>> 
>> It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.
>> 
>> Dan
>> 
>> 
>>> On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
>>> 
>>> Hi,
>>> 
>>> I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.
>>> 
>>> We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.  
>>> 
>>> Here is some background information:
>>> 
>>> 1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
>>> 2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
>>> 3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
>>> a) ldap_opt_timeout = 60
>>> b) ldap_search_timeout = 60
>>> 4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
>>> 6) I have made no additional performance tuning changes other than what has been described.
>>> 
>>> Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.
>>> 
>>> Thank you,
>>> 
>>> Dan Sullivan
>>> 
>>> 
>> 
>> 
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From harri at afaics.de  Fri Jan 20 17:14:35 2017
From: harri at afaics.de (Harald Dunkel)
Date: Fri, 20 Jan 2017 18:14:35 +0100
Subject: [Freeipa-users] sssd doesn't cache, as it seems
Message-ID: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>

Hi folks,

I see a pretty large number of ldap requests sent by our git
server, asking for the same account info again and again.
Sometimes it asks 20 times per second for the same user info,
for example.

Obviously caching doesn't work. I remember some note in the
installation guide suggesting to turn of nscd and that sssd
takes over this job, so I wonder wth? A recent EMail in this
forum suggested to set selinux_provider = none, but this
didn't help.

Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4.


sssd.conf is attached, of course. Every helpful comment is highly
appreciated.

Harri
-------------- next part --------------
[domain/example.de]
debug_level = 0x0370
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = tisde8i005.ac.example.de
chpass_provider = ipa
ipa_server = _srv_, ipa1.example.de
dns_discovery_domain = example.de
selinux_provider = none

[sssd]
debug_level = 0x0370
services = nss, sudo, pam, ssh
config_file_version = 2
domains = example.de

[nss]
debug_level = 0x0370
homedir_substring = /home

[pam]
debug_level = 0x0370

[sudo]

[autofs]

[ssh]
debug_level = 0x0370

[pac]

[ifp]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170120/d1ba3cc8/attachment.sig>

From simo at redhat.com  Fri Jan 20 17:42:52 2017
From: simo at redhat.com (Simo Sorce)
Date: Fri, 20 Jan 2017 12:42:52 -0500
Subject: [Freeipa-users] sssd doesn't cache, as it seems
In-Reply-To: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>
References: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>
Message-ID: <1484934172.9793.18.camel@redhat.com>

On Fri, 2017-01-20 at 18:14 +0100, Harald Dunkel wrote:
> Hi folks,
> 
> I see a pretty large number of ldap requests sent by our git
> server, asking for the same account info again and again.
> Sometimes it asks 20 times per second for the same user info,
> for example.
> 
> Obviously caching doesn't work.

Is your server being used for authentication ?
SSSD, by default, always refreshes user credentials on authentication,
but you can use the cached_auth_timeout setting to relax this
requirement in SSSD, and reduce the roundtrips for auth attempts.

HTH,
Simo.

>  I remember some note in the
> installation guide suggesting to turn of nscd and that sssd
> takes over this job, so I wonder wth? A recent EMail in this
> forum suggested to set selinux_provider = none, but this
> didn't help.
> 
> Ipa server is Centos 7.3, client is on Jessie with sssd 1.13.4.
> 
> 
> sssd.conf is attached, of course. Every helpful comment is highly
> appreciated.
> 
> Harri
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Simo Sorce * Red Hat, Inc * New York



From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 19:34:55 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 19:34:55 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
Message-ID: <34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>

Sumit,

As per your request here are the sssd logs between 08:42:34 and 08:43:34.  It looks like a SIGHUP was received in sssd.log.   I was a little surprised to see that SIGHUP, but I tested and I can actually reproduce it (I reproduced it twice).   The 8:42:32 log entry in sssd.log is the last entry in that log (the other log files for example the domain logs, have additional data past this point in time).  FWIW all of the 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu> in all the logs are the same user (the user that I am doing parallel lookups on).  I really appreciate your help with this.

Thank you,

Dan


krb5_child.log

(Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted.
(Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [k5c_send_data] (0x0200): Received error code 0
(Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [pack_response_packet] (0x2000): response packet size: [151]
(Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [k5c_send_data] (0x4000): Response sent.
(Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [main] (0x0400): krb5_child completed successfully
(Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [main] (0x0400): krb5_child started.
(Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [unpack_buffer] (0x1000): total buffer size: [66]
(Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [unpack_buffer] (0x0100): cmd [249] uid [339788572] gid [339788572] validate [true] enterprise principal [false] offline [false] UPN [user2 at ACTIVEDIRECTORY.UCHICAGO.EDU<mailto:user2 at ACTIVEDIRECTORY.UCHICAGO.EDU>]
(Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/cri-ksysipadcp2.cri.uchicago.edu at XXX.XXX.UCHICAGO.EDU<mailto:host/cri-ksysipadcp2.cri.uchicago.edu at XXX.XXX.UCHICAGO.EDU>]
(Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/cri-xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU<mailto:host/cri-xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU> in keytab.

ldap_child.log

(Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_ACTIVEDIRECTORY.UCHICAGO.EDU_Ml6iJF]
(Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [prepare_response] (0x0400): Building response for result [0]
(Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [pack_buffer] (0x2000): response size: 66
(Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [46] msg [FILE:/var/lib/sss/db/ccache_ACTIVEDIRECTORY.UCHICAGO.EDU]
(Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [main] (0x0400): ldap_child completed successfully
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [main] (0x0400): ldap_child started.
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [main] (0x2000): context initialized
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): total buffer size: 81
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): realm_str size: 20
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): got realm_str: XXX.XXX.UCHICAGO.EDU<http://xxx.xxx.uchicago.edu/>
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): princ_str size: 37
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): got princ_str: host/cri-ksysipadcp2.cri.uchicago.edu<http://cri-ksysipadcp2.cri.uchicago.edu/>
(Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): keytab_name size: 0

selinux_child.log

Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [seuser_needs_update] (0x2000): get_seuser: ret: 0 seuser: unconfined_u mls: s0-s0:c0.c1023
(Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [pack_buffer] (0x0400): result [0]
(Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [prepare_response] (0x4000): r->size: 4
(Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [main] (0x0400): selinux_child completed successfully
(Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x0400): selinux_child started.
(Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x2000): Running with effective IDs: [0][0].
(Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x2000): Running with real IDs [0][0].

sssd.log (last entry in file is from 08:42:32, other logs continue past this time)

(Fri Jan 20 08:42:32 2017) [sssd] [monitor_hup] (0x0020): Received SIGHUP.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdac1c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4d30
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4900
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb40c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb0260
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb32c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4100
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4330
(Fri Jan 20 08:42:32 2017) [sssd] [te_server_hup] (0x0020): Received SIGHUP. Rotating logfiles.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdac1c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdad8a0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4d30
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdaaff0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4900
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdb09f0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb40c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6700
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb0260
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb32c0
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4100
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4330
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda1a50
(Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.


(Fri Jan 20 08:42:32 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=user at activedirectory.uchicago.edu<mailto:name=user at activedirectory.uchicago.edu>:-]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd8c1b0
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:42:43 2017) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x7fccbddc2c40][24]
(Fri Jan 20 08:42:43 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd8c1b0
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 3, 5, (null)
Will try to return what we have in cache

sssd_ssh.log

(Fri Jan 20 08:39:46 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0x7f388a5f4e70
(Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
(Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 11:18:29 2017) [sssd[ssh]] [get_client_cred] (0x4000): Client creds: euid[99] egid[99] pid[25434].
(Fri Jan 20 11:18:29 2017) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f388a606fc0][20]
(Fri Jan 20 11:18:29 2017) [sssd[ssh]] [accept_fd_handler] (0x0400): Client connected!
(Fri Jan 20 11:18:29 2017) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f388a606fc0][20]

sssd_sudo.log


(Fri Jan 20 08:39:46 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x7fc840028e70
(Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
(Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 11:18:54 2017) [sssd[sudo]] [get_client_cred] (0x4000): Client creds: euid[0] egid[339788572] pid[25486].
(Fri Jan 20 11:18:54 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fc8400366a0][20]
(Fri Jan 20 11:18:54 2017) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
(Fri Jan 20 11:18:54 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fc8400366a0][20]


sssd_pam.log

(Fri Jan 20 08:39:46 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7fd2ab4f4e70
(Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
(Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 11:18:44 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[25432].
(Fri Jan 20 11:18:44 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fd2ab4fd180][21]
(Fri Jan 20 11:18:44 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe!
(Fri Jan 20 11:18:44 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fd2ab4fd180][21]
(Fri Jan 20 11:18:44 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].


sssd_pac.log

(Fri Jan 20 08:40:37 2017) [sssd[pac]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
(Fri Jan 20 08:40:37 2017) [sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [495].
(Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: 0x7f0351f38e70
(Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
(Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:46:28 2017) [sssd[pac]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
(Fri Jan 20 08:46:28 2017) [sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [495].

domain logs

(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x2000): Operation 153 finished
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:AAA))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 1/4
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group BBB
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 154
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 154 timeout 60
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x2000): Operation 154 finished
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 2/4
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group CCC
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_dispatch] (0x4000): dbus conn: 0x7f5b5c3f8850
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=apache at domain]
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_attach_req] (0x0400): DP Request [Account #4293]: New request. Flags [0x0001].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_attach_req] (0x0400): Number of active DP request: 2
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=apache))].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=apache))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 156
(Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 156 timeout 60
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_dom_offline] (0x1000): Marking subdomain domain offline
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_subdom_offline] (0x1000): Marking subdomain domain as inactive
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::domain:name=user at domain] from reply table
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): Number of active DP request: 1

sssd_nss.log

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fccbcc6a880:1:user at xxx.xxx.uchicago.edu<mailto:user at xxx.xxx.uchicago.edu>@xxx.xxx.uchicago.edu]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd92820][25]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd92820][25]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbdd92820][25]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user at activedirectory.uchicago.edu<mailto:NCE/USER/activedirectory.uchicago.edu/user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd88250

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd88250 "ltdb_callback"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd88250 "ltdb_callback"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd990f0

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc2330

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd990f0 "ltdb_callback"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc2330 "ltdb_timeout"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd990f0 "ltdb_callback"

(Fri Jan 20 08:42:32 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=user at activedirectory.uchicago.edu<mailto:name=user at activedirectory.uchicago.edu>:-]
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd8c1b0
(Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:42:43 2017) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x7fccbddc2c40][24]
(Fri Jan 20 08:42:43 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd8c1b0
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 3, 5, (null)
Will try to return what we have in cache
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is apache
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [apache] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/apache at activedirectory.uchicago.edu<mailto:NCE/USER/activedirectory.uchicago.edu/apache at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd88250

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd80550

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd88250 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd80550 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd88250 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=apache at activedirectory.uchicago.edu<mailto:name=apache at activedirectory.uchicago.edu>:-]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd97300
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbe15e7a0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd8f5f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbe15e7a0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd8f5f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbe15e7a0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd80650

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd92ee0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd80650 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd92ee0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd80650 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd92ee0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde1250

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd92ee0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde1250 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd92ee0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"

(Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
(Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
(Fri Jan 20 08:43:34 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x7fccbdd840b0
(Fri Jan 20 08:43:34 2017) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
(Fri Jan 20 08:44:28 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd97300
(Fri Jan 20 08:44:28 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
Error: 3, 5, (null)
Will try to return what we have in cache
(Fri Jan 20 08:44:28 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/xxx.xxx.uchicago.edu/@apache at activedirectory.uchicago.edu<http://xxx.xxx.uchicago.edu/@apache at activedirectory.uchicago.edu>]
(Fri Jan 20 08:44:28 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>]


On Jan 20, 2017, at 11:16 AM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu<mailto:dsullivan2 at bsd.uchicago.edu>> wrote:

Sorry I didn?t realize you might want all sssd logs? Working on it.

Dan

On Jan 20, 2017, at 10:27 AM, Sumit Bose <sbose at redhat.com<mailto:sbose at redhat.com>> wrote:

On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
Hi,

I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.

On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:

(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
(Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 155 timeout 60

Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:

[20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
[20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U

Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).

So it looks like ns-ldap send the response but it never reached SSSD in
time. Can you send what it happening in the SSSD logs between 08:42:34
and 08:43:34 (if you prefer you can send it to me directly). Maybe there
is an operation which blocks SSSD for too long so that it returns too
late to the main loop to process the response?

bye,
Sumit


(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_dom_offline] (0x1000): Marking subdomain activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/> offline
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_subdom_offline] (0x1000): Marking subdomain activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/> as inactive
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>:name=userame at domain.uchicago.edu<mailto:name=userame at domain.uchicago.edu>] from reply table
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
(Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): Number of active DP request: 1

It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.

Dan


On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu<mailto:dsullivan2 at bsd.uchicago.edu>> wrote:

Hi,

I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.

We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.

Here is some background information:

1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
a) ldap_opt_timeout = 60
b) ldap_search_timeout = 60
4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
6) I have made no additional performance tuning changes other than what has been described.

Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.

Thank you,

Dan Sullivan




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project




From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 20:18:20 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 20:18:20 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
Message-ID: <90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>

Sorry to clutter people's inboxes.  I found another piece of what I believe to be useful information.  When this occurs the following entry also appears in /var/log/messages.

Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.942448,  0] ipa_sam.c:4193(bind_callback_cleanup)
Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.943497,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   failed to bind to server ldapi://%2fvar%2frun%2fslapd-XXX-XXX-UCHICAGO-EDU.socket with dn="[Anonymous bind]" Error: Local error
Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   #011(unknown)
Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:55:16.970304,  0] ipa_sam.c:4193(bind_callback_cleanup)
Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
Jan 20 14:00:01 xxx.xxx.uchicago.edu systemd[1]: Created slice user-0.slice.

Dan

> On Jan 20, 2017, at 1:34 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
> 
> Sumit,
> 
> As per your request here are the sssd logs between 08:42:34 and 08:43:34.  It looks like a SIGHUP was received in sssd.log.   I was a little surprised to see that SIGHUP, but I tested and I can actually reproduce it (I reproduced it twice).   The 8:42:32 log entry in sssd.log is the last entry in that log (the other log files for example the domain logs, have additional data past this point in time).  FWIW all of the 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu> in all the logs are the same user (the user that I am doing parallel lookups on).  I really appreciate your help with this.
> 
> Thank you,
> 
> Dan
> 
> 
> krb5_child.log
> 
> (Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [safe_remove_old_ccache_file] (0x0400): New and old ccache file are the same, none will be deleted.
> (Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [k5c_send_data] (0x0200): Received error code 0
> (Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [pack_response_packet] (0x2000): response packet size: [151]
> (Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [k5c_send_data] (0x4000): Response sent.
> (Fri Jan 20 06:51:10 2017) [[sssd[krb5_child[11054]]]] [main] (0x0400): krb5_child completed successfully
> (Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [main] (0x0400): krb5_child started.
> (Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [unpack_buffer] (0x1000): total buffer size: [66]
> (Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [unpack_buffer] (0x0100): cmd [249] uid [339788572] gid [339788572] validate [true] enterprise principal [false] offline [false] UPN [user2 at ACTIVEDIRECTORY.UCHICAGO.EDU<mailto:user2 at ACTIVEDIRECTORY.UCHICAGO.EDU>]
> (Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU<mailto:host/xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU>]
> (Fri Jan 20 11:18:54 2017) [[sssd[krb5_child[25487]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/cri-xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU<mailto:host/cri-xxx.xxx.uchicago.edu at XXX.XXX.UCHICAGO.EDU> in keytab.
> 
> ldap_child.log
> 
> (Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [unlink_dbg] (0x2000): File already removed: [/var/lib/sss/db/ccache_ACTIVEDIRECTORY.UCHICAGO.EDU_Ml6iJF]
> (Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [prepare_response] (0x0400): Building response for result [0]
> (Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [pack_buffer] (0x2000): response size: 66
> (Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [pack_buffer] (0x1000): result [0] krberr [0] msgsize [46] msg [FILE:/var/lib/sss/db/ccache_ACTIVEDIRECTORY.UCHICAGO.EDU]
> (Fri Jan 20 08:40:37 2017) [[sssd[ldap_child[16889]]]] [main] (0x0400): ldap_child completed successfully
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [main] (0x0400): ldap_child started.
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [main] (0x2000): context initialized
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): total buffer size: 81
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): realm_str size: 20
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): got realm_str: XXX.XXX.UCHICAGO.EDU<http://xxx.xxx.uchicago.edu/>
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): princ_str size: 37
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): got princ_str: host/xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>
> (Fri Jan 20 08:47:57 2017) [[sssd[ldap_child[17278]]]] [unpack_buffer] (0x1000): keytab_name size: 0
> 
> selinux_child.log
> 
> Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [seuser_needs_update] (0x2000): get_seuser: ret: 0 seuser: unconfined_u mls: s0-s0:c0.c1023
> (Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [pack_buffer] (0x0400): result [0]
> (Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [prepare_response] (0x4000): r->size: 4
> (Fri Jan 20 06:51:11 2017) [[sssd[selinux_child[11055]]]] [main] (0x0400): selinux_child completed successfully
> (Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x0400): selinux_child started.
> (Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x2000): Running with effective IDs: [0][0].
> (Fri Jan 20 11:18:51 2017) [[sssd[selinux_child[25463]]]] [main] (0x2000): Running with real IDs [0][0].
> 
> sssd.log (last entry in file is from 08:42:32, other logs continue past this time)
> 
> (Fri Jan 20 08:42:32 2017) [sssd] [monitor_hup] (0x0020): Received SIGHUP.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdac1c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4d30
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4900
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb40c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb0260
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb32c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4100
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_add_timeout] (0x2000): 0x7f00cbdb4330
> (Fri Jan 20 08:42:32 2017) [sssd] [te_server_hup] (0x0020): Received SIGHUP. Rotating logfiles.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdac1c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdad8a0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4d30
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdaaff0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4900
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbdb09f0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb40c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6700
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb0260
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb32c0
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4100
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda6290
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_remove_timeout] (0x2000): 0x7f00cbdb4330
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): dbus conn: 0x7f00cbda1a50
> (Fri Jan 20 08:42:32 2017) [sssd] [sbus_dispatch] (0x4000): Dispatching.
> 
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=user at activedirectory.uchicago.edu<mailto:name=user at activedirectory.uchicago.edu>:-]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd8c1b0
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:42:43 2017) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:42:43 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd8c1b0
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
> Error: 3, 5, (null)
> Will try to return what we have in cache
> 
> sssd_ssh.log
> 
> (Fri Jan 20 08:39:46 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn: 0x7f388a5f4e70
> (Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
> (Fri Jan 20 08:42:32 2017) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 11:18:29 2017) [sssd[ssh]] [get_client_cred] (0x4000): Client creds: euid[99] egid[99] pid[25434].
> (Fri Jan 20 11:18:29 2017) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f388a606fc0][20]
> (Fri Jan 20 11:18:29 2017) [sssd[ssh]] [accept_fd_handler] (0x0400): Client connected!
> (Fri Jan 20 11:18:29 2017) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7f388a606fc0][20]
> 
> sssd_sudo.log
> 
> 
> (Fri Jan 20 08:39:46 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): dbus conn: 0x7fc840028e70
> (Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
> (Fri Jan 20 08:42:32 2017) [sssd[sudo]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 11:18:54 2017) [sssd[sudo]] [get_client_cred] (0x4000): Client creds: euid[0] egid[339788572] pid[25486].
> (Fri Jan 20 11:18:54 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fc8400366a0][20]
> (Fri Jan 20 11:18:54 2017) [sssd[sudo]] [accept_fd_handler] (0x0400): Client connected!
> (Fri Jan 20 11:18:54 2017) [sssd[sudo]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fc8400366a0][20]
> 
> 
> sssd_pam.log
> 
> (Fri Jan 20 08:39:46 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_dispatch] (0x4000): dbus conn: 0x7fd2ab4f4e70
> (Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
> (Fri Jan 20 08:42:32 2017) [sssd[pam]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 11:18:44 2017) [sssd[pam]] [get_client_cred] (0x4000): Client creds: euid[0] egid[0] pid[25432].
> (Fri Jan 20 11:18:44 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fd2ab4fd180][21]
> (Fri Jan 20 11:18:44 2017) [sssd[pam]] [accept_fd_handler] (0x0400): Client connected to privileged pipe!
> (Fri Jan 20 11:18:44 2017) [sssd[pam]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fd2ab4fd180][21]
> (Fri Jan 20 11:18:44 2017) [sssd[pam]] [sss_cmd_get_version] (0x0200): Received client version [3].
> 
> 
> sssd_pac.log
> 
> (Fri Jan 20 08:40:37 2017) [sssd[pac]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
> (Fri Jan 20 08:40:37 2017) [sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [495].
> (Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_dispatch] (0x4000): dbus conn: 0x7f0351f38e70
> (Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.service.rotateLogs on path /org/freedesktop/sssd/service
> (Fri Jan 20 08:42:32 2017) [sssd[pac]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 08:46:28 2017) [sssd[pac]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
> (Fri Jan 20 08:46:28 2017) [sssd[pac]] [accept_fd_handler] (0x0020): Access denied for uid [495].
> 
> domain logs
> 
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x2000): Operation 153 finished
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:AAA))].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 1/4
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group BBB
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 154
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 154 timeout 60
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x2000): Operation 154 finished
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x4000): No override found with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:BBB))].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Processing group 2/4
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_step] (0x1000): Fetching group CCC
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:CCC))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: sh[0x7f5b5c3eec20], connected[1], ops[0x7f5b5c3f7ed0], ldap[0x7f5b5c3df9a0]
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_process_result] (0x2000): Trace: end of ldap_result list
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_dispatch] (0x4000): dbus conn: 0x7f5b5c3f8850
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_message_handler] (0x2000): Received SBUS method org.freedesktop.sssd.dataprovider.getAccountInfo on path /org/freedesktop/sssd/dataprovider
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_get_account_info_handler] (0x0200): Got request for [0x1][BE_REQ_USER][1][name=apache at domain]
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_attach_req] (0x0400): DP Request [Account #4293]: New request. Flags [0x0001].
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_attach_req] (0x0400): Number of active DP request: 2
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_connect_step] (0x4000): reusing cached connection
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_connect_done] (0x4000): Searching for overrides in view [Default Trust View] with filter [(&(objectClass=ipaUserOverride)(uid=apache))].
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_print_server] (0x2000): Searching 10.50.178.21:389
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaUserOverride)(uid=apache))][cn=Default Trust View,cn=views,cn=accounts,dc=ipa,dc=cri,dc=uchicago,dc=edu].
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 156
> (Fri Jan 20 08:43:30 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 156 timeout 60
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_dom_offline] (0x1000): Marking subdomain domain offline
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_subdom_offline] (0x1000): Marking subdomain domain as inactive
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::domain:name=user at domain] from reply table
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): Number of active DP request: 1
> 
> sssd_nss.log
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0040): No results for getpwnam call
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fccbcc6a880:1:user at xxx.xxx.uchicago.edu<mailto:user at xxx.xxx.uchicago.edu>@xxx.xxx.uchicago.edu]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd92820][25]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd92820][25]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [client_recv] (0x0200): Client disconnected!
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbdd92820][25]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user at activedirectory.uchicago.edu<mailto:NCE/USER/activedirectory.uchicago.edu/user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd88250
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd88250 "ltdb_callback"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd88250 "ltdb_callback"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd990f0
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc2330
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd990f0 "ltdb_callback"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc2330 "ltdb_timeout"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd990f0 "ltdb_callback"
> 
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=user at activedirectory.uchicago.edu<mailto:name=user at activedirectory.uchicago.edu>:-]
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd8c1b0
> (Fri Jan 20 08:42:32 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:42:43 2017) [sssd[nss]] [idle_handler] (0x2000): Terminating idle client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:42:43 2017) [sssd[nss]] [client_close_fn] (0x2000): Terminated client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd8c1b0
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
> Error: 3, 5, (null)
> Will try to return what we have in cache
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x7fccbcc6a880:1:user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbdd99b80][23]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [17][SSS_NSS_GETPWNAM] with input [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is apache
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [apache] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/apache at activedirectory.uchicago.edu<mailto:NCE/USER/activedirectory.uchicago.edu/apache at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd88250
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd80550
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd88250 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd80550 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd88250 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_issue_request] (0x0400): Issuing request for [0x7fccbcc6a880:1:apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_get_account_msg] (0x0400): Creating request for [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>][0x1][BE_REQ_USER][1][name=apache at activedirectory.uchicago.edu<mailto:name=apache at activedirectory.uchicago.edu>:-]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sbus_add_timeout] (0x2000): 0x7fccbdd97300
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_dp_internal_get_send] (0x0400): Entering request [0x7fccbcc6a880:1:apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>@activedirectory.uchicago.edu]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_client_cred] (0x4000): Client creds: euid[495] egid[184] pid[6722].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [accept_fd_handler] (0x0400): Client connected!
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Received client version [1].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_cmd_get_version] (0x0200): Offered version [1].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbe15e7a0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd8f5f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbe15e7a0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd8f5f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbe15e7a0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd80650
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd92ee0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd80650 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd92ee0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd80650 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd92ee0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde1250
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd92ee0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde1250 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd92ee0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdd91da0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdde14f0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0400): Running command [277][SSS_NSS_GETORIGBYNAME] with input [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>].
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_parse_name_for_domains] (0x0200): name 'user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>' matched expression for domain 'activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>', user is user
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getbynam] (0x0100): Requesting info for [user] from [activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/activedirectory.uchicago.edu/user<http://activedirectory.uchicago.edu/user>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Requesting info for [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbdd91da0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbdde14f0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbdde14f0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbdd91da0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x7fccbddc25e0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x7fccbddc0cd0
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Running timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Destroying timer event 0x7fccbddc0cd0 "ltdb_timeout"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [ldb] (0x4000): Ending timer event 0x7fccbddc25e0 "ltdb_callback"
> 
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [get_dp_name_and_id] (0x0400): Not a LOCAL view, continuing with provided values.
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [check_cache] (0x0400): Cached entry is valid, returning..
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [nss_cmd_getsidby_search] (0x0400): Returning info for user/group [user at activedirectory.uchicago.edu<mailto:user at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:43:30 2017) [sssd[nss]] [reset_idle_timer] (0x4000): Idle timer re-set for client [0x7fccbddc2c40][24]
> (Fri Jan 20 08:43:34 2017) [sssd[nss]] [sbus_dispatch] (0x4000): dbus conn: 0x7fccbdd840b0
> (Fri Jan 20 08:43:34 2017) [sssd[nss]] [sbus_dispatch] (0x4000): Dispatching.
> (Fri Jan 20 08:44:28 2017) [sssd[nss]] [sbus_remove_timeout] (0x2000): 0x7fccbdd97300
> (Fri Jan 20 08:44:28 2017) [sssd[nss]] [nss_cmd_getby_dp_callback] (0x0040): Unable to get information from Data Provider
> Error: 3, 5, (null)
> Will try to return what we have in cache
> (Fri Jan 20 08:44:28 2017) [sssd[nss]] [sss_ncache_check_str] (0x2000): Checking negative cache for [NCE/USER/xxx.xxx.uchicago.edu/@apache at activedirectory.uchicago.edu<http://xxx.xxx.uchicago.edu/@apache at activedirectory.uchicago.edu>]
> (Fri Jan 20 08:44:28 2017) [sssd[nss]] [nss_cmd_getpwnam_search] (0x0100): Requesting info for [apache at activedirectory.uchicago.edu<mailto:apache at activedirectory.uchicago.edu>]
> 
> 
> On Jan 20, 2017, at 11:16 AM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu<mailto:dsullivan2 at bsd.uchicago.edu>> wrote:
> 
> Sorry I didn?t realize you might want all sssd logs? Working on it.
> 
> Dan
> 
> On Jan 20, 2017, at 10:27 AM, Sumit Bose <sbose at redhat.com<mailto:sbose at redhat.com>> wrote:
> 
> On Fri, Jan 20, 2017 at 03:41:46PM +0000, Sullivan, Daniel [CRI] wrote:
> Hi,
> 
> I have some more information on this issue.  I?m tracing it down through the slapd logs and  I am continuing to struggle; I was hoping that somebody could possibly help me provided this additional information.
> 
> On the domain logs (on the DC), I see an ldap_search_ext operation 155 with a timeout of 60:
> 
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))][cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu].
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_get_generic_ext_step] (0x2000): ldap_search_ext called, msgid = 155
> (Fri Jan 20 08:42:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_add] (0x2000): New operation 155 timeout 60
> 
> Then, on the slapd log for the server, I see the incoming request.  Based on the result, it looks like the request completes successfully within 1 second:
> 
> [20/Jan/2017:08:42:35.179890746 -0600] conn=1518 op=31 SRCH base="cn=Default Trust View,cn=views,cn=accounts,dc=xxx,dc=xxx,dc=uchicago,dc=edu" scope=2 filter="(&(objectClass=ipaOverrideAnchor)(ipaAnchorUUID=:SID:S-1-5-21-xxx))" attrs=ALL
> [20/Jan/2017:08:42:35.683485674 -0600] conn=1518 op=31 RESULT err=0 tag=101 nentries=0 etime=1 notes=U
> 
> Then, subsequently, the domain log (on the DC), I see the same operation 155 timeout (expectedly almost a minute later).
> 
> So it looks like ns-ldap send the response but it never reached SSSD in
> time. Can you send what it happening in the SSSD logs between 08:42:34
> and 08:43:34 (if you prefer you can send it to me directly). Maybe there
> is an operation which blocks SSSD for too long so that it returns too
> late to the main loop to process the response?
> 
> bye,
> Sumit
> 
> 
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_timeout] (0x1000): Issuing timeout for 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_op_destructor] (0x1000): Abandoning operation 155
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [generic_ext_search_handler] (0x0040): sdap_get_generic_ext_recv failed [110]: Connection timed out
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_get_ad_override_done] (0x0040): ipa_get_ad_override request failed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_initgr_get_overrides_override_done] (0x0040): IPA override lookup failed: 110
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_id_get_groups_overrides_done] (0x0040): IPA resolve user groups overrides failed [110].
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_dom_offline] (0x1000): Marking subdomain activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/> offline
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [be_mark_subdom_offline] (0x1000): Marking subdomain activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/> as inactive
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_srv_ad_acct_lookup_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [110]: Connection timed out.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_reply_std_set] (0x0080): DP Error is OK on failed request?
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_done] (0x0400): DP Request [Account #4292]: Request handler finished [0]: Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [_dp_req_recv] (0x0400): DP Request [Account #4292]: Receiving request data.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_list_success] (0x0400): DP Request [Account #4292]: Finished. Success.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_reply_std] (0x1000): DP Request [Account #4292]: Returning [Success]: 0,110,Success
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_table_value_destructor] (0x0400): Removing [0:1:0x0001:1:1::activedirectory.uchicago.edu<http://activedirectory.uchicago.edu/>:name=userame at domain.uchicago.edu<mailto:name=userame at domain.uchicago.edu>] from reply table
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): DP Request [Account #4292]: Request removed.
> (Fri Jan 20 08:43:34 2017) [sssd[be[xxx.xxx.uchicago.edu<http://xxx.xxx.uchicago.edu/>]]] [dp_req_destructor] (0x0400): Number of active DP request: 1
> 
> It seems like whatever problem I have is a communication issue between sssd on the domain controller, and ns-slapd.  I?m starting to venture down the road of doing trace/packet level debug logging on the LDAP server; this could be very time consuming and frustrating (I already have it enabled, I am starting to manipulate the log settings to yield potentially valuable data), I?m hoping that somebody might be able to provide some insight based on the information above; I can definitely lookup the user on both domain controllers & both IPA servers only use themselves for IPA servers.  Thank you so much for reading and for your help.
> 
> Dan
> 
> 
> On Jan 19, 2017, at 4:15 PM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu<mailto:dsullivan2 at bsd.uchicago.edu>> wrote:
> 
> Hi,
> 
> I?ve received incredibly good support from this mailing list previously; I am hoping that somebody can help me succeed in my ongoing efforts.  I have spent a few days on this at this point and I can?t seem to figure it out how to address this issue.  On my DCs I am seeing excessive ldap_search_ext and sdap_get_generic_ext_recv timeouts created solely by the invocation of the ?id? command on sssd clients.  This problem seems to present itself only when I parallelize lookups for an ?uncached? user (i.e. I have never performed an initial lookup).  Individual arbitrary one-off lookups for a single uncached user on a single system almost always work fine.  This leads me to believe this is a performance tuning issue.
> 
> We operate in an academic research computing unit (i.e. we have an HPC cluster), and I need the ability to lookup the same user in parallel (using the id command) across a relatively large number of systems, for example to spawn jobs that require large amounts of CPU cores and/or memory.  Right now I am doing about 50 parallel lookups for the same user to induce this problem.
> 
> Here is some background information:
> 
> 1) I have read Jakub's ?Anatomy of an SSSD Lookup? as well as ?Performance Tuning of SSSD for large IPA-AD deployments?, as well as implemented recommendations from the performance tuning doc, including moving the sssd cache to tmpfs.
> 2) We are on ipa-server 4.4.0-14.el7_3.4 using a trusted AD domain; all of our consumed users and groups are in the AD trusted domain.  We have two domain controllers; each is a RHEL 7.3 VM with 6 GB of memory.  Almost all (if not all) of our clients are running at least sssd 1.14, and are all RHEL 6/7.  Neither DC is swapping, and both have 2 CPUs.
> 3) I have tuned SSSD clients on the DCs and all clients to include these options (the problem persists):
> a) ldap_opt_timeout = 60
> b) ldap_search_timeout = 60
> 4) On both DCs, I can clear the SSSD cache, and lookup all 2000 or so users in my environment with 40 concurrent lookups occurring locally on each DC (using UNIX job control).  I can process all 2000 lookups in this manner without any failures (on either DC), and have ?pre-populated? the SSSD cache on both DC?s by doing this.
> 6) I have made no additional performance tuning changes other than what has been described.
> 
> Would anybody be able to advise on any potential tuning that would be required (presumably on the DCs), to facilitate 50 parallel lookups without experiencing sdap_get_generic_ext_recv or  ldap_search_ext  timeouts?  Should I be able to do this sort of thing with relative ease?  I was hoping this would be the sort of thing that would just work, but based on my relatively extensive testing it doesn?t.  Any advice anybody could provide would be greatly appreciated.
> 
> Thank you,
> 
> Dan Sullivan
> 
> 
> 
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
> 
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From lslebodn at redhat.com  Fri Jan 20 22:48:41 2017
From: lslebodn at redhat.com (Lukas Slebodnik)
Date: Fri, 20 Jan 2017 23:48:41 +0100
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
	<90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
Message-ID: <20170120224840.GA27094@10.4.128.1>

On (20/01/17 20:18), Sullivan, Daniel [CRI] wrote:
>Sorry to clutter people's inboxes.  I found another piece of what I believe to be useful information.  When this occurs the following entry also appears in /var/log/messages.
>
>Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.942448,  0] ipa_sam.c:4193(bind_callback_cleanup)
>Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
>Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.943497,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
>Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   failed to bind to server ldapi://%2fvar%2frun%2fslapd-XXX-XXX-UCHICAGO-EDU.socket with dn="[Anonymous bind]" Error: Local error
>Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   #011(unknown)
>Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:55:16.970304,  0] ipa_sam.c:4193(bind_callback_cleanup)
>Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
>Jan 20 14:00:01 xxx.xxx.uchicago.edu systemd[1]: Created slice user-0.slice.
>
May I ask why you have configure sssd and winbind on the same machine?
Do you have configured winbind also in /etc/nsswitch.conf?

LS



From dsullivan2 at bsd.uchicago.edu  Fri Jan 20 23:09:44 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Fri, 20 Jan 2017 23:09:44 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <20170120224840.GA27094@10.4.128.1>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
	<90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
	<20170120224840.GA27094@10.4.128.1>
Message-ID: <FE98D626-6BD2-4C15-9BFD-DF5AE3D1C97D@bsd.uchicago.edu>

Thank you for responding Lukas.  This is actually a domain controller that trusts an AD domain, as far as I know winbindd was never installed specifically to fulfill a purpose other than for IPA (the machine was deployed specifically for the purpose of being an IPA DC).  Hopefully this sounds reasonable and sane?

And, no, winbind is not configured in nsswitch.

Dan

> On Jan 20, 2017, at 4:48 PM, Lukas Slebodnik <lslebodn at redhat.com> wrote:
> 
> On (20/01/17 20:18), Sullivan, Daniel [CRI] wrote:
>> Sorry to clutter people's inboxes.  I found another piece of what I believe to be useful information.  When this occurs the following entry also appears in /var/log/messages.
>> 
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.942448,  0] ipa_sam.c:4193(bind_callback_cleanup)
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:54:33.943497,  0] ../source3/lib/smbldap.c:998(smbldap_connect_system)
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   failed to bind to server ldapi://%2fvar%2frun%2fslapd-XXX-XXX-UCHICAGO-EDU.socket with dn="[Anonymous bind]" Error: Local error
>> Jan 20 13:54:33 xxx.xxx.uchicago.edu winbindd[7090]:   #011(unknown)
>> Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]: [2017/01/20 13:55:16.970304,  0] ipa_sam.c:4193(bind_callback_cleanup)
>> Jan 20 13:55:16 xxx.xxx.uchicago.edu winbindd[7090]:   kerberos error: code=-1765328228, message=Cannot contact any KDC for realm ?XXX.XXX.UCHICAGO.EDU'
>> Jan 20 14:00:01 xxx.xxx.uchicago.edu systemd[1]: Created slice user-0.slice.
>> 
> May I ask why you have configure sssd and winbind on the same machine?
> Do you have configured winbind also in /etc/nsswitch.conf?
> 
> LS




From harald.dunkel at aixigo.de  Sat Jan 21 05:46:48 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Sat, 21 Jan 2017 06:46:48 +0100
Subject: [Freeipa-users] sssd doesn't cache, as it seems
In-Reply-To: <1484934172.9793.18.camel@redhat.com>
References: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>
	<1484934172.9793.18.camel@redhat.com>
Message-ID: <9fdee0c9-364b-cb01-936f-4284300ee3fc@aixigo.de>

On 01/20/17 18:42, Simo Sorce wrote:
> 
> Is your server being used for authentication ?
> SSSD, by default, always refreshes user credentials on authentication,
> but you can use the cached_auth_timeout setting to relax this
> requirement in SSSD, and reduce the roundtrips for auth attempts.
> 

I have set both pam_id_timeout and cached_auth_timeout to 30.
No change, still several requests per second for each user.

???
Harri

-------------- next part --------------
[domain/example.de]
debug_level = 0x0370
cache_credentials = True
cached_auth_timeout = 30
krb5_store_password_if_offline = True
ipa_domain = example.de
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = tisde8i005.ac.example.de
chpass_provider = ipa
ipa_server = _srv_, ipa1.example.de
dns_discovery_domain = example.de
selinux_provider = none

[sssd]
debug_level = 0x0370
services = nss, sudo, pam, ssh
config_file_version = 2
domains = example.de

[nss]
debug_level = 0x0370
homedir_substring = /home

[pam]
pam_id_timeout = 30
debug_level = 0x0370

[sudo]

[autofs]

[ssh]
debug_level = 0x0370

[pac]

[ifp]


From rakesh.rajasekharan at gmail.com  Sat Jan 21 11:55:12 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Sat, 21 Jan 2017 17:25:12 +0530
Subject: [Freeipa-users] Freeipa replica info to clents: guidance
Message-ID: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>

Hi,

My Freeipa setup is on AWS ec2 instances and has been working fine with
just one master for a while now.

I am now trying to setup replica servers which, I was able to and the
replication between both masters go fine.

So, I have a master serer ipa-master-mydomain.com and repilca
ipa-replica-mydomain.com

I am not using DNS and rely on AWS for DNS resolution instead.

My question is , how do I tell clients about the new replica server .

I tried an entry in the sssd.conf domain section of the clients


id_provider = ipa
auth_provider = ipa
ipa_server = _srv_, ipa-master-mydomain.com, repilca
ipa-replica-mydomain.com


This approach works fine and clients reach out to the replica as a
failover. However, wanted to verify if this is the correct way.

Also, can I define priority based on the order in which the IPA servers are
defined in
ipa_server = _srv_ ,<ipa1>,<ipa2>

If the above assumption is right, I could have half of my clients connect
to master always and rest to the replica that way balancing the load.


Thanks
Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170121/3811590a/attachment.htm>

From matrix.zj at qq.com  Sat Jan 21 12:40:03 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Sat, 21 Jan 2017 20:40:03 +0800
Subject: [Freeipa-users] Freeipa replica info to clents: guidance
In-Reply-To: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>
References: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>
Message-ID: <tencent_414784C569275A244B0F5ACE@qq.com>

For my understanding, there is something wrong with your configuration


>> ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com


Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env.


Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? 


>>Also, can I define priority based on the order in which the IPA servers are defined in 

>>ipa_server = _srv_ ,<ipa1>,<ipa2>


your understanding is correct. server priority is based on sequence in conf file. There is a problem for this configuration. Once 'ipa1' failed, all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was back, all clients will be sticky on 'ipa2'


So, I suggested to configure it in this way:
ipa_server = <ipa1>
ipa_backup_server = <ipa2>


For another half clients, 
ipa_server = <ipa2>

ipa_backup_server = <ipa1>


Matrix


------------------ Original ------------------
From:  "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
Date:  Sat, Jan 21, 2017 08:25 PM
To:  "freeipa-users"<freeipa-users at redhat.com>; 

Subject:  [Freeipa-users] Freeipa replica info to clents: guidance



Hi,


My Freeipa setup is on AWS ec2 instances and has been working fine with just one master for a while now.


I am now trying to setup replica servers which, I was able to and the replication between both masters go fine.


So, I have a master serer ipa-master-mydomain.com and repilca ipa-replica-mydomain.com



I am not using DNS and rely on AWS for DNS resolution instead.


My question is , how do I tell clients about the new replica server .


I tried an entry in the sssd.conf domain section of the clients


id_provider = ipa
auth_provider = ipa
ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com



This approach works fine and clients reach out to the replica as a failover. However, wanted to verify if this is the correct way.


Also, can I define priority based on the order in which the IPA servers are defined in 

ipa_server = _srv_ ,<ipa1>,<ipa2>


If the above assumption is right, I could have half of my clients connect to master always and rest to the replica that way balancing the load.



Thanks

Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170121/e965543e/attachment.htm>

From jhrozek at redhat.com  Sat Jan 21 12:49:19 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Sat, 21 Jan 2017 13:49:19 +0100
Subject: [Freeipa-users] sssd doesn't cache, as it seems
In-Reply-To: <9fdee0c9-364b-cb01-936f-4284300ee3fc@aixigo.de>
References: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>
	<1484934172.9793.18.camel@redhat.com>
	<9fdee0c9-364b-cb01-936f-4284300ee3fc@aixigo.de>
Message-ID: <A1764848-2C33-4D35-97CC-E4F8F900F787@redhat.com>


> On 21 Jan 2017, at 06:46, Harald Dunkel <harald.dunkel at aixigo.de> wrote:
> 
> On 01/20/17 18:42, Simo Sorce wrote:
>> 
>> Is your server being used for authentication ?
>> SSSD, by default, always refreshes user credentials on authentication,
>> but you can use the cached_auth_timeout setting to relax this
>> requirement in SSSD, and reduce the roundtrips for auth attempts.
>> 
> 
> I have set both pam_id_timeout and cached_auth_timeout to 30.
> No change, still several requests per second for each user.
> 
> ???
> Harri
> 

Can you check what kind of query do you see in the LDAP server log?

Do the server logs correlate with debug logs from the nss and domain sections of sssd?

Are you sure there is no other NSS module in nsswitch.conf other than files and sss?

> <sssd.conf>-- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From rakesh.rajasekharan at gmail.com  Sat Jan 21 13:39:15 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Sat, 21 Jan 2017 19:09:15 +0530
Subject: [Freeipa-users] Freeipa replica info to clents: guidance
In-Reply-To: <tencent_414784C569275A244B0F5ACE@qq.com>
References: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>
	<tencent_414784C569275A244B0F5ACE@qq.com>
Message-ID: <CANAMAkqu0K9nAZ3Z4WVSx-t4_Ce+n+4P7Zs74gk5OjuQjOJWnA@mail.gmail.com>

Thanks Matrix.. for the inputs..

> Firstly, '_srv_' means clients will find out which servers will be
connected with by dns srv records. In your explanation, DNS did not
configure in your env.

After running the ipa-client, the _srv_ was automatically added . The
configs options I passed for configuring the host as a IPA client is

ipa-client-install --domain=mydomain.com --server=
ipa-master-int.mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass
--mkhomedir --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N
-f -U


While configuring  IPA server , I did not pass the setup-dns options.( that
avoids setting up the dns server I assume )


ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P mypass
-a mypass --hostname=ipa-master-int.mydomain.com -N -U

So, I did not explicitly specify the _srv_ options. However, this has been
working fine till now.


> Secondly, 'replica' key words ? I can not find it from man pages of
sssd-ipa. is it really working fine?
sorry that was a typo from my side .
Its actually
ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com.

> So, I suggested to configure it in this way:
> ipa_server = <ipa1>
> ipa_backup_server = <ipa2>

> For another half clients,
> ipa_server = <ipa2>
> ipa_backup_server = <ipa1>

I will try this out.. probably I can safely leave out _srv_

Thanks
Rakesh

On Sat, Jan 21, 2017 at 6:10 PM, Matrix <matrix.zj at qq.com> wrote:

> For my understanding, there is something wrong with your configuration
>
> >> ipa_server = _srv_, ipa-master-mydomain.com, repilca
> ipa-replica-mydomain.com
>
> Firstly, '_srv_' means clients will find out which servers will be
> connected with by dns srv records. In your explanation, DNS did not
> configure in your env.
>
> Secondly, 'replica' key words ? I can not find it from man pages of
> sssd-ipa. is it really working fine?
>
> >>Also, can I define priority based on the order in which the IPA servers
> are defined in
> >>ipa_server = _srv_ ,<ipa1>,<ipa2>
>
> your understanding is correct. server priority is based on sequence in
> conf file. There is a problem for this configuration. Once 'ipa1' failed,
> all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was
> back, all clients will be sticky on 'ipa2'
>
> So, I suggested to configure it in this way:
> ipa_server = <ipa1>
> ipa_backup_server = <ipa2>
>
> For another half clients,
> ipa_server = <ipa2>
> ipa_backup_server = <ipa1>
>
> Matrix
>
> ------------------ Original ------------------
> *From: * "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
> *Date: * Sat, Jan 21, 2017 08:25 PM
> *To: * "freeipa-users"<freeipa-users at redhat.com>;
> *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance
>
> Hi,
>
> My Freeipa setup is on AWS ec2 instances and has been working fine with
> just one master for a while now.
>
> I am now trying to setup replica servers which, I was able to and the
> replication between both masters go fine.
>
> So, I have a master serer ipa-master-mydomain.com and repilca
> ipa-replica-mydomain.com
>
> I am not using DNS and rely on AWS for DNS resolution instead.
>
> My question is , how do I tell clients about the new replica server .
>
> I tried an entry in the sssd.conf domain section of the clients
>
>
> id_provider = ipa
> auth_provider = ipa
> ipa_server = _srv_, ipa-master-mydomain.com, repilca
> ipa-replica-mydomain.com
>
>
> This approach works fine and clients reach out to the replica as a
> failover. However, wanted to verify if this is the correct way.
>
> Also, can I define priority based on the order in which the IPA servers
> are defined in
> ipa_server = _srv_ ,<ipa1>,<ipa2>
>
> If the above assumption is right, I could have half of my clients connect
> to master always and rest to the replica that way balancing the load.
>
>
> Thanks
> Rakesh
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170121/60588710/attachment.htm>

From matrix.zj at qq.com  Sat Jan 21 13:47:37 2017
From: matrix.zj at qq.com (=?ISO-8859-1?B?TWF0cml4?=)
Date: Sat, 21 Jan 2017 21:47:37 +0800
Subject: [Freeipa-users] Freeipa replica info to clents: guidance
In-Reply-To: <CANAMAkqu0K9nAZ3Z4WVSx-t4_Ce+n+4P7Zs74gk5OjuQjOJWnA@mail.gmail.com>
References: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>
	<tencent_414784C569275A244B0F5ACE@qq.com>
	<CANAMAkqu0K9nAZ3Z4WVSx-t4_Ce+n+4P7Zs74gk5OjuQjOJWnA@mail.gmail.com>
Message-ID: <tencent_0982E3C73F4B3A0A4D20CCAC@qq.com>

Hi, Rakesh


Try 'ipa-client-install' with this option '--fixed-primary'. with it, '_srv_' will disappeared 


From man page:
       --fixed-primary
              Configure  SSSD  to use a fixed server as the primary IPA server. The default is to
              use DNS SRV records to determine the primary server to use and  fall  back  to  the
              server  the client is enrolled with. When used in conjunction with --server then no
              _srv_ value is set in the ipa_server option in sssd.conf.



Matrix
------------------ Original ------------------
From:  "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
Date:  Sat, Jan 21, 2017 10:09 PM
To:  "Matrix"<matrix.zj at qq.com>; 
Cc:  "freeipa-users"<freeipa-users at redhat.com>; 
Subject:  Re: [Freeipa-users] Freeipa replica info to clents: guidance



Thanks Matrix.. for the inputs..

> Firstly, '_srv_' means clients will find out which servers will be  connected with by dns srv records. In your explanation, DNS did not  configure in your env.


After running the ipa-client, the _srv_ was automatically added . The configs options I passed for configuring the host as a IPA client is

ipa-client-install --domain=mydomain.com --server=ipa-master-int.mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U



While configuring  IPA server , I did not pass the setup-dns options.( that avoids setting up the dns server I assume )


ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U


So, I did not explicitly specify the _srv_ options. However, this has been working fine till now.



> Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? 

sorry that was a typo from my side .

Its actually 
ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com.


> So, I suggested to configure it in this way:
> ipa_server = <ipa1>
> ipa_backup_server = <ipa2>


> For another half clients, 
> ipa_server = <ipa2>

> ipa_backup_server = <ipa1>


I will try this out.. probably I can safely leave out _srv_



Thanks

Rakesh




On Sat, Jan 21, 2017 at 6:10 PM, Matrix <matrix.zj at qq.com> wrote:
For my understanding, there is something wrong with your configuration


>> ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com


Firstly, '_srv_' means clients will find out which servers will be connected with by dns srv records. In your explanation, DNS did not configure in your env.


Secondly, 'replica' key words ? I can not find it from man pages of sssd-ipa. is it really working fine? 


>>Also, can I define priority based on the order in which the IPA servers are defined in 

>>ipa_server = _srv_ ,<ipa1>,<ipa2>


your understanding is correct. server priority is based on sequence in conf file. There is a problem for this configuration. Once 'ipa1' failed, all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was back, all clients will be sticky on 'ipa2'


So, I suggested to configure it in this way:
ipa_server = <ipa1>
ipa_backup_server = <ipa2>


For another half clients, 
ipa_server = <ipa2>

ipa_backup_server = <ipa1>


Matrix


------------------ Original ------------------
From:  "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
Date:  Sat, Jan 21, 2017 08:25 PM
To:  "freeipa-users"<freeipa-users at redhat.com>; 

Subject:  [Freeipa-users] Freeipa replica info to clents: guidance



Hi,


My Freeipa setup is on AWS ec2 instances and has been working fine with just one master for a while now.


I am now trying to setup replica servers which, I was able to and the replication between both masters go fine.


So, I have a master serer ipa-master-mydomain.com and repilca ipa-replica-mydomain.com



I am not using DNS and rely on AWS for DNS resolution instead.


My question is , how do I tell clients about the new replica server .


I tried an entry in the sssd.conf domain section of the clients


id_provider = ipa
auth_provider = ipa
ipa_server = _srv_, ipa-master-mydomain.com, repilca ipa-replica-mydomain.com



This approach works fine and clients reach out to the replica as a failover. However, wanted to verify if this is the correct way.


Also, can I define priority based on the order in which the IPA servers are defined in 

ipa_server = _srv_ ,<ipa1>,<ipa2>


If the above assumption is right, I could have half of my clients connect to master always and rest to the replica that way balancing the load.



Thanks

Rakesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170121/26cfbbc7/attachment.htm>

From rakesh.rajasekharan at gmail.com  Sat Jan 21 13:49:30 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Sat, 21 Jan 2017 19:19:30 +0530
Subject: [Freeipa-users] Freeipa replica info to clents: guidance
In-Reply-To: <tencent_0982E3C73F4B3A0A4D20CCAC@qq.com>
References: <CANAMAkr0fO=DNhPEgR49HOpETm9icvNzoOXhQRssex-3uPE_iQ@mail.gmail.com>
	<tencent_414784C569275A244B0F5ACE@qq.com>
	<CANAMAkqu0K9nAZ3Z4WVSx-t4_Ce+n+4P7Zs74gk5OjuQjOJWnA@mail.gmail.com>
	<tencent_0982E3C73F4B3A0A4D20CCAC@qq.com>
Message-ID: <CANAMAkrtrhUXCTd5uuW9_AQdkf3n6AgHCBWBvDqkarBcLvx0wA@mail.gmail.com>

thanks Matrix.. I will add this option to my config params

Regards,
Rakesh

On Sat, Jan 21, 2017 at 7:17 PM, Matrix <matrix.zj at qq.com> wrote:

> Hi, Rakesh
>
> Try 'ipa-client-install' with this option '--fixed-primary'. with it,
> '_srv_' will disappeared
>
> From man page:
>        --fixed-primary
>               Configure  SSSD  to use a fixed server as the primary IPA
> server. The default is to
>               use DNS SRV records to determine the primary server to use
> and  fall  back  to  the
>               server  the client is enrolled with. When used in
> conjunction with --server then no
>               _srv_ value is set in the ipa_server option in sssd.conf.
>
> Matrix
> ------------------ Original ------------------
> *From: * "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
> *Date: * Sat, Jan 21, 2017 10:09 PM
> *To: * "Matrix"<matrix.zj at qq.com>;
> *Cc: * "freeipa-users"<freeipa-users at redhat.com>;
> *Subject: * Re: [Freeipa-users] Freeipa replica info to clents: guidance
>
> Thanks Matrix.. for the inputs..
>
> > Firstly, '_srv_' means clients will find out which servers will be
> connected with by dns srv records. In your explanation, DNS did not
> configure in your env.
>
> After running the ipa-client, the _srv_ was automatically added . The
> configs options I passed for configuring the host as a IPA client is
>
> ipa-client-install --domain=mydomain.com --server=ipa-master-int.
> mydomain.com --realm=MYDOMAIN.COM -p admin --password=mypass --mkhomedir
> --hostname=first-client-int.mydomain.com --no-ssh --no-sshd -N -f -U
>
>
> While configuring  IPA server , I did not pass the setup-dns options.(
> that avoids setting up the dns server I assume )
>
>
> ipa-server-install -r 'MYDOMAIN.COM' -n 'mydomain.com' -p mypass -P
> mypass -a mypass --hostname=ipa-master-int.mydomain.com -N -U
>
> So, I did not explicitly specify the _srv_ options. However, this has been
> working fine till now.
>
>
> > Secondly, 'replica' key words ? I can not find it from man pages of
> sssd-ipa. is it really working fine?
> sorry that was a typo from my side .
> Its actually
> ipa_server = _srv_, ipa-master-mydomain.com, ipa-replica-mydomain.com.
>
> > So, I suggested to configure it in this way:
> > ipa_server = <ipa1>
> > ipa_backup_server = <ipa2>
>
> > For another half clients,
> > ipa_server = <ipa2>
> > ipa_backup_server = <ipa1>
>
> I will try this out.. probably I can safely leave out _srv_
>
> Thanks
> Rakesh
>
> On Sat, Jan 21, 2017 at 6:10 PM, Matrix <matrix.zj at qq.com> wrote:
>
>> For my understanding, there is something wrong with your configuration
>>
>> >> ipa_server = _srv_, ipa-master-mydomain.com, repilca
>> ipa-replica-mydomain.com
>>
>> Firstly, '_srv_' means clients will find out which servers will be
>> connected with by dns srv records. In your explanation, DNS did not
>> configure in your env.
>>
>> Secondly, 'replica' key words ? I can not find it from man pages of
>> sssd-ipa. is it really working fine?
>>
>> >>Also, can I define priority based on the order in which the IPA servers
>> are defined in
>> >>ipa_server = _srv_ ,<ipa1>,<ipa2>
>>
>> your understanding is correct. server priority is based on sequence in
>> conf file. There is a problem for this configuration. Once 'ipa1' failed,
>> all id lookup/authentication will be happened with 'ipa2'. Even 'ipa1' was
>> back, all clients will be sticky on 'ipa2'
>>
>> So, I suggested to configure it in this way:
>> ipa_server = <ipa1>
>> ipa_backup_server = <ipa2>
>>
>> For another half clients,
>> ipa_server = <ipa2>
>> ipa_backup_server = <ipa1>
>>
>> Matrix
>>
>> ------------------ Original ------------------
>> *From: * "Rakesh Rajasekharan";<rakesh.rajasekharan at gmail.com>;
>> *Date: * Sat, Jan 21, 2017 08:25 PM
>> *To: * "freeipa-users"<freeipa-users at redhat.com>;
>> *Subject: * [Freeipa-users] Freeipa replica info to clents: guidance
>>
>> Hi,
>>
>> My Freeipa setup is on AWS ec2 instances and has been working fine with
>> just one master for a while now.
>>
>> I am now trying to setup replica servers which, I was able to and the
>> replication between both masters go fine.
>>
>> So, I have a master serer ipa-master-mydomain.com and repilca
>> ipa-replica-mydomain.com
>>
>> I am not using DNS and rely on AWS for DNS resolution instead.
>>
>> My question is , how do I tell clients about the new replica server .
>>
>> I tried an entry in the sssd.conf domain section of the clients
>>
>>
>> id_provider = ipa
>> auth_provider = ipa
>> ipa_server = _srv_, ipa-master-mydomain.com, repilca
>> ipa-replica-mydomain.com
>>
>>
>> This approach works fine and clients reach out to the replica as a
>> failover. However, wanted to verify if this is the correct way.
>>
>> Also, can I define priority based on the order in which the IPA servers
>> are defined in
>> ipa_server = _srv_ ,<ipa1>,<ipa2>
>>
>> If the above assumption is right, I could have half of my clients connect
>> to master always and rest to the replica that way balancing the load.
>>
>>
>> Thanks
>> Rakesh
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170121/7182b1f6/attachment.htm>

From harri at afaics.de  Sat Jan 21 16:15:58 2017
From: harri at afaics.de (Harald Dunkel)
Date: Sat, 21 Jan 2017 17:15:58 +0100
Subject: [Freeipa-users] sssd doesn't cache, as it seems
In-Reply-To: <A1764848-2C33-4D35-97CC-E4F8F900F787@redhat.com>
References: <88222f4f-108a-b223-f962-d42273eb8592@afaics.de>
	<1484934172.9793.18.camel@redhat.com>
	<9fdee0c9-364b-cb01-936f-4284300ee3fc@aixigo.de>
	<A1764848-2C33-4D35-97CC-E4F8F900F787@redhat.com>
Message-ID: <c131fabe-d394-9ce2-1011-48e6c5e2a554@afaics.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Jakub,

On 01/21/17 13:49, Jakub Hrozek wrote:
> 
> Can you check what kind of query do you see in the LDAP server log?
> 

The git server does just a few queries per hour:

[21/Jan/2017:16:27:53.098932003 +0100] conn=8 op=39431 SRCH base="dc=example,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/tisde8i005.ac.example.de at EXAMPLE.DE)(krbPrincipalName:caseIgnoreIA5Match:=host/tisde8i005.ac.example.de at EXAMPLE.DE)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Jan/2017:16:27:53.100196009 +0100] conn=8 op=39435 SRCH base="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Jan/2017:16:27:53.100426687 +0100] conn=8 op=39436 SRCH base="cn=tisde8i005.ac.example.de,cn=masters,cn=ipa,cn=etc,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs=ALL
[21/Jan/2017:16:27:53.100658375 +0100] conn=8 op=39437 MOD dn="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de"
[21/Jan/2017:16:27:53.125278099 +0100] conn=9119 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de"
[21/Jan/2017:16:28:37.001050661 +0100] conn=9119 op=891 SRCH base="cn=accounts,dc=example,dc=de" scope=2 filter="(&(objectClass=ipaHost)(fqdn=tisde8i005.ac.example.de))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[21/Jan/2017:16:28:37.003968246 +0100] conn=9119 op=892 SRCH base="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
[21/Jan/2017:16:28:37.006876504 +0100] conn=9119 op=894 SRCH base="cn=sudo,dc=example,dc=de" scope=2 filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de))(entryusn>=1))"
attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory ipaSudoRunAsExtUser
ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup externalUser entryusn"
[21/Jan/2017:16:42:47.447444525 +0100] conn=7 op=22424 SRCH base="dc=example,dc=de" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal))(krbPrincipalName=host/tisde8i005.ac.example.de at EXAMPLE.DE))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled krbPrincipalKey
krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock krbObjectReferences
krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Jan/2017:16:42:47.459190497 +0100] conn=9208 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de"
[21/Jan/2017:16:43:37.000841869 +0100] conn=9208 op=961 SRCH base="cn=accounts,dc=example,dc=de" scope=2 filter="(&(objectClass=ipaHost)(fqdn=tisde8i005.ac.example.de))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[21/Jan/2017:16:43:37.002362473 +0100] conn=9208 op=962 SRCH base="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
[21/Jan/2017:16:43:37.005732600 +0100] conn=9208 op=964 SRCH base="cn=sudo,dc=example,dc=de" scope=2 filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de))(entryusn>=1))"
attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory ipaSudoRunAsExtUser
ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup externalUser entryusn"
[21/Jan/2017:16:57:41.203749166 +0100] conn=7 op=22574 SRCH base="dc=example,dc=de" scope=2
filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbprincipal)(objectClass=ipakrbprincipal))(|(ipaKrbPrincipalAlias=host/tisde8i005.ac.example.de at EXAMPLE.DE)(krbPrincipalName:caseIgnoreIA5Match:=host/tisde8i005.ac.example.de at EXAMPLE.DE)))" attrs="krbPrincipalName krbCanonicalName krbUPEnabled
krbPrincipalKey krbTicketPolicyReference krbPrincipalExpiration krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbPwdHistory krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbPrincipalAuthInd krbExtraData krbLastAdminUnlock
krbObjectReferences krbTicketFlags krbMaxTicketLife krbMaxRenewableAge nsAccountLock passwordHistory ipaKrbAuthzData ipaUserAuthType ipatokenRadiusConfigLink objectClass"
[21/Jan/2017:16:57:41.208535394 +0100] conn=7 op=22578 SRCH base="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs="objectClass uid cn fqdn gidNumber krbPrincipalName krbCanonicalName krbTicketPolicyReference krbPrincipalExpiration
krbPasswordExpiration krbPwdPolicyReference krbPrincipalType krbLastPwdChange krbPrincipalAliases krbLastSuccessfulAuth krbLastFailedAuth krbLoginFailedCount krbLastAdminUnlock krbTicketFlags ipaNTSecurityIdentifier ipaNTLogonScript ipaNTProfilePath ipaNTHomeDirectory ipaNTHomeDirectoryDrive"
[21/Jan/2017:16:57:41.209403021 +0100] conn=7 op=22579 SRCH base="cn=tisde8i005.ac.example.de,cn=masters,cn=ipa,cn=etc,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs=ALL
[21/Jan/2017:16:57:41.210326182 +0100] conn=7 op=22580 MOD dn="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de"
[21/Jan/2017:16:57:41.255723384 +0100] conn=9305 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de"
[21/Jan/2017:16:58:37.000568448 +0100] conn=9305 op=1209 SRCH base="cn=accounts,dc=example,dc=de" scope=2 filter="(&(objectClass=ipaHost)(fqdn=tisde8i005.ac.example.de))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[21/Jan/2017:16:58:37.002589641 +0100] conn=9305 op=1210 SRCH base="fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de" scope=0 filter="(objectClass=*)" attrs="objectClass cn memberOf ipaUniqueID"
[21/Jan/2017:16:58:37.004729752 +0100] conn=9305 op=1212 SRCH base="cn=sudo,dc=example,dc=de" scope=2 filter="(&(objectClass=ipasudorule)(ipaEnabledFlag=TRUE)(|(!(memberHost=*))(hostCategory=ALL)(memberHost=fqdn=tisde8i005.ac.example.de,cn=computers,cn=accounts,dc=example,dc=de))(entryusn>=1))"
attrs="objectClass cn ipaUniqueID ipaEnabledFlag ipaSudoOpt ipaSudoRunAs ipaSudoRunAsGroup memberAllowCmd memberDenyCmd memberHost memberUser sudoNotAfter sudoNotBefore sudoOrder cmdCategory hostCategory userCategory ipaSudoRunAsUserCategory ipaSudoRunAsGroupCategory ipaSudoRunAsExtUser
ipaSudoRunAsExtGroup ipaSudoRunAsExtUserGroup externalUser entryusn"

> Do the server logs correlate with debug logs from the nss and domain sections of sssd?
> 

You are right: I misread the log file on the client.

> Are you sure there is no other NSS module in nsswitch.conf other than files and sss?
> 

It said "files nis sss". Fixed.


Thanx for your help (and patience)

Regards
Harri

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEH2V614LbR/u1O+a1Cp4qnmbTgcsFAliDiTkACgkQCp4qnmbT
gct1lgf9Hpb0vsGDEFxdWwTu/K6Pmo+aQpFsbx9m0NmBffXUVhMIY/h6FNliIc6E
iNup62Agt4Gfa4hnGQ3BDH+nmjB7KsTIjVgI8sB2xyf++oV+qADKiFk5ERNVgcAb
dXgIfSjxuLZCRKAKy3xXkN+a6F/HEuxF89uX3YeMocSdrdEkfatkAFZjKnEc9uvN
MS7A+mcIiLI/dZsvPnQjEbUwBhPvRx90Aqo6RVBR6Gy2ToEN0zcDXm/nbNG2CHWN
egUIHnMoi9gMpX/xYgODPDgg1rRCLyDkwKGTC7iXf/ePOHTV8yj5EgONv1lQxk6X
s9mvR8wb1PmPmVWv10KCLRYw/Y5N/g==
=PTte
-----END PGP SIGNATURE-----



From harald.dunkel at aixigo.de  Mon Jan 23 07:43:31 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Mon, 23 Jan 2017 08:43:31 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <58820DE5.9070303@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
Message-ID: <667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>

Hi Thierry,

On 01/20/17 14:17, thierry bordaz wrote:
> 
> I agree that it is looking like the conflict entry is the most up-to-date one.
> To try to repair, it would help if you can search groups
> 
> cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
> 
> Hopefully the two last are identical, but the others may refer to  '
> cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db' instead of the non conflict one.
> 

They are not the same (see attachments):

--- /tmp/system_read_dns	2017-01-23 08:26:21.580128044 +0100
+++ /tmp/system_read_dns.nsuniqueid	2017-01-23 08:26:42.603217657 +0100
@@ -1,13 +1,13 @@
 # extended LDIF
 #
 # LDAPv3
-# base <cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
+# base <cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
 # filter: (objectclass=*)
 # requesting: ALL
 #

-# System: Read DNS Servers Configuration, permissions, pbac, example.de
-dn: cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
+# System: Read DNS Servers Configuration + 109be363-ccd911e6-a5b3d0c8-d8da17db, permissions, pbac, example.de
+dn: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
 ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
 ipaPermRight: read
 ipaPermRight: compare
@@ -21,8 +21,7 @@
 objectClass: top
 objectClass: groupofnames
 objectClass: ipapermissionv2
-member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=example,dc=de
-member: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
+member: cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de
 ipaPermDefaultAttr: idnsforwardpolicy
 ipaPermDefaultAttr: objectclass
 ipaPermDefaultAttr: idnsforwarders

> We may try to fix groups (with conflict members).
> 
> thanks
> 

Question: Would you agree its best to avoid swapping "valid" and
"nsuniqueid" records?


Regards
Harri

-------------- next part --------------
# extended LDIF
#
# LDAPv3
# base <cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# System: Read DNS Servers Configuration, permissions, pbac, example.de
dn: cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=example,dc=de
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=example,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
-------------- next part --------------
# extended LDIF
#
# LDAPv3
# base <cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# System: Read DNS Servers Configuration + 109be363-ccd911e6-a5b3d0c8-d8da17db, permissions, pbac, example.de
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=example,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

From rakesh.rajasekharan at gmail.com  Mon Jan 23 10:10:12 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Mon, 23 Jan 2017 15:40:12 +0530
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <jlglgu63f0x.fsf@thriss.redhat.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
	<jlg7f64kpnh.fsf@thriss.redhat.com>
	<CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>
	<jlglgu63f0x.fsf@thriss.redhat.com>
Message-ID: <CANAMAkrZiAhq5bxT+c7OzANJ69qmMJtLMAv+5pqR=Jf1egbSrw@mail.gmail.com>

thanks for the inputs..


one more question I was curious is.. when does the krb5kdc.log get entries
. .. I mean is it only when someone makes an attempt to login to a server
that the log file  krb5kdc.log on the IPA master gets updated or there are
other scenarios as well

Thanks
Rakesh

On Fri, Jan 20, 2017 at 3:09 AM, Robbie Harwood <rharwood at redhat.com> wrote:

> Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:
>
> >> Great, glad it's fixed!  Are these VMs?  If not, you may wish to
> >> (re?)configure automatic syncing.
> >
> > yes these are AWS instances. How do I reconfigure auto syncing . Is
> > there a documentation I can follow.
>
> During install of the IPA server, it will set up an NTP server (unless
> you ask it not to).  During enrollment of each IPA client, it will
> configure NTP against that server (unless you ask it not to).  Disabling
> it is the -N flag in both cases.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170123/d1f198ac/attachment.htm>

From tbordaz at redhat.com  Mon Jan 23 10:59:10 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Mon, 23 Jan 2017 11:59:10 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
Message-ID: <5885E1FE.3040009@redhat.com>



On 01/23/2017 08:43 AM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/20/17 14:17, thierry bordaz wrote:
>> I agree that it is looking like the conflict entry is the most up-to-date one.
>> To try to repair, it would help if you can search groups
>>
>> cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
>>
>> Hopefully the two last are identical, but the others may refer to  '
>> cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db' instead of the non conflict one.
>>
> They are not the same (see attachments):
>
> --- /tmp/system_read_dns	2017-01-23 08:26:21.580128044 +0100
> +++ /tmp/system_read_dns.nsuniqueid	2017-01-23 08:26:42.603217657 +0100
> @@ -1,13 +1,13 @@
>   # extended LDIF
>   #
>   # LDAPv3
> -# base <cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
> +# base <cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de> with scope baseObject
>   # filter: (objectclass=*)
>   # requesting: ALL
>   #
>
> -# System: Read DNS Servers Configuration, permissions, pbac, example.de
> -dn: cn=System: Read DNS Servers Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> +# System: Read DNS Servers Configuration + 109be363-ccd911e6-a5b3d0c8-d8da17db, permissions, pbac, example.de
> +dn: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
>   ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>   ipaPermRight: read
>   ipaPermRight: compare
> @@ -21,8 +21,7 @@
>   objectClass: top
>   objectClass: groupofnames
>   objectClass: ipapermissionv2
> -member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=example,dc=de
> -member: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
> +member: cn=DNS Servers+nsuniqueid=109be317-ccd911e6-a5b3d0c8-d8da17db,cn=privileges,cn=pbac,dc=example,dc=de
>   ipaPermDefaultAttr: idnsforwardpolicy
>   ipaPermDefaultAttr: objectclass
>   ipaPermDefaultAttr: idnsforwarders
>
>> We may try to fix groups (with conflict members).
>>
>> thanks
>>
> Question: Would you agree its best to avoid swapping "valid" and
> "nsuniqueid" records?
We need to get a clear status before trying to swap them.
For example in your attachment the valid entry is member of 'DNS Admin' 
while the conflict one is not. So possibly the valid entry is the one to 
keep.

Conflicts entry
dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de

belong to all these groups
memberOf: cn=System: Read DNS 
Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Write DNS 
Configuration,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Add DNS 
Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Manage DNSSEC 
keys,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Manage DNSSEC 
metadata,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS 
Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Remove DNS 
Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Update DNS 
Entries,cn=permissions,cn=pbac,dc=example,dc=de
memberOf: cn=System: Read DNS Servers 
Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de

My initial thought was to check how it was member (which attribute it is 
using and if it is nested/direct membership).
So then we may try to repair the "valid" entry, making it similarly 
member of those groups.

But this is looking to be complex job and no guaranty it will repair 
everything broken.

Do you have a way to restore from a state where there was no conflict ?

regards
theirry

>
> Regards
> Harri
>



From harald.dunkel at aixigo.de  Mon Jan 23 16:09:27 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Mon, 23 Jan 2017 17:09:27 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <5885E1FE.3040009@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
Message-ID: <f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>

Hi Thierry,

On 01/23/17 11:59, thierry bordaz wrote:
> We need to get a clear status before trying to swap them.
> For example in your attachment the valid entry is member of 'DNS Admin' while the conflict one is not. So possibly the valid entry is the one to keep.
> 
> Conflicts entry
> dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
> 
> belong to all these groups
> memberOf: cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
> memberOf: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
> 
> My initial thought was to check how it was member (which attribute it is using and if it is nested/direct membership).
> So then we may try to repair the "valid" entry, making it similarly member of those groups.
> 
> But this is looking to be complex job and no guaranty it will repair everything broken.
> 
> Do you have a way to restore from a state where there was no conflict ?
> 

I do have old backups. ipa1 and ipa2 were setup in dec 2015. They
are included in at least one monthly archive in jan 2016. I am not
sure if this old version is OK, though.


ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "dc=example,dc=de" | grep nsuniqueid | wc -l

tells me that there are 43 problems open, including the DNs that
are not referenced anywhere. Maybe its easier and less risky to
fix the broken entries?

I created a full replica (including CA) in an LXC container today
("ipabak"). The idea is to take a snapshot of the whole container,
run ipabak without network connection, and then create and verify
a shell script to fix the disconnected replica. On problems I can
roll ipabak back to the snapshot. Maybe it needs some iterations to
create a working script.

When the script appears to be fine I can revert the ipabak container
to the most recent snapshot again, connect it to the network to sync
it with ipa1 and then run the script with multisite replication
enabled.

Do you think this could work?


Regards
Harri



From tbordaz at redhat.com  Mon Jan 23 16:45:20 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Mon, 23 Jan 2017 17:45:20 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
Message-ID: <58863320.1040305@redhat.com>



On 01/23/2017 05:09 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/23/17 11:59, thierry bordaz wrote:
>> We need to get a clear status before trying to swap them.
>> For example in your attachment the valid entry is member of 'DNS Admin' while the conflict one is not. So possibly the valid entry is the one to keep.
>>
>> Conflicts entry
>> dn: cn=DNS Servers,cn=privileges,cn=pbac,dc=example,dc=de
>>
>> belong to all these groups
>> memberOf: cn=System: Read DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Write DNS Configuration,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Add DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Manage DNSSEC keys,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Manage DNSSEC metadata,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Read DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Remove DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Update DNS Entries,cn=permissions,cn=pbac,dc=example,dc=de
>> memberOf: cn=System: Read DNS Servers Configuration+nsuniqueid=109be363-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de
>>
>> My initial thought was to check how it was member (which attribute it is using and if it is nested/direct membership).
>> So then we may try to repair the "valid" entry, making it similarly member of those groups.
>>
>> But this is looking to be complex job and no guaranty it will repair everything broken.
>>
>> Do you have a way to restore from a state where there was no conflict ?
>>
> I do have old backups. ipa1 and ipa2 were setup in dec 2015. They
> are included in at least one monthly archive in jan 2016. I am not
> sure if this old version is OK, though.
>
>
> ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "dc=example,dc=de" | grep nsuniqueid | wc -l
>
> tells me that there are 43 problems open, including the DNs that
> are not referenced anywhere. Maybe its easier and less risky to
> fix the broken entries?

Yes I think so. It is difficult to predict how many entries need to be 
fixed but we may consider it should be close to 43.

>
> I created a full replica (including CA) in an LXC container today
> ("ipabak"). The idea is to take a snapshot of the whole container,
> run ipabak without network connection, and then create and verify
> a shell script to fix the disconnected replica. On problems I can
> roll ipabak back to the snapshot. Maybe it needs some iterations to
> create a working script.

Do you want to run ipabak against ipa1 or ipa2 server ?
>
> When the script appears to be fine I can revert the ipabak container
> to the most recent snapshot again, connect it to the network to sync
> it with ipa1 and then run the script with multisite replication
> enabled.
>
> Do you think this could work?

It should work if you run ipabak against ipa1 or ipa2. But then how to 
prevent that ipa1/ipa2 get more conflicts with the iterations of tests ?

>
>
> Regards
> Harri
>



From rharwood at redhat.com  Mon Jan 23 17:57:33 2017
From: rharwood at redhat.com (Robbie Harwood)
Date: Mon, 23 Jan 2017 12:57:33 -0500
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <CANAMAkrZiAhq5bxT+c7OzANJ69qmMJtLMAv+5pqR=Jf1egbSrw@mail.gmail.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
	<jlg7f64kpnh.fsf@thriss.redhat.com>
	<CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>
	<jlglgu63f0x.fsf@thriss.redhat.com>
	<CANAMAkrZiAhq5bxT+c7OzANJ69qmMJtLMAv+5pqR=Jf1egbSrw@mail.gmail.com>
Message-ID: <jlgvat5mzg2.fsf@thriss.redhat.com>

Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:

> one more question I was curious is.. when does the krb5kdc.log get entries
> . .. I mean is it only when someone makes an attempt to login to a server
> that the log file  krb5kdc.log on the IPA master gets updated or there are
> other scenarios as well

It's controlled by /etc/kdc.conf ; take a look at the "[logging]" section in
`man 5 kdc.conf` for more information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170123/17109f7b/attachment.sig>

From huston at astro.princeton.edu  Mon Jan 23 18:55:01 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Mon, 23 Jan 2017 13:55:01 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
Message-ID: <CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>

Just tested again, and this is still baffling:

* Create a stage user with the right data, works fine, can be edited.
* Enable that user, and now the two fields ('manager' and
'employeeType') appear to have bogus data in the UI, and I cannot save
the page without changing them to something else.
* Once that user is saved, the "Employee Information" facet moves to
the right side of the page, and now shows not only the current data in
the manager drop down but also the other choices (uids).  Change the
value of manager and employeetype back to what they were previously
and it saves.
* An ldapsearch run when the user is first created (as the directory
manager), and after having two edits (one to change the values to
something else to let the webui save them, and one to change them back
to what they should be and were the first time) produce completely
identical results.
* The output of "ipa user-show <uid> --all --raw" is also identical at
those same steps.

So something, somewhere, is being saved in a way that prevents the
webui from displaying them properly, that gets fixed when those values
are manually changed via the webui.

On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
<huston at astro.princeton.edu> wrote:
> Even more interesting...
>
> I tried to modify one of the records that was not displaying properly
> in the "active users" group, and sure enough the webui complained that
> the "Requested By" (relabeled "manager") field was not filled in since
> it was blank.  It also, however, complained that the "User tier"
> (relabeled "employeetype") was incorrect, even though it showed the
> label associated with the value 1.  I clicked the search drop-down for
> manager, typed in my own uid, and even though everything had been
> blank in the drop down before now my uid showed up.  I clicked on it,
> and my uid was now in the manager field.  I then clicked the drop down
> for employeetype, and chose one of the other options.  I was now able
> to save the changes to the record.
>
> Upon reloading the page, the "Employee Information" facet now shoed up
> on the right side bottom, instead of the left side bottom where it was
> appearing.  I was also now able to change the drop-down fields for
> manager and employeetype to another value, and save them, and they
> worked fine even filling in all the data that should have been there.
> This almost seemed like the data being returned by the server was
> flawed somehow, and confusing the webui, but once it was forced to
> have the right data and re-saved it worked fine subsequently.
>
> I looked at the output of "ipa user-show <uid> --all --raw" both
> before and after making such changes on a user, and can detect no
> difference between them.
>
> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>> On to, 19 tammi 2017, Steve Huston wrote:
>>>
>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com>
>>> wrote:
>>>>
>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
>>>> side plugins into different paths (ipaserver/plugins and
>>>> ipaclient/plugins instead of being common in ipalib/plugins). The client
>>>> code was also changed to always read metadata about API from the server
>>>> side. This means the client can adopt to any server version that
>>>> supports API metadata.
>>>
>>>
>>> Right, and I think that the most of the plugin I had belongs
>>> server-side; in fact, that's where I migrated it to, and things work
>>> fine.  I haven't tested if I can change those values with the cli, but
>>> I'm less concerned about that at the moment.
>>>
>>>> In my sample external plugin you referenced above you can see that I
>>>> have client-side change that replaces an input string by a file
>>>> reference so that a file can supplied instead of typing the content of
>>>> the file on the command line. This is one of most used patterns for
>>>> client side plugins.
>>>
>>>
>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>> drop down (which I have renamed through the UI plugins to "Requested
>>> By" to show what user requested and is responsible for this account)
>>> works fine in the 'add/modify stageuser' context, but not at all in
>>> the adduser/moduser context, and I can't seem to find out why.
>>
>> I'll defer answer for this to our web UI wizards but they would need to
>> see your code to help, I'd guess.
>>
>> --
>> / Alexander Bokovoy
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From harald.dunkel at aixigo.de  Tue Jan 24 11:36:56 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 24 Jan 2017 12:36:56 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <58863320.1040305@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
Message-ID: <46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>

Hi Thierry,

On 01/23/17 17:45, thierry bordaz wrote:
> 
> 
> On 01/23/2017 05:09 PM, Harald Dunkel wrote:
>>
>> I created a full replica (including CA) in an LXC container today
>> ("ipabak"). The idea is to take a snapshot of the whole container,
>> run ipabak without network connection, and then create and verify
>> a shell script to fix the disconnected replica. On problems I can
>> roll ipabak back to the snapshot. Maybe it needs some iterations to
>> create a working script.
> 
> Do you want to run ipabak against ipa1 or ipa2 server ?

ipabak is a replica of ipa1:

# ipa-replica-manage -v list ipabak.vs.example.de
Directory Manager password:

ipa1.example.de: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2017-01-24 10:13:13+00:00

# ipa-csreplica-manage -v list ipabak.vs.example.de
Directory Manager password:

ipa1.example.de
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental update succeeded
  last update ended: 2017-01-24 10:14:01+00:00

ipa1 is the first master. ipabak was setup using

# ssh root at ipa1.example.de ipa-replica-prepare ipabak.vs.example.de
# scp -p root at ipa1.example.de:/var/lib/ipa/replica-info-ipabak.vs.example.de.gpg /var/lib/ipa/
# ipa-replica-install /var/lib/ipa/replica-info-ipabak.vs.example.de.gpg --setup-ca

Do you think this is OK?

BTW, freeipa doesn't provide DNS in my net.

>>
>> When the script appears to be fine I can revert the ipabak container
>> to the most recent snapshot again, connect it to the network to sync
>> it with ipa1 and then run the script with multisite replication
>> enabled.
>>
>> Do you think this could work?
> 
> It should work if you run ipabak against ipa1 or ipa2. But then how to prevent that ipa1/ipa2 get more conflicts with the iterations of tests ?
> 

ipabak is not supposed to be connected to ipa1 again, if it has
been modified by the script in development. It has to be reverted
back to the snapshot first. From ipa1's point of view, ipabak just
goes offline for some time, but it never comes back modified.

The development iterations are not cumulative, except for the
script. In each cycle I add code to the script, revert the dis-
connected ipabak back to the snapshot, and test the whole script.
The snapshot is not overwritten.

The snapshot of a LXC container is just an exact copy of its root
directory, taken while the container was off. To revert a LXC
container back to its snapshot, I have to turn it off, replace
its root directory by a copy of the snapshot, and turn it on
again.

To create a new snapshot I revert ipabak to the current snapshot,
connect it to the network, sync it with ipa1, disconnect it and
copy the containers root directory to the new snapshot directory.
The old snapshot has to be removed then.

When the script appears to be ready I have to revert and sync
ipabak again as above, but instead of disconnecting it from the
network I have to stop all ipa servers in parallel to take a
snapshot of each. (All ipa servers are LXC containers.) Next
start the ipa servers again and run the script on ipabak, now
connected with ipa1. This should make the changes "official".


Did I miss something here?

Harri



From tbordaz at redhat.com  Tue Jan 24 11:57:47 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Tue, 24 Jan 2017 12:57:47 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
Message-ID: <5887413B.9030808@redhat.com>



On 01/24/2017 12:36 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/23/17 17:45, thierry bordaz wrote:
>>
>> On 01/23/2017 05:09 PM, Harald Dunkel wrote:
>>> I created a full replica (including CA) in an LXC container today
>>> ("ipabak"). The idea is to take a snapshot of the whole container,
>>> run ipabak without network connection, and then create and verify
>>> a shell script to fix the disconnected replica. On problems I can
>>> roll ipabak back to the snapshot. Maybe it needs some iterations to
>>> create a working script.
>> Do you want to run ipabak against ipa1 or ipa2 server ?
> ipabak is a replica of ipa1:
>
> # ipa-replica-manage -v list ipabak.vs.example.de
> Directory Manager password:
>
> ipa1.example.de: replica
>    last init status: None
>    last init ended: 1970-01-01 00:00:00+00:00
>    last update status: Error (0) Replica acquired successfully: Incremental update succeeded
>    last update ended: 2017-01-24 10:13:13+00:00
>
> # ipa-csreplica-manage -v list ipabak.vs.example.de
> Directory Manager password:
>
> ipa1.example.de
>    last init status: None
>    last init ended: 1970-01-01 00:00:00+00:00
>    last update status: Error (0) Replica acquired successfully: Incremental update succeeded
>    last update ended: 2017-01-24 10:14:01+00:00
>
> ipa1 is the first master. ipabak was setup using
>
> # ssh root at ipa1.example.de ipa-replica-prepare ipabak.vs.example.de
> # scp -p root at ipa1.example.de:/var/lib/ipa/replica-info-ipabak.vs.example.de.gpg /var/lib/ipa/
> # ipa-replica-install /var/lib/ipa/replica-info-ipabak.vs.example.de.gpg --setup-ca
>
> Do you think this is OK?

Yes it looks ok.
> BTW, freeipa doesn't provide DNS in my net.
>
>>> When the script appears to be fine I can revert the ipabak container
>>> to the most recent snapshot again, connect it to the network to sync
>>> it with ipa1 and then run the script with multisite replication
>>> enabled.
>>>
>>> Do you think this could work?
>> It should work if you run ipabak against ipa1 or ipa2. But then how to prevent that ipa1/ipa2 get more conflicts with the iterations of tests ?
>>
> ipabak is not supposed to be connected to ipa1 again, if it has
> been modified by the script in development. It has to be reverted
> back to the snapshot first. From ipa1's point of view, ipabak just
> goes offline for some time, but it never comes back modified.
>
> The development iterations are not cumulative, except for the
> script. In each cycle I add code to the script, revert the dis-
> connected ipabak back to the snapshot, and test the whole script.
> The snapshot is not overwritten.
>
> The snapshot of a LXC container is just an exact copy of its root
> directory, taken while the container was off. To revert a LXC
> container back to its snapshot, I have to turn it off, replace
> its root directory by a copy of the snapshot, and turn it on
> again.
>
> To create a new snapshot I revert ipabak to the current snapshot,
> connect it to the network, sync it with ipa1, disconnect it and
> copy the containers root directory to the new snapshot directory.
> The old snapshot has to be removed then.

If I understand correctly the iterations of development I do not 
understand why, at this point, you need to reconnect ipabak.
After you create ipabak replica, you take a snapshot of it (let 
ipabak_0), then disconnect it from ipa1/ipa2.

Then you may start incremental dev of the script on the offline ipabak.
Before each test of the script, you just need to get ipabak to ipabak_0.
Am I missing something ?


> When the script appears to be ready I have to revert and sync
> ipabak again as above, but instead of disconnecting it from the
> network I have to stop all ipa servers in parallel to take a
> snapshot of each. (All ipa servers are LXC containers.) Next
> start the ipa servers again and run the script on ipabak, now
> connected with ipa1. This should make the changes "official".

How do you know if the script is ready ? When it resolves all the 
conflict entries ?

thanks
thierry
>
> Did I miss something here?
>
> Harri
>



From harald.dunkel at aixigo.de  Tue Jan 24 13:22:44 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 24 Jan 2017 14:22:44 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <5887413B.9030808@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
Message-ID: <32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>

On 01/24/17 12:57, thierry bordaz wrote:
> 
> If I understand correctly the iterations of development I do not understand why, at this point, you need to reconnect ipabak.
> After you create ipabak replica, you take a snapshot of it (let ipabak_0), then disconnect it from ipa1/ipa2.
> 
> Then you may start incremental dev of the script on the offline ipabak.
> Before each test of the script, you just need to get ipabak to ipabak_0.
> Am I missing something ?
> 

ipa1 is not idle while the script is in development. I do not
know if these conflicting entries pop up in some new entries
on ipa1 while the script is in development. When the script
seems to be ready, then I have to verify it with very recent
copy of the database before the final run.

> 
>> When the script appears to be ready I have to revert and sync
>> ipabak again as above, but instead of disconnecting it from the
>> network I have to stop all ipa servers in parallel to take a
>> snapshot of each. (All ipa servers are LXC containers.) Next
>> start the ipa servers again and run the script on ipabak, now
>> connected with ipa1. This should make the changes "official".
> 
> How do you know if the script is ready ? When it resolves all the conflict entries ?
> 

Hopefully yes, but there were 2 conflicts that already made some
problems:

	deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
	ldap_delete: Server is unwilling to perform (53)
	        additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.


	deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
	ldap_delete: Operations error (1)

I got these problems before I became more careful with this.

Regards
Harri



From tbordaz at redhat.com  Tue Jan 24 14:01:28 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Tue, 24 Jan 2017 15:01:28 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
Message-ID: <58875E38.2010806@redhat.com>



On 01/24/2017 02:22 PM, Harald Dunkel wrote:
> On 01/24/17 12:57, thierry bordaz wrote:
>> If I understand correctly the iterations of development I do not understand why, at this point, you need to reconnect ipabak.
>> After you create ipabak replica, you take a snapshot of it (let ipabak_0), then disconnect it from ipa1/ipa2.
>>
>> Then you may start incremental dev of the script on the offline ipabak.
>> Before each test of the script, you just need to get ipabak to ipabak_0.
>> Am I missing something ?
>>
> ipa1 is not idle while the script is in development. I do not
> know if these conflicting entries pop up in some new entries
> on ipa1 while the script is in development. When the script
> seems to be ready, then I have to verify it with very recent
> copy of the database before the final run.

I would be surprised that new conflicts are popping up on ipa1/ipa2 
during develop of the script.
But yes when the script is ready, you need to sync ipabak/ipa1 to be 
sure the script will run successfully on all conflicts (old and new).

>
>>> When the script appears to be ready I have to revert and sync
>>> ipabak again as above, but instead of disconnecting it from the
>>> network I have to stop all ipa servers in parallel to take a
>>> snapshot of each. (All ipa servers are LXC containers.) Next
>>> start the ipa servers again and run the script on ipabak, now
>>> connected with ipa1. This should make the changes "official".
>> How do you know if the script is ready ? When it resolves all the conflict entries ?
>>
> Hopefully yes, but there were 2 conflicts that already made some
> problems:
>
> 	deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
> 	ldap_delete: Server is unwilling to perform (53)
> 	        additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.
>
>
> 	deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
> 	ldap_delete: Operations error (1)
>
> I got these problems before I became more careful with this.

This will be a difficulty to setup that script.
You may be unable to delete some entries (managed entry, tombstones..).

I think one target of the script is to get the 'valid' entries at the 
expected level: having the expected set of attribute/values. A kind of 
merge of valid/conflict entries.
Then you may have to moddn some conflict children under the valid entry.
At the end, remove the conflict entries.

As I said, setting up such script could take you more time than fixing 
manually the 43 conflicts.

regards
thierry
>
> Regards
> Harri
>



From harald.dunkel at aixigo.de  Tue Jan 24 15:18:00 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 24 Jan 2017 16:18:00 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <58875E38.2010806@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
Message-ID: <36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>

Hi Thierry,

On 01/24/17 15:01, thierry bordaz wrote:
>> Hopefully yes, but there were 2 conflicts that already made some
>> problems:
>>
>>     deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
>>     ldap_delete: Server is unwilling to perform (53)
>>             additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.
>>
>>
>>     deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
>>     ldap_delete: Operations error (1)
>>
>> I got these problems before I became more careful with this.
> 
> This will be a difficulty to setup that script.
> You may be unable to delete some entries (managed entry, tombstones..).
> 
> I think one target of the script is to get the 'valid' entries at the expected level: having the expected set of attribute/values. A kind of merge of valid/conflict entries.
> Then you may have to moddn some conflict children under the valid entry.
> At the end, remove the conflict entries.

I agree. But I still need to work on a snapshot first, without
the risk of making things worse.

Would you suggest to disconnect ipabak from the network and ipa1,
cleanup the mess as far as possible, and then connect ipabak
to the network again to rely upon the regular replica synchroni-
zation?

> 
> As I said, setting up such script could take you more time than fixing manually the 43 conflicts.
> 

Maybe there is a misunderstanding about "script" here: Its not
a high-end shell script with man page and command line flags and
so on. It is just a sequence of variable assignments and commands
to run. Goal is to avoid having to type the same stuff twice, and
to make use of copy and paste in an editor. One key feature is to
get something reproducible.


Every helpful advice is highly welcome
Harri



From tbordaz at redhat.com  Tue Jan 24 16:56:54 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Tue, 24 Jan 2017 17:56:54 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
Message-ID: <58878756.3010407@redhat.com>



On 01/24/2017 04:18 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/24/17 15:01, thierry bordaz wrote:
>>> Hopefully yes, but there were 2 conflicts that already made some
>>> problems:
>>>
>>>      deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
>>>      ldap_delete: Server is unwilling to perform (53)
>>>              additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.
>>>
>>>
>>>      deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
>>>      ldap_delete: Operations error (1)
>>>
>>> I got these problems before I became more careful with this.
>> This will be a difficulty to setup that script.
>> You may be unable to delete some entries (managed entry, tombstones..).
>>
>> I think one target of the script is to get the 'valid' entries at the expected level: having the expected set of attribute/values. A kind of merge of valid/conflict entries.
>> Then you may have to moddn some conflict children under the valid entry.
>> At the end, remove the conflict entries.
> I agree. But I still need to work on a snapshot first, without
> the risk of making things worse.
>
> Would you suggest to disconnect ipabak from the network and ipa1,
> cleanup the mess as far as possible, and then connect ipabak
> to the network again to rely upon the regular replica synchroni-
> zation?

Yes, as soon as ipaback is in sync with ipa1 and you took a snapshot of 
ipaback, I think you can disconnect ipaback and run your script on it 
(iterating with the snapshot).

>
>> As I said, setting up such script could take you more time than fixing manually the 43 conflicts.
>>
> Maybe there is a misunderstanding about "script" here: Its not
> a high-end shell script with man page and command line flags and
> so on. It is just a sequence of variable assignments and commands
> to run. Goal is to avoid having to type the same stuff twice, and
> to make use of copy and paste in an editor. One key feature is to
> get something reproducible.
>
>
> Every helpful advice is highly welcome
> Harri
>



From MBerkelaar at binck.nl  Tue Jan 24 18:43:59 2017
From: MBerkelaar at binck.nl (Mike Berkelaar)
Date: Tue, 24 Jan 2017 18:43:59 +0000
Subject: [Freeipa-users] HBAC trust groups inconsistent
Message-ID: <78BE07929E5DDA48BC70E7826B1D54AC2A8323D8@rexch02.binckbank.nv>

Hello,

I have been testing Freeipa since 4.2 and am very impressed overall. A pending issue I have not been able to resolve is getting HBAC to work consistently. I?m limited to an AD-trust scenario where AD groups are mapped to Posix groups. While ?id user at domain? will return all groups for new queries, or after a reset of the cache and a restart of SSSD, this does not *always* seem to be the case with kerberized HTTP. (http://www.freeipa.org/page/Web_App_Authentication)

With the HBAC rule allowing access from a particular Posix mapped group to a custom service (?HTTP?) I typically see it sometimes working, and then randomly failing after some delay ( minutes ? hours), hinting at a cache miss of some sort.

Performing an HTTP GET to the kerberized webserver may at first fail. After a short delay it may sometimes start working out of the blue. In some cases disabling and enabling HBAC rules or performing ?id user at domain? helps with sorting the issue. As you can see from the logging the first time SSSD gathers 38 groups, failing to get the Posix mapped group, but a few minutes later getting 39 groups, including the ?sambatesters? mapped group that the HBAC rule applies to.

Failing:
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x1000): [38] groups for [user at domain.local]
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x2000): Skipping non-group memberOf [CN=SG_ROLE_PROXY_PROD_Change,OU=Roles,OU=Groups,DC=domain,DC=local]
... * Skipping all underscore_seperated_group CNs *
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x2000): Skipping non-group memberOf [CN=* ICT Infrastructure Unix,OU=Distribution,OU=Groups,DC=domain,DC=local]

(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21a9f4
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21e99e0
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21a9f40 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21e99e0 "ltdb_timeout"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21a9f40 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21c90c0
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21b6e00
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21c90c0 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21b6e00 "ltdb_timeout"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21c90c0 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21eb880
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21b6e00
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21eb880 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21b6e00 "ltdb_timeout"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21eb880 "ltdb_callback"
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [ipa_hbac_evaluate_rules] (0x0080): Access denied by HBAC rules
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [sdap_id_op_destroy] (0x4000): releasing operation connection
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 6, <NULL>) [Success]
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Sending result [6][domain.local]
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Sent result [6][domain.local]
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [sdap_process_result] (0x2000): Trace: sh[0x21a6b10], connected[1], ops[(nil)], ldap[0x21ab2b0]
(Tue Jan 24 19:05:42 2017) [sssd[be[unix.domain.local]]] [sdap_process_result] (0x2000): Trace: ldap_result found nothing!


Succeeding:
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x1000): [39] groups for [user at domain.local]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x2000): Skipping non-group memberOf [CN=SG_ROLE_PROXY_PROD_Change,OU=Roles,OU=Groups,DC=domain,DC=local]
...
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x2000): Skipping non-group memberOf [CN=AFD-ICT-DM Change,OU=_SOMEOU,OU=Groups,DC=domain,DC=local]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [hbac_eval_user_element] (0x1000): Added group [sambatesters] for user [user at domain.local]

(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21c8990
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21b6e00
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21c8990 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21b6e00 "ltdb_timeout"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21c8990 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21baab0
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21b62d0
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21baab0 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21b62d0 "ltdb_timeout"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21baab0 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_callback": 0x21baab0
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Added timed event "ltdb_timeout": 0x21c8990
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Running timer event 0x21baab0 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Destroying timer event 0x21c8990 "ltdb_timeout"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ldb] (0x4000): Ending timer event 0x21baab0 "ltdb_callback"
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [ipa_hbac_evaluate_rules] (0x0080): Access granted by HBAC rule [http_filter]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, <NULL>) [Success]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 0, Success) [Success]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Sending result [0][domain.local]
(Tue Jan 24 19:06:58 2017) [sssd[be[unix.domain.local]]] [be_pam_handler_callback] (0x0100): Sent result [0][domain.local]


Current setup is IPA 4.4, Sssd mix of 1.13 (Ubuntu) and 1.14 (Centos 7.3)
IPA SSSD cache mounted on tmpfs
Ignore_group_members = True
Subdomain_inherit = ignore_group_members

The sambatesters Posix group is, as far as I can tell, consistently mapped to the user with SSH logins and by ?id?. Some AD groups do contain spaces and funny characters (*). I am at a loss with debugging this issue, mainly because groups seem to appear and disappear with GSSAPI sessions at random moments in time.
Does anybody have any idea how to troubleshoot this any further?


Other threads I though were hinting at a similar issue:
https://www.redhat.com/archives/freeipa-users/2016-July/msg00163.html


Disclaimer
________________________________
Deze e-mail en zijn bijlagen zijn uitsluitend bestemd voor de geadresseerde(n) als op dit e-mailblad vermeld. Het is mogelijk dat deze e-mail persoonlijke en/of vertrouwelijke informatie bevat. Wanneer u niet de geadresseerde bent, verzoeken wij u dringend ons daarvan te berichten. Elke verspreiding, vermenigvuldiging, gebruik of openbaarmaking aan derden van de inhoud van deze e-mail en zijn bijlagen, is verboden. Hoewel deze informatie met de meeste zorg is samengesteld is BinckBank N.V. op geen enkele wijze aansprakelijk voor eventuele fouten, omissies of andere onjuistheden in deze informatie of de gevolgen daarvan noch op enigerlei wijze gebonden aan de inhoud van de e-mail of zijn bijlagen. Gelieve, in geval van onjuiste of onvolledige ontvangst, deze e-mail terug te sturen naar de afzender.
BinckBank N.V. is gevestigd aan de Barbara Strozzilaan 310, Amsterdam (1083 HN), Nederland en is ingeschreven bij de Kamer van Koophandel in Amsterdam onder nummer 33162223. BinckBank N.V. heeft een vergunning van De Nederlandsche Bank, Postbus 98, 1000 AB Amsterdam en staat geregistreerd bij de Autoriteit Financi?le Markten, Postbus 11723, 1001 GS Amsterdam. Het BTW-nummer van BinckBank N.V. is NL007606552B01.
________________________________
This e-mail and its attachments are only intended for the individual(s) or entity(entities) named above to whom they are addressed and may contain personal and/or confidential information. Please notify us immediately if you are not the intended recipient. Any dissemination, duplication, publication to third parties or other use of the contents of this e-mail or its attachments is forbidden. BinckBank N.V. shall not accept any responsibility for any errors, omissions or other inaccuracies in this information or for the consequences thereof, nor shall it be bound in any way by the contents of this e-mail or its attachments. In the event of incomplete or incorrect transmission please return the e-mail to the sender.
BinckBank N.V. is established on the Barbara Strozzilaan 310, Amsterdam (1083 HN), Netherlands and is registered with the Chamber of Commerce in Amsterdam under number 33162223. BinckBank N.V. is authorized by De Nederlandsche Bank, PO Box 98, 1000 AB Amsterdam and is registered with the Authority for the Financial Markets, PO Box 11723, 1001 GS Amsterdam. BinckBank N.V?s VAT number is NL007606552B01.
________________________________
Ce message, ainsi que toutes ses pi?ces jointes, est exclusivement destin? aux personnes indiqu?es ci-dessus, ? qui il a ?t? adress?, et peut contenir des informations personnelles ou confidentielles. Si vous recevez ce message et que vous n'en ?tes pas le destinataire, veuillez nous en avertir imm?diatement, et le d?truire. Toute diss?mination, copie, transmission ? des tiers, ou autre usage de ce message, de son contenu et de ses pi?ces jointes, est interdit. BinckBank N.V. n'accepte aucune responsabilit? pour d'?ventuelles erreurs ou omissions ou leur cons?quences. Ce message, son contenu et ses pi?ces jointes ne constituent en aucune fa?on un engagement de BinckBank N.V.. En cas de transmission incompl?te ou erron?e, merci de renvoyer ce message ? son exp?diteur.
BinckBank N.V. a son si?ge au Barbara Strozzilaan 310, Amsterdam (1083 HN), Pays-Bas et est inscrite aupr?s de la Chambre de Commerce d'Amsterdam sous le num?ro 33162223. BinckBank N.V. est agr??e par De Nederlandsche Bank, PO Box 98, 1000 AB Amsterdam et est inscrite aupr?s de Autoriteit Financi?le Markten, PO Box 11723, 1001 GS Amsterdam. Le num?ro de TVA de BinckBank N.V. est NL007606552B01.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170124/28365c15/attachment.htm>

From huston at astro.princeton.edu  Tue Jan 24 19:59:42 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Tue, 24 Jan 2017 14:59:42 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
Message-ID: <CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>

And now I'm convinced this has nothing to do with my plugin and
instead is a bug somewhere in FreeIPA.

I removed the entirety of the "astrocustom" plugin that I wrote,
restarted httpd, and force reloaded the page in chrome.  I clicked to
add a new user, gave the basic information, and clicked "add and
edit".  The bottom of the page shows the "Employee information" on the
left side bottom, and the manager drop-down is empty.  I entered '1'
in the "employee type" field and clicked save, and now "Employee
Information" is on the right side directly under "Contact settings",
and the manager drop-down is populated with the list of UIDs on the
system.

When the UI is in the failed state, the "email address" field is also
blank, but when things switch to how they should be (after submitting
a change) it is populated with the email address in the record.  I
just tested by adding a telephone number to the record, and that also
made the contact information and employee information facets refresh
with the proper data.  Pressing shift-reload again makes all the
information disappear (including the telephone number I just entered).

This is with ipa-server-4.4.0-14.el7_3.4


On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
<huston at astro.princeton.edu> wrote:
> Just tested again, and this is still baffling:
>
> * Create a stage user with the right data, works fine, can be edited.
> * Enable that user, and now the two fields ('manager' and
> 'employeeType') appear to have bogus data in the UI, and I cannot save
> the page without changing them to something else.
> * Once that user is saved, the "Employee Information" facet moves to
> the right side of the page, and now shows not only the current data in
> the manager drop down but also the other choices (uids).  Change the
> value of manager and employeetype back to what they were previously
> and it saves.
> * An ldapsearch run when the user is first created (as the directory
> manager), and after having two edits (one to change the values to
> something else to let the webui save them, and one to change them back
> to what they should be and were the first time) produce completely
> identical results.
> * The output of "ipa user-show <uid> --all --raw" is also identical at
> those same steps.
>
> So something, somewhere, is being saved in a way that prevents the
> webui from displaying them properly, that gets fixed when those values
> are manually changed via the webui.
>
> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
> <huston at astro.princeton.edu> wrote:
>> Even more interesting...
>>
>> I tried to modify one of the records that was not displaying properly
>> in the "active users" group, and sure enough the webui complained that
>> the "Requested By" (relabeled "manager") field was not filled in since
>> it was blank.  It also, however, complained that the "User tier"
>> (relabeled "employeetype") was incorrect, even though it showed the
>> label associated with the value 1.  I clicked the search drop-down for
>> manager, typed in my own uid, and even though everything had been
>> blank in the drop down before now my uid showed up.  I clicked on it,
>> and my uid was now in the manager field.  I then clicked the drop down
>> for employeetype, and chose one of the other options.  I was now able
>> to save the changes to the record.
>>
>> Upon reloading the page, the "Employee Information" facet now shoed up
>> on the right side bottom, instead of the left side bottom where it was
>> appearing.  I was also now able to change the drop-down fields for
>> manager and employeetype to another value, and save them, and they
>> worked fine even filling in all the data that should have been there.
>> This almost seemed like the data being returned by the server was
>> flawed somehow, and confusing the webui, but once it was forced to
>> have the right data and re-saved it worked fine subsequently.
>>
>> I looked at the output of "ipa user-show <uid> --all --raw" both
>> before and after making such changes on a user, and can detect no
>> difference between them.
>>
>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>
>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com>
>>>> wrote:
>>>>>
>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
>>>>> side plugins into different paths (ipaserver/plugins and
>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The client
>>>>> code was also changed to always read metadata about API from the server
>>>>> side. This means the client can adopt to any server version that
>>>>> supports API metadata.
>>>>
>>>>
>>>> Right, and I think that the most of the plugin I had belongs
>>>> server-side; in fact, that's where I migrated it to, and things work
>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>> I'm less concerned about that at the moment.
>>>>
>>>>> In my sample external plugin you referenced above you can see that I
>>>>> have client-side change that replaces an input string by a file
>>>>> reference so that a file can supplied instead of typing the content of
>>>>> the file on the command line. This is one of most used patterns for
>>>>> client side plugins.
>>>>
>>>>
>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>> By" to show what user requested and is responsible for this account)
>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>> the adduser/moduser context, and I can't seem to find out why.
>>>
>>> I'll defer answer for this to our web UI wizards but they would need to
>>> see your code to help, I'd guess.
>>>
>>> --
>>> / Alexander Bokovoy
>>
>>
>>
>> --
>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From harald.dunkel at aixigo.de  Wed Jan 25 11:44:32 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Wed, 25 Jan 2017 12:44:32 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <58878756.3010407@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
Message-ID: <9afd587d-9969-4f57-5c91-23169943889d@aixigo.de>

Hi Thierry,

On 01/24/17 17:56, thierry bordaz wrote:
> 
> 
> On 01/24/2017 04:18 PM, Harald Dunkel wrote:
>>
>> Would you suggest to disconnect ipabak from the network and ipa1,
>> cleanup the mess as far as possible, and then connect ipabak
>> to the network again to rely upon the regular replica synchroni-
>> zation?
> 
> Yes, as soon as ipaback is in sync with ipa1 and you took a snapshot of ipaback, I think you can disconnect ipaback and run your script on it (iterating with the snapshot).
> 

My concern is that I will run into new conflicts on connecting
the modified ipaback back with ipa1?


Regards
Harri



From lkrispen at redhat.com  Wed Jan 25 13:41:14 2017
From: lkrispen at redhat.com (Ludwig)
Date: Wed, 25 Jan 2017 14:41:14 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <9afd587d-9969-4f57-5c91-23169943889d@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<9afd587d-9969-4f57-5c91-23169943889d@aixigo.de>
Message-ID: <e5ad8937-e34e-c4df-7a0c-d1f237cd0dd7@redhat.com>



On 01/25/2017 12:44 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/24/17 17:56, thierry bordaz wrote:
>>
>> On 01/24/2017 04:18 PM, Harald Dunkel wrote:
>>> Would you suggest to disconnect ipabak from the network and ipa1,
>>> cleanup the mess as far as possible, and then connect ipabak
>>> to the network again to rely upon the regular replica synchroni-
>>> zation?
>> Yes, as soon as ipaback is in sync with ipa1 and you took a snapshot of ipaback, I think you can disconnect ipaback and run your script on it (iterating with the snapshot).
>>
> My concern is that I will run into new conflicts on connecting
> the modified ipaback back with ipa1?
conflict entries are only created if you do the same operation in 
parallel on different replicas. Once existing they behave like normal 
entries (only with special dns), eg if you delete it on one replica the 
delete will be replicated to the other replicas - either immediately if 
they are connected or later when they will be connected again.

I think what Thierry is suggesting is, that if you make mistakes in your 
cleanup these mistakes would also be replicated immediately if every 
replcia is connected, so disconnecting allows you to do a backup and 
then try the cleanup and when successful connect agai and have the 
cleanup operations replicated.
>
>
> Regards
> Harri
>



From georgijsr at scandiweb.com  Wed Jan 25 13:48:54 2017
From: georgijsr at scandiweb.com (Georgijs Radovs)
Date: Wed, 25 Jan 2017 15:48:54 +0200
Subject: [Freeipa-users] Keycloak + FreeIPA New password expiry
Message-ID: <9ce77113-9e77-d422-a81e-566e67a13dd4@scandiweb.com>

Hello everyone!

Is it possible to configure FreeIPA server so it does not mark new 
passwords, set by Keycloak's LDAP bind user, expired?

Basically, so the user accounts synced from FreeIPA to Keycloak, could 
reset their passwords from Keycloak.

Here is my current setup:

FreeIPA server 4.4 as LDAP identity store

Keycloak server 2.1.0 as SAML identity provider

Keycloak has "User Federation" set up to sync user accounts from FreeIPA 
server.

Everything is working well, except for password reset.

For example, when a user account synced from FreeIPA, logs in to 
Keycloak server and resets his password at Keycloak server's user 
account portal, Keycloak bind user resets FreeIPA user account's 
password, but, as the password is set by bind user and not FreeIPA user, 
the password is set to be expired.

So, for password to be valid, FreeIPA user should go to FreeIPA server 
and reset his password once more.

Can you, please, suggest how to resolve this issue?


-- 
 <https://www.youtube.com/watch?v=coVJlV1LJ84>



From tba at kb.dk  Tue Jan 24 10:54:46 2017
From: tba at kb.dk (Tony Brian Albers)
Date: Tue, 24 Jan 2017 10:54:46 +0000
Subject: [Freeipa-users] How to clean out(reset) FreeIPA,
Message-ID: <9ec7a51a-b0e4-6eaf-41e7-8b876b8df451@statsbiblioteket.dk>

Hi guys,

Is there a way to expunge everything except admin account from IPA?

We have a supercomputer test installation here that needs it, and a 
reset is preferable over a complete reinstall.

TIA

Tony
-- 
Best regards,

Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316



From intiro at gmail.com  Wed Jan 25 13:30:57 2017
From: intiro at gmail.com (Gendy Tartovsky)
Date: Wed, 25 Jan 2017 15:30:57 +0200
Subject: [Freeipa-users] FreeIPA 4.2 CA issues
Message-ID: <CAMWz4nUsWRvBetehzfGv0K=S6DNip-g7KuO9A_YSDKp3pNSRZg@mail.gmail.com>

 Hi,

I'm having a PKI-tomcat issue that started after upgrade.
My configuration has 4 servers with CA, where servers 2, 3 and 4 are
replicated from the first one.
At first it didn't cause much trouble since all the issue came down to
pki-tomcat getting to start about 2 minutes.
But it seems that problem is progressed a lot and is causing issues in
multiple parts of the system.

After upgrading FreeIPA from 4.1 to 4.2  ipactl would not on the first node
start without the --ignore-service-failures.

 I found that in the menu Authentication-->Certificates
 I have multiple certificates for same hosts in some cases there were up to
30 duplicates per host and it is unclear what is generating them.

Next issue is that if I try to add a new replica with ipa-replica-prepare
utility
I get an error: "Failed to generate certificate"

And the last problem I found is that I am unable to restore a backup.
The ipa-restore utility is able to unpack the backup but once I try to
start FreeIPA on a new node
the pki-tomcat fails to start. And I see this message in debug:

ipa: DEBUG: Waiting for CA to start...
ipa: DEBUG: Starting external process
ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
'--no-check-certificate' 'https://XXXX:8443/ca/admin/ca/getStatus'
ipa: DEBUG: Process finished, return code=8


In the /var/log/dirsrv/slapd-XXX/errors I see a lot of these
 NSMMReplicationPlugin - process_postop: Failed to apply update
(57c3cc550002000d0000) error (-1).  Aborting replication
session(conn=272420 op=6)

 but I'm not sure if it is directly related to the problem.

 In /var/log/pki/pki-tomcat/ca/debug I see a lot of these messages:
Can't create master connection in LdapBoundConnFactory::getConn! Could not
connect to LDAP server host bos-admin1.hq.datarobot.com port 636 Error
netscape.ldap.LDAPException: IO Error creating JSS SSL Socket

My guess was that the CA certificate got expired, so I tried to run
'ipa-cacert-manage renew'
but it failed with this message:

Resubmitting certmonger request '20151222031110' timed out, please check
the request manually


Don't really know what else to try right now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/9235f47b/attachment.htm>

From mbasti at redhat.com  Wed Jan 25 15:30:07 2017
From: mbasti at redhat.com (Martin Basti)
Date: Wed, 25 Jan 2017 16:30:07 +0100
Subject: [Freeipa-users] How to clean out(reset) FreeIPA,
In-Reply-To: <9ec7a51a-b0e4-6eaf-41e7-8b876b8df451@statsbiblioteket.dk>
References: <9ec7a51a-b0e4-6eaf-41e7-8b876b8df451@statsbiblioteket.dk>
Message-ID: <f4bce8aa-49bd-6279-b00e-299e621689d7@redhat.com>



On 24.01.2017 11:54, Tony Brian Albers wrote:
> Hi guys,
>
> Is there a way to expunge everything except admin account from IPA?
>
> We have a supercomputer test installation here that needs it, and a
> reset is preferable over a complete reinstall.
>
> TIA
>
> Tony

You can try ipa-backup and ipa-restore, ipa-backup with only admin and 
call IPA restore only as a cleanup

I'm not sure but ipa-backup --data should be enough, if you don't need 
to restore services just content of LDAP DB

Martin



From jgoddard at emerlyn.com  Wed Jan 25 16:04:26 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Wed, 25 Jan 2017 11:04:26 -0500
Subject: [Freeipa-users] Error: CA certificate is not tracked by certmonger
Message-ID: <CA+No-6ESuJC_wRh_6j4iJxZE1DVJZok1BUWhnrp3DQ=0jSUXhQ@mail.gmail.com>

I've accidentally removed tracking of my CA certificate and don't know how
to re-add it. Can someone assist? Using the command:pki ca-cert-find
results in the error:PKIException: Not Found


Thanks,

Jeff


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/a32e8e80/attachment.htm>

From redbranchwarrior at gmail.com  Wed Jan 25 16:38:03 2017
From: redbranchwarrior at gmail.com (Matthew Carter)
Date: Wed, 25 Jan 2017 11:38:03 -0500
Subject: [Freeipa-users] Reinstalling IPA-Server
Message-ID: <5244de1c-95cf-1202-78d3-628162b40311@gmail.com>

As I was configuring my network with a government STIG package, I ended 
up hosing up the network by following the STIGs directions and not 
thinking it through. Currently users can log in, but NFS mounts won't 
happen with krb5i encryption as they are being denied by the server who 
is my NFS host. I really like things nice and neat, so after fumbling 
around in my inexperienced haze, I feel now is the time to reload. I 
would like to keep my users home dirs intact, as I sure they would as well.


I'm assuming that the process is as follows and would like any pointers 
or tips from those in the know.


1. remove clients from Domain using ipa-client-automount --uninstall and 
then ipa-client-install --uninstall.

2. On the server, ipa-client-automount --uninstall and then yum remove ipa-*


Are there anything else that should be completed before a reinstallation?


I'm guessing I'll have to set up users again, but the data they have on 
the clients should be fine if I keep the same usernames, right?

Is there anyway of keeping the users passwords from the old installation 
and moving them to the new? I'm trying to avoid as much grumbling as 
possible.


Thanks!


Matt



From b.candler at pobox.com  Wed Jan 25 17:13:32 2017
From: b.candler at pobox.com (Brian Candler)
Date: Wed, 25 Jan 2017 17:13:32 +0000
Subject: [Freeipa-users] Keycloak + FreeIPA New password expiry
In-Reply-To: <9ce77113-9e77-d422-a81e-566e67a13dd4@scandiweb.com>
References: <9ce77113-9e77-d422-a81e-566e67a13dd4@scandiweb.com>
Message-ID: <61ac66d6-b9b3-c852-9c22-3cfebe4bb501@pobox.com>

On 25/01/2017 13:48, Georgijs Radovs wrote:
> Is it possible to configure FreeIPA server so it does not mark new 
> passwords, set by Keycloak's LDAP bind user, expired?

Yes, you need to configure the privileged LDAP bind user in 
passSyncManagersDNs:

dn: cn=ipa_pwd_extop,cn=plugins,cn=config
passSyncManagersDNs: uid=....

Note that this setting does not replicate - it needs to be applied to 
all replicas by hand.

See:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/pass-sync.html#password-sync
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/89f9f3f7/attachment.htm>

From georgijsr at scandiweb.com  Wed Jan 25 17:46:31 2017
From: georgijsr at scandiweb.com (Georgijs Radovs)
Date: Wed, 25 Jan 2017 19:46:31 +0200
Subject: [Freeipa-users] Keycloak + FreeIPA New password expiry
In-Reply-To: <61ac66d6-b9b3-c852-9c22-3cfebe4bb501@pobox.com>
References: <9ce77113-9e77-d422-a81e-566e67a13dd4@scandiweb.com>
	<61ac66d6-b9b3-c852-9c22-3cfebe4bb501@pobox.com>
Message-ID: <CAA7aPsZ_UCY5O+0nzy0uJZ23tW_0Z+FXF2O6Vp415EqmVvFhkg@mail.gmail.com>

Thank you very much, Brian!





Georgijs Radovs
Junior Sysadmin
<http://scandiweb.com/services>

On Wed, Jan 25, 2017 at 7:13 PM, Brian Candler <b.candler at pobox.com> wrote:

> On 25/01/2017 13:48, Georgijs Radovs wrote:
>
> Is it possible to configure FreeIPA server so it does not mark new
> passwords, set by Keycloak's LDAP bind user, expired?
>
> Yes, you need to configure the privileged LDAP bind user in
> passSyncManagersDNs:
>
> dn: cn=ipa_pwd_extop,cn=plugins,cn=config
> passSyncManagersDNs: uid=....
>
> Note that this setting does not replicate - it needs to be applied to all
> replicas by hand.
>
> See:
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Windows_Integration_Guide/
> pass-sync.html#password-sync
>

-- 
 <https://www.youtube.com/watch?v=coVJlV1LJ84>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/b3e198f9/attachment.htm>

From pvomacka at redhat.com  Wed Jan 25 18:42:12 2017
From: pvomacka at redhat.com (Pavel Vomacka)
Date: Wed, 25 Jan 2017 19:42:12 +0100
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
Message-ID: <2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>

Hello Steve,

I tried to reproduce what you described on the very same version of 
ipa-server and I was not successful. Actually I was not used your 
back-end plugin. I tried it with no plugin and then with your UI plugin 
and both worked correctly. Did you do any other changes somewhere in 
your installation?

I will try it again also with your Python plugin and we'll see.

On 01/24/2017 08:59 PM, Steve Huston wrote:
> And now I'm convinced this has nothing to do with my plugin and
> instead is a bug somewhere in FreeIPA.
>
> I removed the entirety of the "astrocustom" plugin that I wrote,
> restarted httpd, and force reloaded the page in chrome.  I clicked to
> add a new user, gave the basic information, and clicked "add and
> edit".  The bottom of the page shows the "Employee information" on the
> left side bottom, and the manager drop-down is empty.  I entered '1'
> in the "employee type" field and clicked save, and now "Employee
> Information" is on the right side directly under "Contact settings",
> and the manager drop-down is populated with the list of UIDs on the
> system.
>
> When the UI is in the failed state, the "email address" field is also
> blank, but when things switch to how they should be (after submitting
> a change) it is populated with the email address in the record.  I
> just tested by adding a telephone number to the record, and that also
> made the contact information and employee information facets refresh
> with the proper data.  Pressing shift-reload again makes all the
> information disappear (including the telephone number I just entered).
>
> This is with ipa-server-4.4.0-14.el7_3.4
>
>
> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
> <huston at astro.princeton.edu> wrote:
>> Just tested again, and this is still baffling:
>>
>> * Create a stage user with the right data, works fine, can be edited.
>> * Enable that user, and now the two fields ('manager' and
>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>> the page without changing them to something else.
>> * Once that user is saved, the "Employee Information" facet moves to
>> the right side of the page, and now shows not only the current data in
>> the manager drop down but also the other choices (uids).  Change the
>> value of manager and employeetype back to what they were previously
>> and it saves.
>> * An ldapsearch run when the user is first created (as the directory
>> manager), and after having two edits (one to change the values to
>> something else to let the webui save them, and one to change them back
>> to what they should be and were the first time) produce completely
>> identical results.
>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>> those same steps.
>>
>> So something, somewhere, is being saved in a way that prevents the
>> webui from displaying them properly, that gets fixed when those values
>> are manually changed via the webui.
>>
>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>> <huston at astro.princeton.edu> wrote:
>>> Even more interesting...
>>>
>>> I tried to modify one of the records that was not displaying properly
>>> in the "active users" group, and sure enough the webui complained that
>>> the "Requested By" (relabeled "manager") field was not filled in since
>>> it was blank.  It also, however, complained that the "User tier"
>>> (relabeled "employeetype") was incorrect, even though it showed the
>>> label associated with the value 1.  I clicked the search drop-down for
>>> manager, typed in my own uid, and even though everything had been
>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>> and my uid was now in the manager field.  I then clicked the drop down
>>> for employeetype, and chose one of the other options.  I was now able
>>> to save the changes to the record.
>>>
>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>> on the right side bottom, instead of the left side bottom where it was
>>> appearing.  I was also now able to change the drop-down fields for
>>> manager and employeetype to another value, and save them, and they
>>> worked fine even filling in all the data that should have been there.
>>> This almost seemed like the data being returned by the server was
>>> flawed somehow, and confusing the webui, but once it was forced to
>>> have the right data and re-saved it worked fine subsequently.
>>>
>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>> before and after making such changes on a user, and can detect no
>>> difference between them.
>>>
>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy <abokovoy at redhat.com>
>>>>> wrote:
>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and client
>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The client
>>>>>> code was also changed to always read metadata about API from the server
>>>>>> side. This means the client can adopt to any server version that
>>>>>> supports API metadata.
>>>>>
>>>>> Right, and I think that the most of the plugin I had belongs
>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>> I'm less concerned about that at the moment.
>>>>>
>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>> have client-side change that replaces an input string by a file
>>>>>> reference so that a file can supplied instead of typing the content of
>>>>>> the file on the command line. This is one of most used patterns for
>>>>>> client side plugins.
>>>>>
>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>> By" to show what user requested and is responsible for this account)
>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>> see your code to help, I'd guess.
>>>>
>>>> --
>>>> / Alexander Bokovoy
>>>
>>>
>>> --
>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>
>>
>> --
>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>
>

-- 
Pavel^3 Vomacka



From acollins at chegg.com  Wed Jan 25 20:41:13 2017
From: acollins at chegg.com (Aaron Collins)
Date: Wed, 25 Jan 2017 20:41:13 +0000
Subject: [Freeipa-users] free ipa hangs
Message-ID: <805FF8D9-F4BA-4905-A94B-353772ED864D@chegg.com>

Every day or so one of my masters hangs.  The processes is still running no errors in the logs, the tcp port is still listening but it?s not fulling requests.  This also hangs any machines querying from the host as the sssd timeout doesn?t seem to take affect during the tcp connection.  From looking through the archives and troubleshooting docs I?ve taken a stack trace, but I can?t make heads or tails of what it means.  I was hoping someone here could review it and tell me perhaps where I should be looking.
Stack Trace: https://dl.dropboxusercontent.com/u/13113270/stacktrace.1485223167.txt

Using FreeIPA 4.4
[root at ipa-dc1.core2<mailto:root at ipa-dc1.core2>]# rpm -qa |grep ipa-server
ipa-server-4.4.0-14.el7.centos.1.1.x86_64
ipa-server-common-4.4.0-14.el7.centos.1.1.noarch
[root at ipa-dc1.core2<mailto:root at ipa-dc1.core2>]# rpm -qa |grep 389-ds
389-ds-base-snmp-1.3.5.10-12.el7_3.x86_64
389-ds-base-debuginfo-1.3.5.10-12.el7_3.x86_64
389-ds-base-libs-1.3.5.10-12.el7_3.x86_64
389-ds-base-1.3.5.10-12.el7_3.x86_64
[root at ipa-dc1.core2<mailto:root at ipa-dc1.core2>]# uname -a
Linux ipa-dc1.core2.cloud.cheggnet.com 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

In addition I?ve also noticed I have ghost replicas {15,24,13} which I can?t seem to remove and a high number of changes not sure if this is normal.

[root at ipa-dc1.core2<mailto:root at ipa-dc1.core2>]#  ldapsearch -xLLL -H ldap://localhost  -D "cn=directory manager"  -b dc=randomnet,dc=com  '(&(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff)(objectclass=nstombstone))' nscpentrywsi
dn: cn=replica,cn=dc\3Drandomnet\2Cdc\3Dcom,cn=mapping tree,cn=config
nscpentrywsi: dn: cn=replica,cn=dc\3Drandomnet\2Cdc\3Dcom,cn=mapping tree,cn=config
nscpentrywsi: cn: replica
nscpentrywsi: createTimestamp: 20170113010933Z
nscpentrywsi: creatorsName: cn=Directory Manager
nscpentrywsi: modifiersName: cn=Multimaster Replication Plugin,cn=plugins,cn=config
nscpentrywsi: modifyTimestamp: 20170124195814Z
nscpentrywsi: nsDS5Flags: 1
nscpentrywsi: nsDS5ReplicaBindDN: cn=replication manager,cn=config
nscpentrywsi: nsDS5ReplicaBindDN: ?
nscpentrywsi: nsDS5ReplicaId: 28
nscpentrywsi: nsDS5ReplicaName: f135c48c-d92c11e6-ba4cb212-9904938c
nscpentrywsi: nsDS5ReplicaRoot: dc=randomnet,dc=com
nscpentrywsi: nsDS5ReplicaType: 3
nscpentrywsi: nsState:: HAAAAAAAAADLsYdYAAAAAAEAAAAAAAAAuwAAAAAAAAAKAAAAAAAAAA
==
nscpentrywsi: nsds5ReplicaLegacyConsumer: off
nscpentrywsi: nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,dc=randomnet,dc=com
nscpentrywsi: nsds5replicabinddngroupcheckinterval: 60
nscpentrywsi: objectClass: nsds5replica
nscpentrywsi: objectClass: top
nscpentrywsi: objectClass: extensibleobject
nscpentrywsi: numSubordinates: 3
nscpentrywsi: nsds50ruv: {replicageneration} 564e51c0000000040000
nscpentrywsi: nsds50ruv: {replica 28 ldap://ipa-dc1.core2.cloud.RANDOMNET.COM:389} 587829930000001c0000 5887b2780018001c0000
nscpentrywsi: nsds50ruv: {replica 17 ldap://ipa.RANDOMNET.COM:389} 57ec1b37000000110000 5887b2c6000c00110000
nscpentrywsi: nsds50ruv: {replica 22 ldap://ipa-dc03.core2.cloud.RANDOMNET.COM:389} 5818c9ac000100160000 58877a26000100160000
nscpentrywsi: nsds50ruv: {replica 9 ldap://ipa-dc2.core2.cloud.RANDOMNET.COM:389} 56c57637000000090000 58878ffe000600090000
nscpentrywsi: nsds50ruv: {replica 27 ldap://ipa-dc02.corp1.cloud.RANDOMNET.COM:389} 587747710000001b0000 5877d75c0009001b0000
nscpentrywsi: nsds50ruv: {replica 29 ldap://ipa-dc01.test3.cloud.RANDOMNET.COM:389} 5878372a0000001d0000 588795e20001001d0000
nscpentrywsi: nsds50ruv: {replica 30 ldap://ipa-dc02.test3.cloud.RANDOMNET.COM:389} 58783e2d0000001e0000 588799c50003001e0000
nscpentrywsi: nsds50ruv: {replica 15} 5875c4330002000f0000 587836f20009000f0000
nscpentrywsi: nsds50ruv: {replica 24} 5877d808000500180000 58781d6a000500180000
nscpentrywsi: nsds50ruv: {replica 13} 581802c70000000d0000 581802c70000000d0000
nscpentrywsi: nsds5agmtmaxcsn: dc=randomnet,dc=com;ipa-dc1.core2.cloud.randomnet.com-to-ipa-dc03.core2.cloud.RANDOMNET.COM;ipa-dc03.core2.cloud.RANDOMNET.COM;389;22;588778510002001c0000
nscpentrywsi: nsds5agmtmaxcsn: dc=randomnet,dc=com;ipa-dc1.core2.cloud.randomnet.com-to-ipa-dc2.core2.cloud.RANDOMNET.COM;ipa-dc2.core2.cloud.RANDOMNET.COM;389;9;588778510002001c0000
nscpentrywsi: nsds5agmtmaxcsn: dc=randomnet,dc=com;ipa-dc1.core2.cloud.randomnet.com-to-ipa.RANDOMNET.COM;ipa.RANDOMNET.COM;389;17;588778510002001c0000
nscpentrywsi: nsruvReplicaLastModified: {replica 28 ldap://ipa-dc1.core2.cloud.RANDOMNET.COM:389} 5887b1bc
nscpentrywsi: nsruvReplicaLastModified: {replica 17 ldap://ipa.RANDOMNET.COM:389} 5887b20d
nscpentrywsi: nsruvReplicaLastModified: {replica 22 ldap://ipa-dc03.core2.cloud.RANDOMNET.COM:389} 5887796c
nscpentrywsi: nsruvReplicaLastModified: {replica 9 ldap://ipa-dc2.core2.cloud.RANDOMNET.COM:389} 58878f46
nscpentrywsi: nsruvReplicaLastModified: {replica 27 ldap://ipa-dc02.corp1.cloud.RANDOMNET.COM:389} 00000000
nscpentrywsi: nsruvReplicaLastModified: {replica 29 ldap://ipa-dc01.test3.cloud.RANDOMNET.COM:389} 58879526
nscpentrywsi: nsruvReplicaLastModified: {replica 30 ldap://ipa-dc02.test3.cloud.RANDOMNET.COM:389} 5887990a
nscpentrywsi: nsruvReplicaLastModified: {replica 15} 00000000
nscpentrywsi: nsruvReplicaLastModified: {replica 24} 00000000
nscpentrywsi: nsruvReplicaLastModified: {replica 13} 00000000
nscpentrywsi: nsds5ReplicaChangeCount: 58090
nscpentrywsi: nsds5replicareapactive: 0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/e7cbc817/attachment.htm>

From huston at astro.princeton.edu  Wed Jan 25 21:12:08 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Wed, 25 Jan 2017 16:12:08 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
	<2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
Message-ID: <CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>

No, that should be all of the major changes; the puppet module that
installs things only puts the two plugin files in their respective
places.  The client part of the IPA module makes changes to have the
machine join the domain and whatnot, but those shouldn't affect the
webui.

I do modify the schema by adding some attribute types for Puppet,
namely puppetClass, parentNode, environment, puppetVar, and the object
class puppetClient.  That's basically right from one of the Puppet
webpages and also worked in the past - and is one of the things the
python plugin does, add the appropriate objectclass to host entries if
puppetVar is added to a host entry.

My steps to install:
* ipa-server-install --realm=<realm> --domain=<domain> --mkhomedir
--hostname=<hostname> --no-host-dns
* ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W
  < paste puppet schema changes>
  < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a
service account used by puppet for adding hosts to IPA >
* login to web UI
* * Change home directory base, default shell, default SELinux user
* * Add SELinux user map for staff/sysadmin users
* * Add "user adder" permission/privilege/role for users who will be
able to create stageusers

That's about as far as I got before I realized some of the plugin
pieces weren't working, and then fixed the python plugin followed by
working on the UI plugin and finding this problem.  I'll go wipe and
reinstall the system again and walk through the steps, but test the UI
first and in between to see if I can find which of the steps might be
causing things to hiccup.

On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka <pvomacka at redhat.com> wrote:
> Hello Steve,
>
> I tried to reproduce what you described on the very same version of
> ipa-server and I was not successful. Actually I was not used your back-end
> plugin. I tried it with no plugin and then with your UI plugin and both
> worked correctly. Did you do any other changes somewhere in your
> installation?
>
> I will try it again also with your Python plugin and we'll see.
>
>
> On 01/24/2017 08:59 PM, Steve Huston wrote:
>>
>> And now I'm convinced this has nothing to do with my plugin and
>> instead is a bug somewhere in FreeIPA.
>>
>> I removed the entirety of the "astrocustom" plugin that I wrote,
>> restarted httpd, and force reloaded the page in chrome.  I clicked to
>> add a new user, gave the basic information, and clicked "add and
>> edit".  The bottom of the page shows the "Employee information" on the
>> left side bottom, and the manager drop-down is empty.  I entered '1'
>> in the "employee type" field and clicked save, and now "Employee
>> Information" is on the right side directly under "Contact settings",
>> and the manager drop-down is populated with the list of UIDs on the
>> system.
>>
>> When the UI is in the failed state, the "email address" field is also
>> blank, but when things switch to how they should be (after submitting
>> a change) it is populated with the email address in the record.  I
>> just tested by adding a telephone number to the record, and that also
>> made the contact information and employee information facets refresh
>> with the proper data.  Pressing shift-reload again makes all the
>> information disappear (including the telephone number I just entered).
>>
>> This is with ipa-server-4.4.0-14.el7_3.4
>>
>>
>> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
>> <huston at astro.princeton.edu> wrote:
>>>
>>> Just tested again, and this is still baffling:
>>>
>>> * Create a stage user with the right data, works fine, can be edited.
>>> * Enable that user, and now the two fields ('manager' and
>>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>>> the page without changing them to something else.
>>> * Once that user is saved, the "Employee Information" facet moves to
>>> the right side of the page, and now shows not only the current data in
>>> the manager drop down but also the other choices (uids).  Change the
>>> value of manager and employeetype back to what they were previously
>>> and it saves.
>>> * An ldapsearch run when the user is first created (as the directory
>>> manager), and after having two edits (one to change the values to
>>> something else to let the webui save them, and one to change them back
>>> to what they should be and were the first time) produce completely
>>> identical results.
>>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>>> those same steps.
>>>
>>> So something, somewhere, is being saved in a way that prevents the
>>> webui from displaying them properly, that gets fixed when those values
>>> are manually changed via the webui.
>>>
>>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>>> <huston at astro.princeton.edu> wrote:
>>>>
>>>> Even more interesting...
>>>>
>>>> I tried to modify one of the records that was not displaying properly
>>>> in the "active users" group, and sure enough the webui complained that
>>>> the "Requested By" (relabeled "manager") field was not filled in since
>>>> it was blank.  It also, however, complained that the "User tier"
>>>> (relabeled "employeetype") was incorrect, even though it showed the
>>>> label associated with the value 1.  I clicked the search drop-down for
>>>> manager, typed in my own uid, and even though everything had been
>>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>>> and my uid was now in the manager field.  I then clicked the drop down
>>>> for employeetype, and chose one of the other options.  I was now able
>>>> to save the changes to the record.
>>>>
>>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>>> on the right side bottom, instead of the left side bottom where it was
>>>> appearing.  I was also now able to change the drop-down fields for
>>>> manager and employeetype to another value, and save them, and they
>>>> worked fine even filling in all the data that should have been there.
>>>> This almost seemed like the data being returned by the server was
>>>> flawed somehow, and confusing the webui, but once it was forced to
>>>> have the right data and re-saved it worked fine subsequently.
>>>>
>>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>>> before and after making such changes on a user, and can detect no
>>>> difference between them.
>>>>
>>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com>
>>>> wrote:
>>>>>
>>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>>>
>>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy
>>>>>> <abokovoy at redhat.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and
>>>>>>> client
>>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The
>>>>>>> client
>>>>>>> code was also changed to always read metadata about API from the
>>>>>>> server
>>>>>>> side. This means the client can adopt to any server version that
>>>>>>> supports API metadata.
>>>>>>
>>>>>>
>>>>>> Right, and I think that the most of the plugin I had belongs
>>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>>> I'm less concerned about that at the moment.
>>>>>>
>>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>>> have client-side change that replaces an input string by a file
>>>>>>> reference so that a file can supplied instead of typing the content
>>>>>>> of
>>>>>>> the file on the command line. This is one of most used patterns for
>>>>>>> client side plugins.
>>>>>>
>>>>>>
>>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>>> By" to show what user requested and is responsible for this account)
>>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>>>
>>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>>> see your code to help, I'd guess.
>>>>>
>>>>> --
>>>>> / Alexander Bokovoy
>>>>
>>>>
>>>>
>>>> --
>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>
>>>
>>>
>>> --
>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>
>>
>>
>
> --
> Pavel^3 Vomacka
>



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From dsullivan2 at bsd.uchicago.edu  Wed Jan 25 22:58:34 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Wed, 25 Jan 2017 22:58:34 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <FE98D626-6BD2-4C15-9BFD-DF5AE3D1C97D@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
	<90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
	<20170120224840.GA27094@10.4.128.1>
	<FE98D626-6BD2-4C15-9BFD-DF5AE3D1C97D@bsd.uchicago.edu>
Message-ID: <9FFAC980-7E08-4538-8AAE-7FE8306ADF03@bsd.uchicago.edu>

Hi,

My apologizes for resurrecting this thread.  This issue is still ongoing, at this point we?ve been looking at it for over a week and now have more than one staff member analyzing and trying to resolve it on a full time basis.  I have some more information that I was hoping an a seasoned IPA expert could take a look at.   At this point I am fairly certain it is a performance tuning issue in either sssd or FreeIPA on the our domain controllers.  It looks to me like the main issue is that when looking up the same user across a large number of nodes in parallel, all of our available ds389 threads get blocked with '__lll_robust_lock_wait ()? for operations involving ipa_extdom_common.c.  This usually occurs on one of our two DCs, but occasionally on both.   For example, in the attached output, out of 199 threads in the attached output, 179 are in the status __lll_robust_lock_wait ().      All of the user1 at xxx.uchicago.edu<mailto:user1 at xxx.uchicago.edu> in this attachment are the same user.

Here is more information about this issue (some of it repeated for convenience):

  1.  We currently have 2 domain controllers.  Each has 6 processor cores and 180 threads allocated for 389ds.  We have gone through Red Hat?s performance tuning guide for directory services made what we felt were appropriate changes, and made additional tuning modifications to get lowered eviction rates and high cache hit numbers for 389ds.  We have approximately 220 connections to our domain controllers (from "cn=monitor?), depending on the test I?ve seen as many as 190 connected to a single DC.
  2.  We are using an AD domain where all of our users and groups reside.
  3.   I induce this by looking up a user (using the id command) on a large number of nodes (maybe 200) for a user that has never been looked up before, and is not cached on either the client, or on the DC.
  4.   Before I induce the problem, I can lookup entries in LDAP without delay or problem (i.e. the LDAP server is performant and responsive, I can inspect cn=monitor or cn=config and get instantaneous results).
  5.  When I do induce the issue, the LDAP server basically becomes unresponsive (which is expected based on the attached output).  Servicing a query using the ldapsearchtool (for either cn=monitor or cn=config) can take upwards of 1-2 minutes or longer.  Eventually the LDAP server will ?recover?, i.e. I do not typically need to restart IPA services to get this working again.
  6.  After a lookup fails, subsequent parallel lookups succeed and return the desired record (presumably from the cache).
  7.  It appears that these failures are also characterized by a corresponding "[monitor_hup] (0x0020): Received SIGHUP.?  in the sssd log.
  8.  Right before the problem occurs I see a brief spike in CPU utilization of the ns-slapd process, then the utilization basically drops to 0 once the threads are blocked in ns-slapd.
  9.  Since we are doing computation in our IPA environment, it is important that we can perform these types of parallel operations against our IPA environment at the scale we are testing.

I feel like we are either DoSing the LDAP server or the sss_be / sss_nss processes, although I am not sure.   Right now we are in the process of deploying an additional domain controller to see if that helps with distribution of load.  If anybody could provide any sort of information with respect addressing the issue in the attached trace I would be very grateful.

Regards,

Dan Sullivan



-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb.txt.zip
Type: application/zip
Size: 77563 bytes
Desc: gdb.txt.zip
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/0c56bf90/attachment.zip>

From yamakasi.014 at gmail.com  Thu Jan 26 07:37:07 2017
From: yamakasi.014 at gmail.com (Matt .)
Date: Thu, 26 Jan 2017 08:37:07 +0100
Subject: [Freeipa-users] Sync (some) users between IPA servers
Message-ID: <CAPNQp05Fxg3Rq_=UwmNeun4P6iaHypkZgSNs=TN6Fj3croWXTQ@mail.gmail.com>

Hi,

I wonder, upfront to the maybe future of IPA trusts, is there a way to
sync some users between some IPA environments ?

I have 3 IPA systems,

- office (All services)
- production (DNS and serverauth only)
- customer auth, ldap only.

Between office and production I would like to have some synced users
so they can login on both environments (servers).

Would there be some way to accomplish this ?

Thanks,

Matt



From harald.dunkel at aixigo.de  Thu Jan 26 09:55:06 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Thu, 26 Jan 2017 10:55:06 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <58878756.3010407@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
Message-ID: <a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>

Hi Thierry,

good new: I got rid of most of the conflicting entries. There
are only 2 left (see below). They look circular somehow.

Please note that the unwanted list of ipa servers is empty. The
official list looks OK. The record for cn=ipaservers,cn=ng,cn=alt\
,dc=example,dc=de looks fine, too. It points to the official list.
So hopefully the duplicates are not a big deal.

It would be nice to get rid of both, though.


Any helpful hint is highly appreciated
Harri
------------------------------------------------------------------

% cat <<EOF | ldapmodify -D "cn=directory manager" -w secret -x
> dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
> changetype: delete
> EOF
deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
ldap_delete: Server is unwilling to perform (53)
        additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.


% cat <<EOF | ldapmodify -D "cn=directory manager" -w secret -x
> dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
> changetype: delete
> EOF
deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
ldap_delete: Operations error (1)


% ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de" -s base
# extended LDIF
#
# LDAPv3
# base <cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# ipaservers + 109be304-ccd911e6-a5b3d0c8-d8da17db, ng, alt, example.de
dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
ipaUniqueID: 15699da0-ccd9-11e6-b194-fe4936c476ff
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
description: ipaNetgroup ipaservers
cn: ipaservers
nisDomainName: example.de
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
memberHost: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


% ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de" -s base
# extended LDIF
#
# LDAPv3
# base <cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# ipaservers + 109be302-ccd911e6-a5b3d0c8-d8da17db, hostgroups, accounts, example.de
dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
ipaUniqueID: 14a4041e-ccd9-11e6-b194-fe4936c476ff
cn: ipaservers
description: IPA server hosts
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
memberOf: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1



From pvoborni at redhat.com  Thu Jan 26 11:31:58 2017
From: pvoborni at redhat.com (Petr Vobornik)
Date: Thu, 26 Jan 2017 12:31:58 +0100
Subject: [Freeipa-users] FreeIPA 4.2 CA issues
In-Reply-To: <CAMWz4nUsWRvBetehzfGv0K=S6DNip-g7KuO9A_YSDKp3pNSRZg@mail.gmail.com>
References: <CAMWz4nUsWRvBetehzfGv0K=S6DNip-g7KuO9A_YSDKp3pNSRZg@mail.gmail.com>
Message-ID: <511ef7fe-1c77-2265-c15c-21306c726c7f@redhat.com>

On 01/25/2017 02:30 PM, Gendy Tartovsky wrote:
>   Hi,
> 
> I'm having a PKI-tomcat issue that started after upgrade.
> My configuration has 4 servers with CA, where servers 2, 3 and 4 are replicated 
> from the first one.
> At first it didn't cause much trouble since all the issue came down to 
> pki-tomcat getting to start about 2 minutes.
> But it seems that problem is progressed a lot and is causing issues in multiple 
> parts of the system.
> 
> After upgrading FreeIPA from 4.1 to 4.2  ipactl would not on the first node 
> start without the --ignore-service-failures.
> 
>   I found that in the menu Authentication-->Certificates
>   I have multiple certificates for same hosts in some cases there were up to 30 
> duplicates per host and it is unclear what is generating them.
> 
> Next issue is that if I try to add a new replica with ipa-replica-prepare utility
> I get an error: "Failed to generate certificate"
> 
> And the last problem I found is that I am unable to restore a backup.
> The ipa-restore utility is able to unpack the backup but once I try to start 
> FreeIPA on a new node
> the pki-tomcat fails to start. And I see this message in debug:
> 
> ipa: DEBUG: Waiting for CA to start...
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30' 
> '--no-check-certificate' 'https://XXXX:8443/ca/admin/ca/getStatus'
> ipa: DEBUG: Process finished, return code=8
> 
> 
> In the /var/log/dirsrv/slapd-XXX/errors I see a lot of these
>   NSMMReplicationPlugin - process_postop: Failed to apply update 
> (57c3cc550002000d0000) error (-1).  Aborting replication session(conn=272420 op=6)
> 
>   but I'm not sure if it is directly related to the problem.
> 
>   In /var/log/pki/pki-tomcat/ca/debug I see a lot of these messages:
> Can't create master connection in LdapBoundConnFactory::getConn! Could not 
> connect to LDAP server host bos-admin1.hq.datarobot.com 
> <http://bos-admin1.hq.datarobot.com> port 636 Error netscape.ldap.LDAPException: 
> IO Error creating JSS SSL Socket
> 
> My guess was that the CA certificate got expired, so I tried to run 
> 'ipa-cacert-manage renew'
> but it failed with this message:
> 
> Resubmitting certmonger request '20151222031110' timed out, please check the 
> request manually
> 
> 
> Don't really know what else to try right now.
> 

Could you check:

Is directory server listening on ports 389 and 636?

Is PKI server listening on port 8009 i.e. if you are hitting bug
https://fedorahosted.org/freeipa/ticket/6575

You can verify if certs are expired by running

# getcert list

And check expiration date.
-- 
Petr Vobornik



From intiro at gmail.com  Thu Jan 26 12:30:28 2017
From: intiro at gmail.com (Gendy Tartovsky)
Date: Thu, 26 Jan 2017 14:30:28 +0200
Subject: [Freeipa-users] FreeIPA 4.2 CA issues
In-Reply-To: <511ef7fe-1c77-2265-c15c-21306c726c7f@redhat.com>
References: <CAMWz4nUsWRvBetehzfGv0K=S6DNip-g7KuO9A_YSDKp3pNSRZg@mail.gmail.com>
	<511ef7fe-1c77-2265-c15c-21306c726c7f@redhat.com>
Message-ID: <CAMWz4nU6bg+FKEDC0gX+bKcT+gk=Ni=QbK=hD1Go1KGCPXfLzQ@mail.gmail.com>

Hi Petr,

# getcert list showed that allcertificates are valid for 10 more months.

Server is listening on both ports 389 and 636 and external service are able
to use them.

Also port 8009 is active, I was able to do a telnet on it from localhost.


On Thu, Jan 26, 2017 at 1:31 PM, Petr Vobornik <pvoborni at redhat.com> wrote:

> On 01/25/2017 02:30 PM, Gendy Tartovsky wrote:
> >   Hi,
> >
> > I'm having a PKI-tomcat issue that started after upgrade.
> > My configuration has 4 servers with CA, where servers 2, 3 and 4 are
> replicated
> > from the first one.
> > At first it didn't cause much trouble since all the issue came down to
> > pki-tomcat getting to start about 2 minutes.
> > But it seems that problem is progressed a lot and is causing issues in
> multiple
> > parts of the system.
> >
> > After upgrading FreeIPA from 4.1 to 4.2  ipactl would not on the first
> node
> > start without the --ignore-service-failures.
> >
> >   I found that in the menu Authentication-->Certificates
> >   I have multiple certificates for same hosts in some cases there were
> up to 30
> > duplicates per host and it is unclear what is generating them.
> >
> > Next issue is that if I try to add a new replica with
> ipa-replica-prepare utility
> > I get an error: "Failed to generate certificate"
> >
> > And the last problem I found is that I am unable to restore a backup.
> > The ipa-restore utility is able to unpack the backup but once I try to
> start
> > FreeIPA on a new node
> > the pki-tomcat fails to start. And I see this message in debug:
> >
> > ipa: DEBUG: Waiting for CA to start...
> > ipa: DEBUG: Starting external process
> > ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> > '--no-check-certificate' 'https://XXXX:8443/ca/admin/ca/getStatus'
> > ipa: DEBUG: Process finished, return code=8
> >
> >
> > In the /var/log/dirsrv/slapd-XXX/errors I see a lot of these
> >   NSMMReplicationPlugin - process_postop: Failed to apply update
> > (57c3cc550002000d0000) error (-1).  Aborting replication
> session(conn=272420 op=6)
> >
> >   but I'm not sure if it is directly related to the problem.
> >
> >   In /var/log/pki/pki-tomcat/ca/debug I see a lot of these messages:
> > Can't create master connection in LdapBoundConnFactory::getConn! Could
> not
> > connect to LDAP server host bos-admin1.hq.datarobot.com
> > <http://bos-admin1.hq.datarobot.com> port 636 Error
> netscape.ldap.LDAPException:
> > IO Error creating JSS SSL Socket
> >
> > My guess was that the CA certificate got expired, so I tried to run
> > 'ipa-cacert-manage renew'
> > but it failed with this message:
> >
> > Resubmitting certmonger request '20151222031110' timed out, please check
> the
> > request manually
> >
> >
> > Don't really know what else to try right now.
> >
>
> Could you check:
>
> Is directory server listening on ports 389 and 636?
>
> Is PKI server listening on port 8009 i.e. if you are hitting bug
> https://fedorahosted.org/freeipa/ticket/6575
>
> You can verify if certs are expired by running
>
> # getcert list
>
> And check expiration date.
> --
> Petr Vobornik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170126/845c439e/attachment.htm>

From jgoddard at emerlyn.com  Thu Jan 26 14:08:20 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Thu, 26 Jan 2017 09:08:20 -0500
Subject: [Freeipa-users] pki status discrepancies
Message-ID: <CA+No-6FUaxt6o487i01_A0e=cYOJorMwEAyEMAGfpjXsf1rYpw@mail.gmail.com>

Is there a reason the ipactl status command shows pki stopped even though
the systemctl shows it as running? Here is the example output:

[root at id-management-1 log]# systemctl status pki-tomcatd at pki-tomcat
? pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
   Loaded: loaded (/lib/systemd/system/pki-tomcatd at .service; enabled;
vendor preset: disabled)
   Active: active (running) since Sat 2016-10-01 00:07:50 EDT; 33min ago
  Process: 22425 ExecStop=/usr/libexec/tomcat/server stop (code=exited,
status=0/SUCCESS)
  Process: 22469 ExecStartPre=/usr/bin/pkidaemon start %i (code=exited,
status=0/SUCCESS)
 Main PID: 22582 (java)
   CGroup:
/system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd at pki-tomcat.service
           ??22582 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java
-DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.j...

Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.catalina.startup.HostConfig deployDescriptor
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki#js.xml has finished in 993 ms
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["http-bio-8080"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["http-bio-8443"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["ajp-bio-127.0.0.1-8009"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.catalina.startup.Catalina start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Server startup in 3313 ms
[root at id-management-1 log]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root at id-management-1 log]#

The system clock has been set to the past in an attempt to renew expired
certificates. I keep getting CA_UNREACHABLE status messages when trying to
renew the certs and I don't know if this is related or not.

Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170126/5cee4a32/attachment.htm>

From sbose at redhat.com  Thu Jan 26 15:15:44 2017
From: sbose at redhat.com (Sumit Bose)
Date: Thu, 26 Jan 2017 16:15:44 +0100
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <9FFAC980-7E08-4538-8AAE-7FE8306ADF03@bsd.uchicago.edu>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
	<90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
	<20170120224840.GA27094@10.4.128.1>
	<FE98D626-6BD2-4C15-9BFD-DF5AE3D1C97D@bsd.uchicago.edu>
	<9FFAC980-7E08-4538-8AAE-7FE8306ADF03@bsd.uchicago.edu>
Message-ID: <20170126151544.GE894@p.Speedport_W_724V_Typ_A_05011603_00_011>

On Wed, Jan 25, 2017 at 10:58:34PM +0000, Sullivan, Daniel [CRI] wrote:
> Hi,
> 
> My apologizes for resurrecting this thread.  This issue is still ongoing, at this point we?ve been looking at it for over a week and now have more than one staff member analyzing and trying to resolve it on a full time basis.  I have some more information that I was hoping an a seasoned IPA expert could take a look at.   At this point I am fairly certain it is a performance tuning issue in either sssd or FreeIPA on the our domain controllers.  It looks to me like the main issue is that when looking up the same user across a large number of nodes in parallel, all of our available ds389 threads get blocked with '__lll_robust_lock_wait ()? for operations involving ipa_extdom_common.c.  This usually occurs on one of our two DCs, but occasionally on both.   For example, in the attached output, out of 199 threads in the attached output, 179 are in the status __lll_robust_lock_wait ().      All of the user1 at xxx.uchicago.edu<mailto:user1 at xxx.uchicago.edu> in this attachment are the same user.
> 
> Here is more information about this issue (some of it repeated for convenience):
> 
>   1.  We currently have 2 domain controllers.  Each has 6 processor cores and 180 threads allocated for 389ds.  We have gone through Red Hat?s performance tuning guide for directory services made what we felt were appropriate changes, and made additional tuning modifications to get lowered eviction rates and high cache hit numbers for 389ds.  We have approximately 220 connections to our domain controllers (from "cn=monitor?), depending on the test I?ve seen as many as 190 connected to a single DC.
>   2.  We are using an AD domain where all of our users and groups reside.
>   3.   I induce this by looking up a user (using the id command) on a large number of nodes (maybe 200) for a user that has never been looked up before, and is not cached on either the client, or on the DC.
>   4.   Before I induce the problem, I can lookup entries in LDAP without delay or problem (i.e. the LDAP server is performant and responsive, I can inspect cn=monitor or cn=config and get instantaneous results).
>   5.  When I do induce the issue, the LDAP server basically becomes unresponsive (which is expected based on the attached output).  Servicing a query using the ldapsearchtool (for either cn=monitor or cn=config) can take upwards of 1-2 minutes or longer.  Eventually the LDAP server will ?recover?, i.e. I do not typically need to restart IPA services to get this working again.
>   6.  After a lookup fails, subsequent parallel lookups succeed and return the desired record (presumably from the cache).
>   7.  It appears that these failures are also characterized by a corresponding "[monitor_hup] (0x0020): Received SIGHUP.?  in the sssd log.
>   8.  Right before the problem occurs I see a brief spike in CPU utilization of the ns-slapd process, then the utilization basically drops to 0 once the threads are blocked in ns-slapd.
>   9.  Since we are doing computation in our IPA environment, it is important that we can perform these types of parallel operations against our IPA environment at the scale we are testing.
> 
> I feel like we are either DoSing the LDAP server or the sss_be / sss_nss processes, although I am not sure.   Right now we are in the process of deploying an additional domain controller to see if that helps with distribution of load.  If anybody could provide any sort of information with respect addressing the issue in the attached trace I would be very grateful.

I think your observations are due to the fact that SSSD currently
serializes connections from a single process. Your clients will call the
extdom extended LDAP operation on the IPA server to get the information
about the user from the trusted domain. The extdom plugin runs inside of
389ds and each client connection will run in a different thread. To get
the information about the user from the trusted domain the extdom plugin
calls SSSD and here is where the serialization will happen, i.e. all
threads have to wait until the first one will get his results and the
next thread can talk to SSSD.

With an empty cache the initial lookup of a user and all its groups will
take some time and since you used quite a number of clients all 389ds
worker threads will be "busy" waiting to talk to SSSD so that it would
even be hard for other request, even the ones which do not need to talk
to SSSD, to get through because there are no free worker threads.

To improve the situation maybe setting 'ignore_group_members=True' as
described on
https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
which you already mentioned might help.

Although in general not recommend depending on the size of the trusted
domain (i.e. the number of users and groups in the trusted domain)
enabling enumeration for SSSD on the IPA servers might help as well,
see man sssd.conf for details.

For the responsiveness of 389ds it might help to increase the number of
worker threads, check the nsslapd-threadnumber parameter in the 389ds
docs, e.g.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_threadnumber_Thread_Number
But with the large number of clients the clients might just use up
threads in a reasonable number of worker threads.

HTH

bye,
Sumit

> 
> Regards,
> 
> Dan Sullivan
> 
> 
> 


> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From dsullivan2 at bsd.uchicago.edu  Thu Jan 26 15:47:04 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Thu, 26 Jan 2017 15:47:04 +0000
Subject: [Freeipa-users] performance scaling of sssd / freeipa
In-Reply-To: <20170126151544.GE894@p.Speedport_W_724V_Typ_A_05011603_00_011>
References: <38D676DD-8996-4C25-B8E5-96F4EBDA5B5A@bsd.uchicago.edu>
	<50AD90A3-6073-4A90-B4BE-F6F7F5D1210A@bsd.uchicago.edu>
	<20170120162708.GE21016@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<C3C77006-5DB6-4980-8BBA-1057744A7507@bsd.uchicago.edu>
	<34ABC0E9-F56D-423F-BF25-184349DBFC4F@bsd.uchicago.edu>
	<90342660-3FE5-43A3-9D4F-FBC428549952@bsd.uchicago.edu>
	<20170120224840.GA27094@10.4.128.1>
	<FE98D626-6BD2-4C15-9BFD-DF5AE3D1C97D@bsd.uchicago.edu>
	<9FFAC980-7E08-4538-8AAE-7FE8306ADF03@bsd.uchicago.edu>
	<20170126151544.GE894@p.Speedport_W_724V_Typ_A_05011603_00_011>
Message-ID: <4BEC2D77-9DD4-4FA8-848E-52CA2122D827@bsd.uchicago.edu>

Sumit,

Thank you for detailed and thorough reply; I really appreciate you taking the time to get back to me.

What you describe makes sense, and is in-line with my thoughts and observations (and from reading Jakubs performance tuning doc).  You articulated this very well; thank you.

We had already increased the 389ds thread number from 30 -> 180 and increased the number of processor cores to 6 (based on reading 389?s documentation 30 threads per cores is roughly appropriate).  This actually helped the problem significantly.

This morning, we upped that number again to 12 cores and 360 threads for 389 DS, and this made the situation even better.  The problem has largely gone away at this point.

I turned on the ignore_group_members setting long ago, it did not help with this particular problem.

I considered enabling enumeration to try and address this issue, for some reason I thought that feature wasn?t implemented for AD domains though.  

Anyway, I think we are good for now, at least on this issue, especially thanks to your description of what is actually occurring.

Thank you for your time and for your help!

Best,

Dan

> On Jan 26, 2017, at 9:15 AM, Sumit Bose <sbose at redhat.com> wrote:
> 
> On Wed, Jan 25, 2017 at 10:58:34PM +0000, Sullivan, Daniel [CRI] wrote:
>> Hi,
>> 
>> My apologizes for resurrecting this thread.  This issue is still ongoing, at this point we?ve been looking at it for over a week and now have more than one staff member analyzing and trying to resolve it on a full time basis.  I have some more information that I was hoping an a seasoned IPA expert could take a look at.   At this point I am fairly certain it is a performance tuning issue in either sssd or FreeIPA on the our domain controllers.  It looks to me like the main issue is that when looking up the same user across a large number of nodes in parallel, all of our available ds389 threads get blocked with '__lll_robust_lock_wait ()? for operations involving ipa_extdom_common.c.  This usually occurs on one of our two DCs, but occasionally on both.   For example, in the attached output, out of 199 threads in the attached output, 179 are in the status __lll_robust_lock_wait ().      All of the user1 at xxx.uchicago.edu<mailto:user1 at xxx.uchicago.edu> in this attachment are the same user.
>> 
>> Here is more information about this issue (some of it repeated for convenience):
>> 
>>  1.  We currently have 2 domain controllers.  Each has 6 processor cores and 180 threads allocated for 389ds.  We have gone through Red Hat?s performance tuning guide for directory services made what we felt were appropriate changes, and made additional tuning modifications to get lowered eviction rates and high cache hit numbers for 389ds.  We have approximately 220 connections to our domain controllers (from "cn=monitor?), depending on the test I?ve seen as many as 190 connected to a single DC.
>>  2.  We are using an AD domain where all of our users and groups reside.
>>  3.   I induce this by looking up a user (using the id command) on a large number of nodes (maybe 200) for a user that has never been looked up before, and is not cached on either the client, or on the DC.
>>  4.   Before I induce the problem, I can lookup entries in LDAP without delay or problem (i.e. the LDAP server is performant and responsive, I can inspect cn=monitor or cn=config and get instantaneous results).
>>  5.  When I do induce the issue, the LDAP server basically becomes unresponsive (which is expected based on the attached output).  Servicing a query using the ldapsearchtool (for either cn=monitor or cn=config) can take upwards of 1-2 minutes or longer.  Eventually the LDAP server will ?recover?, i.e. I do not typically need to restart IPA services to get this working again.
>>  6.  After a lookup fails, subsequent parallel lookups succeed and return the desired record (presumably from the cache).
>>  7.  It appears that these failures are also characterized by a corresponding "[monitor_hup] (0x0020): Received SIGHUP.?  in the sssd log.
>>  8.  Right before the problem occurs I see a brief spike in CPU utilization of the ns-slapd process, then the utilization basically drops to 0 once the threads are blocked in ns-slapd.
>>  9.  Since we are doing computation in our IPA environment, it is important that we can perform these types of parallel operations against our IPA environment at the scale we are testing.
>> 
>> I feel like we are either DoSing the LDAP server or the sss_be / sss_nss processes, although I am not sure.   Right now we are in the process of deploying an additional domain controller to see if that helps with distribution of load.  If anybody could provide any sort of information with respect addressing the issue in the attached trace I would be very grateful.
> 
> I think your observations are due to the fact that SSSD currently
> serializes connections from a single process. Your clients will call the
> extdom extended LDAP operation on the IPA server to get the information
> about the user from the trusted domain. The extdom plugin runs inside of
> 389ds and each client connection will run in a different thread. To get
> the information about the user from the trusted domain the extdom plugin
> calls SSSD and here is where the serialization will happen, i.e. all
> threads have to wait until the first one will get his results and the
> next thread can talk to SSSD.
> 
> With an empty cache the initial lookup of a user and all its groups will
> take some time and since you used quite a number of clients all 389ds
> worker threads will be "busy" waiting to talk to SSSD so that it would
> even be hard for other request, even the ones which do not need to talk
> to SSSD, to get through because there are no free worker threads.
> 
> To improve the situation maybe setting 'ignore_group_members=True' as
> described on
> https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
> which you already mentioned might help.
> 
> Although in general not recommend depending on the size of the trusted
> domain (i.e. the number of users and groups in the trusted domain)
> enabling enumeration for SSSD on the IPA servers might help as well,
> see man sssd.conf for details.
> 
> For the responsiveness of 389ds it might help to increase the number of
> worker threads, check the nsslapd-threadnumber parameter in the 389ds
> docs, e.g.
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_threadnumber_Thread_Number
> But with the large number of clients the clients might just use up
> threads in a reasonable number of worker threads.
> 
> HTH
> 
> bye,
> Sumit
> 
>> 
>> Regards,
>> 
>> Dan Sullivan
>> 
>> 
>> 
> 
> 
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From tbordaz at redhat.com  Thu Jan 26 15:55:15 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Thu, 26 Jan 2017 16:55:15 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
Message-ID: <588A1BE3.7060501@redhat.com>



On 01/26/2017 10:55 AM, Harald Dunkel wrote:
> Hi Thierry,
>
> good new: I got rid of most of the conflicting entries. There
> are only 2 left (see below). They look circular somehow.

That is excellent news. Great !
>
> Please note that the unwanted list of ipa servers is empty. The
> official list looks OK. The record for cn=ipaservers,cn=ng,cn=alt\
> ,dc=example,dc=de looks fine, too. It points to the official list.
> So hopefully the duplicates are not a big deal.
>
> It would be nice to get rid of both, though.
>
>
> Any helpful hint is highly appreciated
> Harri
> ------------------------------------------------------------------
>
> % cat <<EOF | ldapmodify -D "cn=directory manager" -w secret -x
>> dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>> changetype: delete
>> EOF
> deleting entry "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de"
> ldap_delete: Server is unwilling to perform (53)
>          additional info: Deleting a managed entry is not allowed. It needs to be manually unlinked first.
>
>
> % cat <<EOF | ldapmodify -D "cn=directory manager" -w secret -x
>> dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
>> changetype: delete
>> EOF
> deleting entry "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de"
> ldap_delete: Operations error (1)

Those entries are managed entries and it is not possible to delete them 
from direct ldap command.
A solution proposed by Ludwig is not first make them unmanaged:

cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry

cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
changetype: modify
modify: objectclass
delete: mepManagedEntry

Then retry to delete them.
It should work for the first one but unsure it will succeed for the second one.

> % ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de" -s base
> # extended LDIF
> #
> # LDAPv3
> # base <cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # ipaservers + 109be304-ccd911e6-a5b3d0c8-d8da17db, ng, alt, example.de
> dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
> ipaUniqueID: 15699da0-ccd9-11e6-b194-fe4936c476ff
> mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
> description: ipaNetgroup ipaservers
> cn: ipaservers
> nisDomainName: example.de
> objectClass: ipanisnetgroup
> objectClass: ipaobject
> objectClass: mepManagedEntry
> objectClass: ipaAssociation
> objectClass: top
> memberHost: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> % ldapsearch -o ldif-wrap=no -D "cn=directory manager" -w secret -b "cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de" -s base
> # extended LDIF
> #
> # LDAPv3
> # base <cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de> with scope baseObject
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # ipaservers + 109be302-ccd911e6-a5b3d0c8-d8da17db, hostgroups, accounts, example.de
> dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
> ipaUniqueID: 14a4041e-ccd9-11e6-b194-fe4936c476ff
> cn: ipaservers
> description: IPA server hosts
> objectClass: top
> objectClass: ipahostgroup
> objectClass: ipaobject
> objectClass: groupOfNames
> objectClass: nestedGroup
> objectClass: mepOriginEntry
> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
> memberOf: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1



From huston at astro.princeton.edu  Thu Jan 26 16:53:06 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Thu, 26 Jan 2017 11:53:06 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
	<2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
	<CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>
Message-ID: <CANnpg5Rn+p4R3CULy-UGbR1TSpUQZdaA6HJOtQnCM=0cAKgm2g@mail.gmail.com>

Just did it again with the same result.  Reinstalled the machine, then
did a 'yum install ipa-server python2-ipaserver httpd' which pulled in
version 4.4.0-14.el7_3.4 and a bunch of other packages.  Next was the
ipa-server-install as I used before, only without --mkhomedir this
time.  After entering the passwords for directory administrator and
the admin user, I then logged in to the web interface, immediately
clicked "add" and added a user 'foobar'.  When I clicked "add and
edit" and was brought to the user information page, it looks like this
at the bottom:

https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0

I then entered an employee number of '0001' just to give something to
save, and clicked save.  The screen now shows this (I've clicked the
drop-down on the manager field so the choices are visible):

https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0

Holding shift and clicking reload, the page now looks like this (the
employee number field is also blank again):

https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0

Since we do run a repackaged distribution here (Springdale Linux), I
just unpacked ipa-server-common from our repository with the above
version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm,
and 'diff' found zero differences between them.  Unlikely, but I
wanted to rule out a packaging error causing the problem.

On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston
<huston at astro.princeton.edu> wrote:
> No, that should be all of the major changes; the puppet module that
> installs things only puts the two plugin files in their respective
> places.  The client part of the IPA module makes changes to have the
> machine join the domain and whatnot, but those shouldn't affect the
> webui.
>
> I do modify the schema by adding some attribute types for Puppet,
> namely puppetClass, parentNode, environment, puppetVar, and the object
> class puppetClient.  That's basically right from one of the Puppet
> webpages and also worked in the past - and is one of the things the
> python plugin does, add the appropriate objectclass to host entries if
> puppetVar is added to a host entry.
>
> My steps to install:
> * ipa-server-install --realm=<realm> --domain=<domain> --mkhomedir
> --hostname=<hostname> --no-host-dns
> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W
>   < paste puppet schema changes>
>   < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a
> service account used by puppet for adding hosts to IPA >
> * login to web UI
> * * Change home directory base, default shell, default SELinux user
> * * Add SELinux user map for staff/sysadmin users
> * * Add "user adder" permission/privilege/role for users who will be
> able to create stageusers
>
> That's about as far as I got before I realized some of the plugin
> pieces weren't working, and then fixed the python plugin followed by
> working on the UI plugin and finding this problem.  I'll go wipe and
> reinstall the system again and walk through the steps, but test the UI
> first and in between to see if I can find which of the steps might be
> causing things to hiccup.
>
> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka <pvomacka at redhat.com> wrote:
>> Hello Steve,
>>
>> I tried to reproduce what you described on the very same version of
>> ipa-server and I was not successful. Actually I was not used your back-end
>> plugin. I tried it with no plugin and then with your UI plugin and both
>> worked correctly. Did you do any other changes somewhere in your
>> installation?
>>
>> I will try it again also with your Python plugin and we'll see.
>>
>>
>> On 01/24/2017 08:59 PM, Steve Huston wrote:
>>>
>>> And now I'm convinced this has nothing to do with my plugin and
>>> instead is a bug somewhere in FreeIPA.
>>>
>>> I removed the entirety of the "astrocustom" plugin that I wrote,
>>> restarted httpd, and force reloaded the page in chrome.  I clicked to
>>> add a new user, gave the basic information, and clicked "add and
>>> edit".  The bottom of the page shows the "Employee information" on the
>>> left side bottom, and the manager drop-down is empty.  I entered '1'
>>> in the "employee type" field and clicked save, and now "Employee
>>> Information" is on the right side directly under "Contact settings",
>>> and the manager drop-down is populated with the list of UIDs on the
>>> system.
>>>
>>> When the UI is in the failed state, the "email address" field is also
>>> blank, but when things switch to how they should be (after submitting
>>> a change) it is populated with the email address in the record.  I
>>> just tested by adding a telephone number to the record, and that also
>>> made the contact information and employee information facets refresh
>>> with the proper data.  Pressing shift-reload again makes all the
>>> information disappear (including the telephone number I just entered).
>>>
>>> This is with ipa-server-4.4.0-14.el7_3.4
>>>
>>>
>>> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
>>> <huston at astro.princeton.edu> wrote:
>>>>
>>>> Just tested again, and this is still baffling:
>>>>
>>>> * Create a stage user with the right data, works fine, can be edited.
>>>> * Enable that user, and now the two fields ('manager' and
>>>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>>>> the page without changing them to something else.
>>>> * Once that user is saved, the "Employee Information" facet moves to
>>>> the right side of the page, and now shows not only the current data in
>>>> the manager drop down but also the other choices (uids).  Change the
>>>> value of manager and employeetype back to what they were previously
>>>> and it saves.
>>>> * An ldapsearch run when the user is first created (as the directory
>>>> manager), and after having two edits (one to change the values to
>>>> something else to let the webui save them, and one to change them back
>>>> to what they should be and were the first time) produce completely
>>>> identical results.
>>>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>>>> those same steps.
>>>>
>>>> So something, somewhere, is being saved in a way that prevents the
>>>> webui from displaying them properly, that gets fixed when those values
>>>> are manually changed via the webui.
>>>>
>>>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>>>> <huston at astro.princeton.edu> wrote:
>>>>>
>>>>> Even more interesting...
>>>>>
>>>>> I tried to modify one of the records that was not displaying properly
>>>>> in the "active users" group, and sure enough the webui complained that
>>>>> the "Requested By" (relabeled "manager") field was not filled in since
>>>>> it was blank.  It also, however, complained that the "User tier"
>>>>> (relabeled "employeetype") was incorrect, even though it showed the
>>>>> label associated with the value 1.  I clicked the search drop-down for
>>>>> manager, typed in my own uid, and even though everything had been
>>>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>>>> and my uid was now in the manager field.  I then clicked the drop down
>>>>> for employeetype, and chose one of the other options.  I was now able
>>>>> to save the changes to the record.
>>>>>
>>>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>>>> on the right side bottom, instead of the left side bottom where it was
>>>>> appearing.  I was also now able to change the drop-down fields for
>>>>> manager and employeetype to another value, and save them, and they
>>>>> worked fine even filling in all the data that should have been there.
>>>>> This almost seemed like the data being returned by the server was
>>>>> flawed somehow, and confusing the webui, but once it was forced to
>>>>> have the right data and re-saved it worked fine subsequently.
>>>>>
>>>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>>>> before and after making such changes on a user, and can detect no
>>>>> difference between them.
>>>>>
>>>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com>
>>>>> wrote:
>>>>>>
>>>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>>>>
>>>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy
>>>>>>> <abokovoy at redhat.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and
>>>>>>>> client
>>>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The
>>>>>>>> client
>>>>>>>> code was also changed to always read metadata about API from the
>>>>>>>> server
>>>>>>>> side. This means the client can adopt to any server version that
>>>>>>>> supports API metadata.
>>>>>>>
>>>>>>>
>>>>>>> Right, and I think that the most of the plugin I had belongs
>>>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>>>> I'm less concerned about that at the moment.
>>>>>>>
>>>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>>>> have client-side change that replaces an input string by a file
>>>>>>>> reference so that a file can supplied instead of typing the content
>>>>>>>> of
>>>>>>>> the file on the command line. This is one of most used patterns for
>>>>>>>> client side plugins.
>>>>>>>
>>>>>>>
>>>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>>>> By" to show what user requested and is responsible for this account)
>>>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>>>>
>>>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>>>> see your code to help, I'd guess.
>>>>>>
>>>>>> --
>>>>>> / Alexander Bokovoy
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>
>>>>
>>>>
>>>> --
>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>
>>>
>>>
>>
>> --
>> Pavel^3 Vomacka
>>
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From rakesh.rajasekharan at gmail.com  Thu Jan 26 17:24:22 2017
From: rakesh.rajasekharan at gmail.com (Rakesh Rajasekharan)
Date: Thu, 26 Jan 2017 22:54:22 +0530
Subject: [Freeipa-users] Kerberos Clock Skew too great
In-Reply-To: <jlgvat5mzg2.fsf@thriss.redhat.com>
References: <CANAMAkow2ACG=r_QMqWz29wYBY=Lc2LWySbPU6e_rV62U+FMuA@mail.gmail.com>
	<20170109081241.zu5jla6gw26koxhy@hendrix>
	<CANAMAkr=Mu=_rMXBjd7GA3CBqcbPWhj63SDXDL7i+Qb98JEYYw@mail.gmail.com>
	<jlg7f64kpnh.fsf@thriss.redhat.com>
	<CANAMAkpoQma2-Zh=1qN9vBgyu0Lj6WdZZE-T+hySTJhfe9hk7w@mail.gmail.com>
	<jlglgu63f0x.fsf@thriss.redhat.com>
	<CANAMAkrZiAhq5bxT+c7OzANJ69qmMJtLMAv+5pqR=Jf1egbSrw@mail.gmail.com>
	<jlgvat5mzg2.fsf@thriss.redhat.com>
Message-ID: <CANAMAkqjW3gMWh=04J0_9WaWMZCvC999MOUqAu334nYd1ndg=Q@mail.gmail.com>

I was seeing a lot of entries in the krb5kdc.log like below

"krb5kdc[10403](info): TGS_REQ (4 etypes {18 17 16 23}) 10.1.4.219: ISSUE:
authtime 1485450918, etypes {rep=18 tkt=18 ses=18}, host/my-host at MYDOMAIN"

On one env.. where users rarely log in... even there I see a lot of such
requests.


Finally , I think  I was able to track this down..  there are few local
accounts ( non freeipa ) on my hosts . These are used to run some custom
scripts through cron and run frequently ( every few mins ).
So, I feel  whenever thers a request for "su - <localuser>" or a sudo to
the local user, that would also end up calling the Kerbros service.. and
since it runs so frequently on all the hosts.. they would be choking the
IPA master / replica with so many requests..

Please correct me If I am wrong in the above assumption.

Going by the above logic.. I have added filter_users section with these
users in the sssd.conf . Hopefully I would see a drop in the number of
requests




On Mon, Jan 23, 2017 at 11:27 PM, Robbie Harwood <rharwood at redhat.com>
wrote:

> Rakesh Rajasekharan <rakesh.rajasekharan at gmail.com> writes:
>
> > one more question I was curious is.. when does the krb5kdc.log get
> entries
> > . .. I mean is it only when someone makes an attempt to login to a server
> > that the log file  krb5kdc.log on the IPA master gets updated or there
> are
> > other scenarios as well
>
> It's controlled by /etc/kdc.conf ; take a look at the "[logging]" section
> in
> `man 5 kdc.conf` for more information.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170126/5c2f97b9/attachment.htm>

From christophe.trefois at uni.lu  Fri Jan 27 11:18:47 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Fri, 27 Jan 2017 11:18:47 +0000
Subject: [Freeipa-users] Search result has been truncated - Configured size
	limit exceeded
Message-ID: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>

Dear all,

Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a

"Search result has been truncated: Configured size limit exceeded? popup. It seems all fields are properly loaded and updating fields etc works.

Does anybody know where this could come from and how to remove this message?

Thank you,
Christophe



From mbasti at redhat.com  Fri Jan 27 11:25:18 2017
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 27 Jan 2017 12:25:18 +0100
Subject: [Freeipa-users] Search result has been truncated - Configured
 size limit exceeded
In-Reply-To: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
References: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
Message-ID: <c168e14e-ae05-09c4-f418-db00317263fb@redhat.com>



On 27.01.2017 12:18, Christophe TREFOIS wrote:
> Dear all,
>
> Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a
>
> "Search result has been truncated: Configured size limit exceeded? popup. It seems all fields are properly loaded and updating fields etc works.
>
> Does anybody know where this could come from and how to remove this message?
>
> Thank you,
> Christophe
>

Hello,

what is your configured search size limit (ipa config-show)?

Martin




From tomek at pipebreaker.pl  Fri Jan 27 11:36:43 2017
From: tomek at pipebreaker.pl (Tomasz Torcz)
Date: Fri, 27 Jan 2017 12:36:43 +0100
Subject: [Freeipa-users] Search result has been truncated - Configured
 size limit exceeded
In-Reply-To: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
References: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
Message-ID: <20170127113643.GB97393@mother.pipebreaker.pl>

On Fri, Jan 27, 2017 at 11:18:47AM +0000, Christophe TREFOIS wrote:
> Dear all,
> 
> Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a
> 
> "Search result has been truncated: Configured size limit exceeded? popup. It seems all fields are properly loaded and updating fields etc works.
> 
> Does anybody know where this could come from and how to remove this message?

  See 5.3.4.1. Adjusting the Search Size and Time Limit

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-idm-cli.html#tune-search-adjust-limits


-- 
Tomasz   .. oo o.   oo o. .o   .o o. o. oo o.   ..
Torcz    .. .o .o   .o .o oo   oo .o .. .. oo   oo
o.o.o.   .o .. o.   o. o. o.   o. o. oo .. ..   o.



From harald.dunkel at aixigo.de  Fri Jan 27 11:51:29 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Fri, 27 Jan 2017 12:51:29 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <588A1BE3.7060501@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
	<588A1BE3.7060501@redhat.com>
Message-ID: <f9d43f4d-fb1d-1f73-efc2-b2e20fab678e@aixigo.de>

Hi Thierry,

On 01/26/17 16:55, thierry bordaz wrote:
> 
> 
> Those entries are managed entries and it is not possible to delete them from direct ldap command.
> A solution proposed by Ludwig is not first make them unmanaged:
> 
> cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
> changetype: modify
> modify: objectclass
> delete: mepManagedEntry
> 
> cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
> changetype: modify
> modify: objectclass
> delete: mepManagedEntry
> 
> Then retry to delete them.
> It should work for the first one but unsure it will succeed for the second one.
> 

I am not sure about this "managed" thing. This sounds like some
kind of external influence.

How can I make sure that removing these entries doesn't break
something? Is the original entry managed in the same way as
the duplicate?


Regards
Harri



From christophe.trefois at uni.lu  Fri Jan 27 12:02:26 2017
From: christophe.trefois at uni.lu (Christophe TREFOIS)
Date: Fri, 27 Jan 2017 12:02:26 +0000
Subject: [Freeipa-users] Search result has been truncated - Configured
 size limit exceeded
In-Reply-To: <c168e14e-ae05-09c4-f418-db00317263fb@redhat.com>
References: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
	<c168e14e-ae05-09c4-f418-db00317263fb@redhat.com>
Message-ID: <88013A6A-0518-4425-A73B-D0529FF42ECB@uni.lu>

Hi Martin,

Thank you for your swift reply.

Here is the two parameters from that command:

  Search time limit: 2
  Search size limit: 200

Does this tell you anything?

Kind regards,
Christophe

> On 27 Jan 2017, at 12:25, Martin Basti <mbasti at redhat.com> wrote:
> 
> 
> 
> On 27.01.2017 12:18, Christophe TREFOIS wrote:
>> Dear all,
>> 
>> Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a
>> 
>> "Search result has been truncated: Configured size limit exceeded? popup. It seems all fields are properly loaded and updating fields etc works.
>> 
>> Does anybody know where this could come from and how to remove this message?
>> 
>> Thank you,
>> Christophe
>> 
> 
> Hello,
> 
> what is your configured search size limit (ipa config-show)?
> 
> Martin
> 
> 




From mbasti at redhat.com  Fri Jan 27 12:20:45 2017
From: mbasti at redhat.com (Martin Basti)
Date: Fri, 27 Jan 2017 13:20:45 +0100
Subject: [Freeipa-users] Search result has been truncated - Configured
 size limit exceeded
In-Reply-To: <88013A6A-0518-4425-A73B-D0529FF42ECB@uni.lu>
References: <939B79E2-2718-48C8-BA4E-BA559FB54034@uni.lu>
	<c168e14e-ae05-09c4-f418-db00317263fb@redhat.com>
	<88013A6A-0518-4425-A73B-D0529FF42ECB@uni.lu>
Message-ID: <2b00e47b-a52a-a4eb-8d80-4e57a50f3cea@redhat.com>

Thanks,

could you check command ipa user-show <users> if there is a truncation 
warning?

Is possible you can suffer from this bug 
https://fedorahosted.org/freeipa/ticket/6618

how many users do you have?

Martin

On 27.01.2017 13:02, Christophe TREFOIS wrote:
> Hi Martin,
>
> Thank you for your swift reply.
>
> Here is the two parameters from that command:
>
>    Search time limit: 2
>    Search size limit: 200
>
> Does this tell you anything?
>
> Kind regards,
> Christophe
>
>> On 27 Jan 2017, at 12:25, Martin Basti <mbasti at redhat.com> wrote:
>>
>>
>>
>> On 27.01.2017 12:18, Christophe TREFOIS wrote:
>>> Dear all,
>>>
>>> Since some time now, when we access a user details via the GUI in FreeIPA 4.4, we receive a
>>>
>>> "Search result has been truncated: Configured size limit exceeded? popup. It seems all fields are properly loaded and updating fields etc works.
>>>
>>> Does anybody know where this could come from and how to remove this message?
>>>
>>> Thank you,
>>> Christophe
>>>
>> Hello,
>>
>> what is your configured search size limit (ipa config-show)?
>>
>> Martin
>>
>>



From yamakasi.014 at gmail.com  Fri Jan 27 13:48:25 2017
From: yamakasi.014 at gmail.com (Matt .)
Date: Fri, 27 Jan 2017 14:48:25 +0100
Subject: [Freeipa-users] User with rights for only adding hosts
Message-ID: <CAPNQp06iCA5MX8S6E5oMs7=phLcfSqeqzPVAUP4ye3+K_G5AQQ@mail.gmail.com>

Hi,

Is it possible to create a user that can/is allowed (to) only add
hosts using the ipa-client-install ?

Would be nice to know.

Cheers,

Matt



From rcritten at redhat.com  Fri Jan 27 15:39:57 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Fri, 27 Jan 2017 10:39:57 -0500
Subject: [Freeipa-users] User with rights for only adding hosts
In-Reply-To: <CAPNQp06iCA5MX8S6E5oMs7=phLcfSqeqzPVAUP4ye3+K_G5AQQ@mail.gmail.com>
References: <CAPNQp06iCA5MX8S6E5oMs7=phLcfSqeqzPVAUP4ye3+K_G5AQQ@mail.gmail.com>
Message-ID: <a4073493-e366-6765-505b-a4a4a978ee1f@redhat.com>

Matt . wrote:
> Hi,
>
> Is it possible to create a user that can/is allowed (to) only add
> hosts using the ipa-client-install ?
>
> Would be nice to know.

Are you asking if it can only add a host in the context of 
ipa-client-install? No.

Or are you asking "Is there a permission I can delegate to add hosts?" 
Yes, I just forget the name and don't have an install in front of me. 
ipa permission-find host should give you a reasonablly short list to 
search through.

I'm imagining that more than that single permission will be required 
though, depending on what it is you want to do (e.g. DNS updates, etc).

rob



From orion at cora.nwra.com  Fri Jan 27 21:15:16 2017
From: orion at cora.nwra.com (Orion Poplawski)
Date: Fri, 27 Jan 2017 14:15:16 -0700
Subject: [Freeipa-users] sudo sometimes doesn't work
Message-ID: <01415443-eac5-86c1-4dc8-fc429c39d833@cora.nwra.com>

EL7.3
Users are in active directory via AD trust with IPA server

sudo is configured via files - users in our default "nwra" group can run
certain sudo commands, e.g.:

Cmnd_Alias WAKEUP = /sbin/ether-wake *
%nwra,%visitor,%ivm   ALL=NOPASSWD: WAKEUP

However, sometimes when I run sudo /sbin/ether-wake I get prompted for my
password.  Other times it works fine.  I've attached some logs from failed
attempt.

In particular, these entries:

-barry.cora.DNSDOMAIN sssd_be[701]: Got request with the following data
-barry.cora.DNSDOMAIN sssd_be[701]: command: SSS_PAM_PREAUTH
-barry.cora.DNSDOMAIN sssd_be[701]: domain: ad.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: user: USER at ad.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: service: sudo
-barry.cora.DNSDOMAIN sssd_be[701]: tty: /dev/pts/0
-barry.cora.DNSDOMAIN sssd_be[701]: ruser: USER
-barry.cora.DNSDOMAIN sssd_be[701]: rhost:
-barry.cora.DNSDOMAIN sssd_be[701]: authtok type: 0
-barry.cora.DNSDOMAIN sssd_be[701]: newauthtok type: 0
-barry.cora.DNSDOMAIN sssd_be[701]: priv: 0
-barry.cora.DNSDOMAIN sssd_be[701]: cli_pid: 2860
-barry.cora.DNSDOMAIN sssd_be[701]: logon name: not set
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN krb5_child[2869]: cmd [249] uid [22603] gid [22603]
validate [true] enterprise principal [false] offline [false] UPN
[USER at AD.NWRA.COM]
-barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_FAST_PRINCIPAL is set to
[host/barry.cora.DNSDOMAIN at NWRA.COM]
-barry.cora.DNSDOMAIN krb5_child[2869]: FAST TGT is still valid.
-barry.cora.DNSDOMAIN krb5_child[2869]: Trying to become user [22603][22603].
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read
[SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot read [SSSD_KRB5_LIFETIME] from
environment.
-barry.cora.DNSDOMAIN krb5_child[2869]: SSSD_KRB5_CANONICALIZE is set to [true]
-barry.cora.DNSDOMAIN krb5_child[2869]: Cannot handle password prompts.
-barry.cora.DNSDOMAIN krb5_child[2869]: Received error code 0
-barry.cora.DNSDOMAIN sssd_be[701]: child [2869] finished successfully.
-barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server
'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: connection is about to expire, releasing it
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN sssd_be[701]: Trying to resolve service 'IPA'
-barry.cora.DNSDOMAIN sssd_be[701]: The status of SRV lookup is resolved
-barry.cora.DNSDOMAIN sssd_be[701]: Found address for server ipa1.DNSDOMAIN:
[10.0.1.74] TTL 86400
-barry.cora.DNSDOMAIN ldap_child[2889]: Will run as [0][0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Trying to become user [0][0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Already user [0].
-barry.cora.DNSDOMAIN ldap_child[2889]: Principal name is:
[host/barry.cora.DNSDOMAIN at NWRA.COM]
-barry.cora.DNSDOMAIN ldap_child[2889]: Using keytab [MEMORY:/etc/krb5.keytab]
-barry.cora.DNSDOMAIN ldap_child[2889]: Will canonicalize principals
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: expire timeout is 900
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: Executing sasl bind mech: GSSAPI, user:
host/barry.cora.DNSDOMAIN
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 1
-barry.cora.DNSDOMAIN sssd_be[701]: GSSAPI client step 2
-barry.cora.DNSDOMAIN sssd_be[701]: child [2889] finished successfully.
-barry.cora.DNSDOMAIN sssd_be[701]: Marking port 389 of server
'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: Marking server 'ipa1.DNSDOMAIN' as 'working'
-barry.cora.DNSDOMAIN sssd_be[701]: No host groups were dereferenced
-barry.cora.DNSDOMAIN sssd_be[701]: Received 0 additional command groups
-barry.cora.DNSDOMAIN sssd_be[701]: Received 0 sudo rules
-barry.cora.DNSDOMAIN sssd_be[701]: SUDO higher USN value: [1]
-barry.cora.DNSDOMAIN sudo[2860]:    USER : command not allowed ; TTY=pts/0 ;
PWD=/export/home/USER/fedora/fail2ban ; USER=root ; COMMAND=/sbin/ether-wake
-i eth0 00:25:64:e0:05:fa

seem to appear in the failed attempt but not a successful one.

-- 
Orion Poplawski
Technical Manager                          720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion at nwra.com
Boulder, CO 80301                   http://www.nwra.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudo.log
Type: text/x-log
Size: 13053 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170127/ab7874ba/attachment.bin>

From huston at astro.princeton.edu  Fri Jan 27 21:23:56 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Fri, 27 Jan 2017 16:23:56 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5Rn+p4R3CULy-UGbR1TSpUQZdaA6HJOtQnCM=0cAKgm2g@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
	<2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
	<CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>
	<CANnpg5Rn+p4R3CULy-UGbR1TSpUQZdaA6HJOtQnCM=0cAKgm2g@mail.gmail.com>
Message-ID: <CANnpg5Rsi4sLi8tJZY5Fjnv70=Mfu7Y55icLUP0am==YFMWoSg@mail.gmail.com>

Stranger, I did an install on a different VM with the CentOS 7 minimal
ISO, then installed ipa-server and enough things to get X11 and
Firefox, ran ipa-server-install and it worked fine.  I tested with
Firefox (and Safari) against my failing installation and it still
fails.  So there's something else different that's causing it to
break.  Will continue investigating, but if someone knows why the UI
would break this way it would be helpful to know where to look!

On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston
<huston at astro.princeton.edu> wrote:
> Just did it again with the same result.  Reinstalled the machine, then
> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in
> version 4.4.0-14.el7_3.4 and a bunch of other packages.  Next was the
> ipa-server-install as I used before, only without --mkhomedir this
> time.  After entering the passwords for directory administrator and
> the admin user, I then logged in to the web interface, immediately
> clicked "add" and added a user 'foobar'.  When I clicked "add and
> edit" and was brought to the user information page, it looks like this
> at the bottom:
>
> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0
>
> I then entered an employee number of '0001' just to give something to
> save, and clicked save.  The screen now shows this (I've clicked the
> drop-down on the manager field so the choices are visible):
>
> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0
>
> Holding shift and clicking reload, the page now looks like this (the
> employee number field is also blank again):
>
> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0
>
> Since we do run a repackaged distribution here (Springdale Linux), I
> just unpacked ipa-server-common from our repository with the above
> version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm,
> and 'diff' found zero differences between them.  Unlikely, but I
> wanted to rule out a packaging error causing the problem.
>
> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston
> <huston at astro.princeton.edu> wrote:
>> No, that should be all of the major changes; the puppet module that
>> installs things only puts the two plugin files in their respective
>> places.  The client part of the IPA module makes changes to have the
>> machine join the domain and whatnot, but those shouldn't affect the
>> webui.
>>
>> I do modify the schema by adding some attribute types for Puppet,
>> namely puppetClass, parentNode, environment, puppetVar, and the object
>> class puppetClient.  That's basically right from one of the Puppet
>> webpages and also worked in the past - and is one of the things the
>> python plugin does, add the appropriate objectclass to host entries if
>> puppetVar is added to a host entry.
>>
>> My steps to install:
>> * ipa-server-install --realm=<realm> --domain=<domain> --mkhomedir
>> --hostname=<hostname> --no-host-dns
>> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W
>>   < paste puppet schema changes>
>>   < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a
>> service account used by puppet for adding hosts to IPA >
>> * login to web UI
>> * * Change home directory base, default shell, default SELinux user
>> * * Add SELinux user map for staff/sysadmin users
>> * * Add "user adder" permission/privilege/role for users who will be
>> able to create stageusers
>>
>> That's about as far as I got before I realized some of the plugin
>> pieces weren't working, and then fixed the python plugin followed by
>> working on the UI plugin and finding this problem.  I'll go wipe and
>> reinstall the system again and walk through the steps, but test the UI
>> first and in between to see if I can find which of the steps might be
>> causing things to hiccup.
>>
>> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka <pvomacka at redhat.com> wrote:
>>> Hello Steve,
>>>
>>> I tried to reproduce what you described on the very same version of
>>> ipa-server and I was not successful. Actually I was not used your back-end
>>> plugin. I tried it with no plugin and then with your UI plugin and both
>>> worked correctly. Did you do any other changes somewhere in your
>>> installation?
>>>
>>> I will try it again also with your Python plugin and we'll see.
>>>
>>>
>>> On 01/24/2017 08:59 PM, Steve Huston wrote:
>>>>
>>>> And now I'm convinced this has nothing to do with my plugin and
>>>> instead is a bug somewhere in FreeIPA.
>>>>
>>>> I removed the entirety of the "astrocustom" plugin that I wrote,
>>>> restarted httpd, and force reloaded the page in chrome.  I clicked to
>>>> add a new user, gave the basic information, and clicked "add and
>>>> edit".  The bottom of the page shows the "Employee information" on the
>>>> left side bottom, and the manager drop-down is empty.  I entered '1'
>>>> in the "employee type" field and clicked save, and now "Employee
>>>> Information" is on the right side directly under "Contact settings",
>>>> and the manager drop-down is populated with the list of UIDs on the
>>>> system.
>>>>
>>>> When the UI is in the failed state, the "email address" field is also
>>>> blank, but when things switch to how they should be (after submitting
>>>> a change) it is populated with the email address in the record.  I
>>>> just tested by adding a telephone number to the record, and that also
>>>> made the contact information and employee information facets refresh
>>>> with the proper data.  Pressing shift-reload again makes all the
>>>> information disappear (including the telephone number I just entered).
>>>>
>>>> This is with ipa-server-4.4.0-14.el7_3.4
>>>>
>>>>
>>>> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
>>>> <huston at astro.princeton.edu> wrote:
>>>>>
>>>>> Just tested again, and this is still baffling:
>>>>>
>>>>> * Create a stage user with the right data, works fine, can be edited.
>>>>> * Enable that user, and now the two fields ('manager' and
>>>>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>>>>> the page without changing them to something else.
>>>>> * Once that user is saved, the "Employee Information" facet moves to
>>>>> the right side of the page, and now shows not only the current data in
>>>>> the manager drop down but also the other choices (uids).  Change the
>>>>> value of manager and employeetype back to what they were previously
>>>>> and it saves.
>>>>> * An ldapsearch run when the user is first created (as the directory
>>>>> manager), and after having two edits (one to change the values to
>>>>> something else to let the webui save them, and one to change them back
>>>>> to what they should be and were the first time) produce completely
>>>>> identical results.
>>>>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>>>>> those same steps.
>>>>>
>>>>> So something, somewhere, is being saved in a way that prevents the
>>>>> webui from displaying them properly, that gets fixed when those values
>>>>> are manually changed via the webui.
>>>>>
>>>>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>>>>> <huston at astro.princeton.edu> wrote:
>>>>>>
>>>>>> Even more interesting...
>>>>>>
>>>>>> I tried to modify one of the records that was not displaying properly
>>>>>> in the "active users" group, and sure enough the webui complained that
>>>>>> the "Requested By" (relabeled "manager") field was not filled in since
>>>>>> it was blank.  It also, however, complained that the "User tier"
>>>>>> (relabeled "employeetype") was incorrect, even though it showed the
>>>>>> label associated with the value 1.  I clicked the search drop-down for
>>>>>> manager, typed in my own uid, and even though everything had been
>>>>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>>>>> and my uid was now in the manager field.  I then clicked the drop down
>>>>>> for employeetype, and chose one of the other options.  I was now able
>>>>>> to save the changes to the record.
>>>>>>
>>>>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>>>>> on the right side bottom, instead of the left side bottom where it was
>>>>>> appearing.  I was also now able to change the drop-down fields for
>>>>>> manager and employeetype to another value, and save them, and they
>>>>>> worked fine even filling in all the data that should have been there.
>>>>>> This almost seemed like the data being returned by the server was
>>>>>> flawed somehow, and confusing the webui, but once it was forced to
>>>>>> have the right data and re-saved it worked fine subsequently.
>>>>>>
>>>>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>>>>> before and after making such changes on a user, and can detect no
>>>>>> difference between them.
>>>>>>
>>>>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>>>>>
>>>>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy
>>>>>>>> <abokovoy at redhat.com>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and
>>>>>>>>> client
>>>>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The
>>>>>>>>> client
>>>>>>>>> code was also changed to always read metadata about API from the
>>>>>>>>> server
>>>>>>>>> side. This means the client can adopt to any server version that
>>>>>>>>> supports API metadata.
>>>>>>>>
>>>>>>>>
>>>>>>>> Right, and I think that the most of the plugin I had belongs
>>>>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>>>>> I'm less concerned about that at the moment.
>>>>>>>>
>>>>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>>>>> have client-side change that replaces an input string by a file
>>>>>>>>> reference so that a file can supplied instead of typing the content
>>>>>>>>> of
>>>>>>>>> the file on the command line. This is one of most used patterns for
>>>>>>>>> client side plugins.
>>>>>>>>
>>>>>>>>
>>>>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>>>>> By" to show what user requested and is responsible for this account)
>>>>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>>>>>
>>>>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>>>>> see your code to help, I'd guess.
>>>>>>>
>>>>>>> --
>>>>>>> / Alexander Bokovoy
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>
>>>>
>>>>
>>>
>>> --
>>> Pavel^3 Vomacka
>>>
>>
>>
>>
>> --
>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From deepak_dimri at hotmail.com  Sat Jan 28 14:14:40 2017
From: deepak_dimri at hotmail.com (Deepak Dimri)
Date: Sat, 28 Jan 2017 14:14:40 +0000
Subject: [Freeipa-users] Unable to uninstall and re-install ipa client on
	Ubuntu 14.04
Message-ID: <BN6PR18MB15241B93CD5EDAFEE53962C7F5490@BN6PR18MB1524.namprd18.prod.outlook.com>

Hi All,


I am trying to re-install ipa-client on ubuntu 14.04 but its not getting completed cleanly.   Getting below errors when trying to uninstall ipa client:


ipa-client-install --uninstall -U
root        : ERROR    dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1
root        : ERROR    certmonger failed to start: Command '/usr/sbin/service certmonger start ' returned non-zero exit status 1
Unenrolling client from IPA server
Unenrolling host failed: Error obtaining initial credentials: Decrypt integrity check failed.

Removing Kerberos service principals from /etc/krb5.keytab
Failed to clean up /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Would run on a Red Hat platform: /usr/sbin/authconfig --disablesssdauth --disablemkhomedir --update --disablesssd
Please do the corresponding changes manually and press Enter:
Restoring client configuration files

if i ignore above error and re run ipa-client-install then it returns below errors towards the end:

Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 1)
root        : ERROR    dbus failed to start: Command '/usr/sbin/service dbus start ' returned non-zero exit status 1
Failed to configure automatic startup of the certmonger daemon
Automatic certificate management will not be available
root        : ERROR    Failed to disable automatic startup of the certmonger daemon: Command '/sbin/chkconfig certmonger on' returned non-zero exit status 1
Would run on a Red Hat platform: /usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd

Can some one please help me how can i get rid of these errors and get the clean ipa client installation on ubuntu?


Many Thanks,

Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170128/13e5d60f/attachment.htm>

From deepak.dimri2016 at gmail.com  Sun Jan 29 16:13:31 2017
From: deepak.dimri2016 at gmail.com (deepak dimri)
Date: Sun, 29 Jan 2017 21:43:31 +0530
Subject: [Freeipa-users] Unable to uninstall and re-install ipa client
 on Ubuntu 14.04
In-Reply-To: <BN6PR18MB15241B93CD5EDAFEE53962C7F5490@BN6PR18MB1524.namprd18.prod.outlook.com>
References: <BN6PR18MB15241B93CD5EDAFEE53962C7F5490@BN6PR18MB1524.namprd18.prod.outlook.com>
Message-ID: <CALaMjYxjNH31XkrrxJXcmoWj=CeZoTB1twPkuj2RiCYLbzRZ=A@mail.gmail.com>

Can some one please help me with this? I cannot uninstall and re install
ipa client cleanly on my ubuntu machine. when i re run in the
ipa-client-install i am always getting these errors:

Unable to sync time with IPA NTP server, assuming the time is in sync.
Enrolled in IPA realm TEST.REALM.COM
Created /etc/ipa/default.conf
New SSSD config will be created.
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TEST.REALM.COM
Warning: Hostname (foo.test.com) not found in DNS
Failed to obtain host TGT.
Failed to update DNS A record. (Command '/usr/bin/nsupdate -g
/etc/ipa/.dns_update.txt' returned non-zero exit status 1)
root        : ERROR    dbus failed to start: Command '/usr/sbin/service
dbus start ' returned non-zero exit status 1
Failed to configure automatic startup of the certmonger daemon
Automatic certificate management will not be available
root        : ERROR    Failed to disable automatic startup of the
certmonger daemon: Command '/sbin/chkconfig certmonger on' returned
non-zero exit status 1
Would run on a Red Hat platform: /usr/sbin/authconfig --enablesssdauth
--enablemkhomedir --update --enablesssd
Please do the corresponding changes manually and press Enter:
SSSD enabled
*Unable to find 'admin' user with 'getent passwd admin'!*
Recognized configuration: SSSD
Client configuration complete.

i am using below command to install ipa client

sudo ipa-client-install --server=<server fqdn> --domain=test.realm.com
--enable-dns-updates --mkhomedir --realm=TEST.REALM.com -w xxxx --hostname=
foo.test.com --unattended --no-ntp


Would really appreciate if some one can help resolve the issue i have
facing..

Thanks,

Deepak
On Sat, Jan 28, 2017 at 7:44 PM, Deepak Dimri <deepak_dimri at hotmail.com>
wrote:

> Hi All,
>
>
> I am trying to re-install ipa-client on ubuntu 14.04 but its not getting
> completed cleanly.   Getting below errors when trying to uninstall ipa
> client:
>
>
> ipa-client-install --uninstall -U
> root        : ERROR    dbus failed to start: Command '/usr/sbin/service
> dbus start ' returned non-zero exit status 1
> root        : ERROR    certmonger failed to start: Command
> '/usr/sbin/service certmonger start ' returned non-zero exit status 1
> Unenrolling client from IPA server
> Unenrolling host failed: Error obtaining initial credentials: Decrypt
> integrity check failed.
>
> Removing Kerberos service principals from /etc/krb5.keytab
> Failed to clean up /etc/krb5.keytab
> Disabling client Kerberos and LDAP configurations
> Would run on a Red Hat platform: /usr/sbin/authconfig --disablesssdauth
> --disablemkhomedir --update --disablesssd
> Please do the corresponding changes manually and press Enter:
> Restoring client configuration files
>
> if i ignore above error and re run ipa-client-install then it returns
> below errors towards the end:
>
> Failed to update DNS A record. (Command '/usr/bin/nsupdate -g
> /etc/ipa/.dns_update.txt' returned non-zero exit status 1)
> root        : ERROR    dbus failed to start: Command '/usr/sbin/service
> dbus start ' returned non-zero exit status 1
> Failed to configure automatic startup of the certmonger daemon
> Automatic certificate management will not be available
> root        : ERROR    Failed to disable automatic startup of the
> certmonger daemon: Command '/sbin/chkconfig certmonger on' returned
> non-zero exit status 1
> Would run on a Red Hat platform: /usr/sbin/authconfig --enablesssdauth
> --enablemkhomedir --update --enablesssd
>
> Can some one please help me how can i get rid of these errors and get the
> clean ipa client installation on ubuntu?
>
>
> Many Thanks,
>
> Deepak
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170129/216ce434/attachment.htm>

From daniel at schimpfoessl.com  Sun Jan 29 18:13:15 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Sun, 29 Jan 2017 12:13:15 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <e7500d16-224c-f1cc-7cbd-d76047b41dd2@redhat.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
	<9988ea17-db76-aa1f-3009-387819189354@redhat.com>
	<CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>
	<CAEz2YVncx-HPgDkFDELTCgdHGNyuXnCUvy0LGy_BL+wdC+dSBQ@mail.gmail.com>
	<e7500d16-224c-f1cc-7cbd-d76047b41dd2@redhat.com>
Message-ID: <CAEz2YVmJtSCB7=t=Sdc6ShO_TYV-kFya57+6maxrBuMNr-CTaw@mail.gmail.com>

   - Made the suggested changes per
   https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html
   without luck.

# diff CS.cfg /etc/pki/pki-tomcat/ca/CS.cfg -u
--- CS.cfg 2017-01-28 22:55:58.898325995 -0600
+++ /etc/pki/pki-tomcat/ca/CS.cfg 2017-01-28 22:57:56.950364994 -0600
@@ -761,13 +761,13 @@
 internaldb._002=##
 internaldb.basedn=o=ipaca
 internaldb.database=ipaca
-internaldb.ldapauth.authtype=SslClientAuth
-internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipa-ca
+internaldb.ldapauth.authtype=BasicAuth
+internaldb.ldapauth.bindDN=cn=Directory Manager
 internaldb.ldapauth.bindPWPrompt=internaldb
 internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
 internaldb.ldapconn.host=wwgwho01.webwim.com
-internaldb.ldapconn.port=636
-internaldb.ldapconn.secureConn=true
+internaldb.ldapconn.port=389
+internaldb.ldapconn.secureConn=false
 internaldb.maxConns=15
 internaldb.minConns=3
 internaldb.multipleSuffix.enable=false

# systemctl start ipa
# systemctl status ipa.service

Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting krb5kdc Service
Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting kadmin Service
Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting named Service
Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting ipa_memcached
Service
Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting httpd Service
Jan 28 23:11:13 wwgwho01.webwim.com ipactl[3038]: Starting pki-tomcatd
Service
Jan 28 23:11:13 wwgwho01.webwim.com systemd[1]: ipa.service: main process
exited, code=exited, status=1/FAILURE
Jan 28 23:11:13 wwgwho01.webwim.com systemd[1]: Failed to start Identity,
Policy, Audit.
Jan 28 23:11:13 wwgwho01.webwim.com systemd[1]: Unit ipa.service entered
failed state.
Jan 28 23:11:13 wwgwho01.webwim.com systemd[1]: ipa.service failed.


   - The system uses SELinux enforcing.
      - Rebooting with permissive does not fix the issues.


   - Tailing a list of known logs shows following warning/error/info output:

tail -f \
 /var/log/dirsrv/slapd-WEBWIM-COM/* \
 /var/log/pki/pki-tomcat/*log \
 /var/log/pki/pki-tomcat/ca/debug \
 /var/log/ipaupgrade.log \
 /var/log/messages \
 /var/log/secure

==> /var/log/messages <==
Jan 29 11:49:56 wwgwho01 systemd: Starting Identity, Policy, Audit...

==> /var/log/secure <==
Jan 29 11:49:56 wwgwho01 polkitd[550]: Registered Authentication Agent for
unix-process:4460:250125821 (system bus name :1.4296 [/usr/bin/pkttyagent
--notify-fd 5 --fallback], object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)

==> /var/log/messages <==
Jan 29 11:49:58 wwgwho01 ipactl: Existing service file detected!
Jan 29 11:49:58 wwgwho01 ipactl: Assuming stale, cleaning and proceeding
Jan 29 11:49:58 wwgwho01 systemd: Starting 389 Directory Server
WEBWIM-COM....

==> /var/log/dirsrv/slapd-WEBWIM-COM/errors <==
[29/Jan/2017:11:49:58.818082050 -0600] SSL alert: Sending pin request to
SVRCore. You may need to run systemd-tty-ask-password-agent to provide the
password.
[29/Jan/2017:11:49:58.822869664 -0600] SSL alert: Security Initialization:
Enabling default cipher set.
[29/Jan/2017:11:49:58.824974504 -0600] SSL alert: Configured NSS Ciphers
[29/Jan/2017:11:49:58.826987881 -0600] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
enabled
[29/Jan/2017:11:49:58.829376138 -0600] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.831838095 -0600] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
enabled
[29/Jan/2017:11:49:58.834150949 -0600] SSL alert:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.836447039 -0600] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
[29/Jan/2017:11:49:58.839752160 -0600] SSL alert:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.842142990 -0600] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
[29/Jan/2017:11:49:58.845282878 -0600] SSL alert:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.847725055 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
enabled
[29/Jan/2017:11:49:58.850490283 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.853289156 -0600] SSL alert:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.855638498 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
enabled
[29/Jan/2017:11:49:58.858043924 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
enabled
[29/Jan/2017:11:49:58.860702879 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.863049649 -0600] SSL alert:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.865252296 -0600] SSL alert:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
enabled
[29/Jan/2017:11:49:58.867532414 -0600] SSL alert:
TLS_RSA_WITH_AES_256_GCM_SHA384:
enabled
[29/Jan/2017:11:49:58.870275358 -0600] SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.872622320 -0600] SSL alert:
TLS_RSA_WITH_AES_256_CBC_SHA256:
enabled
[29/Jan/2017:11:49:58.874702659 -0600] SSL alert:
TLS_RSA_WITH_AES_128_GCM_SHA256:
enabled
[29/Jan/2017:11:49:58.877007382 -0600] SSL alert: TLS_RSA_WITH_AES_128_CBC_SHA:
enabled
[29/Jan/2017:11:49:58.879495838 -0600] SSL alert:
TLS_RSA_WITH_AES_128_CBC_SHA256:
enabled
[29/Jan/2017:11:49:58.884039151 -0600] SSL alert:
CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert
of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error
-8179 - Peer's Certificate issuer is not recognized.)
[29/Jan/2017:11:49:58.909817597 -0600] SSL alert: nsTLS1 is on, but the
version range is lower than "TLS1.0"; Configuring the version range as
default min: TLS1.0, max: TLS1.2.
[29/Jan/2017:11:49:58.912004416 -0600] SSL Initialization - Configured SSL
version range: min: TLS1.0, max: TLS1.2
[29/Jan/2017:11:49:58.914648585 -0600] 389-Directory/1.3.5.10
B2016.341.2222 starting up
[29/Jan/2017:11:49:58.932372975 -0600] default_mr_indexer_create: warning -
plugin [caseIgnoreIA5Match] does not handle caseExactIA5Match
[29/Jan/2017:11:49:58.946351096 -0600] WARNING: userRoot: entry cache size
1125897 B is less than db size 1310720 B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[29/Jan/2017:11:49:58.948533685 -0600] WARNING: ipaca: entry cache size
1125897 B is less than db size 1351680 B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[29/Jan/2017:11:49:58.950862594 -0600] WARNING: changelog: entry cache size
512000 B is less than db size 52854784 B; We recommend to increase the
entry cache size nsslapd-cachememsize.
[29/Jan/2017:11:49:59.004502401 -0600] schema-compat-plugin - scheduled
schema-compat-plugin tree scan in about 5 seconds after the server startup!
[29/Jan/2017:11:49:59.022266714 -0600] NSACLPlugin - The ACL target
cn=groups,cn=compat,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.024572730 -0600] NSACLPlugin - The ACL target
cn=computers,cn=compat,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.027026917 -0600] NSACLPlugin - The ACL target
cn=ng,cn=compat,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.029146552 -0600] NSACLPlugin - The ACL target
ou=sudoers,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.031511772 -0600] NSACLPlugin - The ACL target
cn=users,cn=compat,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.034236432 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.037122586 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.039620828 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.042297573 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.044832015 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.047632151 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.050147022 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.052697937 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.055411142 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.058117451 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.061143716 -0600] NSACLPlugin - The ACL target
cn=vaults,cn=kra,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.074322613 -0600] NSACLPlugin - The ACL target
cn=ad,cn=etc,dc=webwim,dc=com does not exist
[29/Jan/2017:11:49:59.171208502 -0600] NSACLPlugin - The ACL target
cn=automember rebuild membership,cn=tasks,cn=config does not exist
[29/Jan/2017:11:49:59.179447260 -0600] Skipping CoS Definition cn=Password
Policy,cn=accounts,dc=webwim,dc=com--no CoS Templates found, which should
be added before the CoS Definition.
[29/Jan/2017:11:49:59.208042838 -0600] schema-compat-plugin -
schema-compat-plugin tree scan will start in about 5 seconds!
[29/Jan/2017:11:49:59.216043161 -0600] slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[29/Jan/2017:11:49:59.221409792 -0600] Listening on All Interfaces port 636
for LDAPS requests
[29/Jan/2017:11:49:59.224140740 -0600] Listening on
/var/run/slapd-WEBWIM-COM.socket for LDAPI requests

==> /var/log/messages <==
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.818054472 -0600]
SSL alert: Sending pin request to SVRCore. You may need to run
systemd-tty-ask-password-agent to provide the password.
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.822852251 -0600]
SSL alert: Security Initialization: Enabling default cipher set.
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.824941487 -0600]
SSL alert: Configured NSS Ciphers
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.826951991 -0600]
SSL alert: #011TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.829344978 -0600]
SSL alert: #011TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.831781415 -0600]
SSL alert: #011TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.834120004 -0600]
SSL alert: #011TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.836404114 -0600]
SSL alert: #011TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.839719320 -0600]
SSL alert: #011TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.842109603 -0600]
SSL alert: #011TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.845242806 -0600]
SSL alert: #011TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.847670467 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.850457861 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.853273666 -0600]
SSL alert: #011TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.855624652 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.858023952 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.860688487 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.863035321 -0600]
SSL alert: #011TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.865238627 -0600]
SSL alert: #011TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.867518472 -0600]
SSL alert: #011TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.870261988 -0600]
SSL alert: #011TLS_RSA_WITH_AES_256_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.872608920 -0600]
SSL alert: #011TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.874689591 -0600]
SSL alert: #011TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.876993978 -0600]
SSL alert: #011TLS_RSA_WITH_AES_128_CBC_SHA: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.879482516 -0600]
SSL alert: #011TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.884021023 -0600]
SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert
Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable
Runtime error -8179 - Peer's Certificate issuer is not recognized.)
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.909799920 -0600]
SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.0";
Configuring the version range as default min: TLS1.0, max: TLS1.2.
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.911976953 -0600]
SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.914640921 -0600]
389-Directory/1.3.5.10 B2016.341.2222 starting up
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.932360221 -0600]
default_mr_indexer_create: warning - plugin [caseIgnoreIA5Match] does not
handle caseExactIA5Match
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.946337331 -0600]
WARNING: userRoot: entry cache size 1125897 B is less than db size 1310720
B; We recommend to increase the entry cache size nsslapd-cachememsize.
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.948515352 -0600]
WARNING: ipaca: entry cache size 1125897 B is less than db size 1351680 B;
We recommend to increase the entry cache size nsslapd-cachememsize.
Jan 29 11:49:58 wwgwho01 ns-slapd: [29/Jan/2017:11:49:58.950843452 -0600]
WARNING: changelog: entry cache size 512000 B is less than db size 52854784
B; We recommend to increase the entry cache size nsslapd-cachememsize.
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.004480481 -0600]
schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5
seconds after the server startup!
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.022253509 -0600]
NSACLPlugin - The ACL target cn=groups,cn=compat,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.024563897 -0600]
NSACLPlugin - The ACL target cn=computers,cn=compat,dc=webwim,dc=com does
not exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.027018662 -0600]
NSACLPlugin - The ACL target cn=ng,cn=compat,dc=webwim,dc=com does not exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.029138595 -0600]
NSACLPlugin - The ACL target ou=sudoers,dc=webwim,dc=com does not exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.031498300 -0600]
NSACLPlugin - The ACL target cn=users,cn=compat,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.034223427 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.037109535 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.039600376 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.042280410 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.044814437 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.047615089 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.050130072 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.052674978 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.055394869 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.058101498 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.061127131 -0600]
NSACLPlugin - The ACL target cn=vaults,cn=kra,dc=webwim,dc=com does not
exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.074304223 -0600]
NSACLPlugin - The ACL target cn=ad,cn=etc,dc=webwim,dc=com does not exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.171181863 -0600]
NSACLPlugin - The ACL target cn=automember rebuild
membership,cn=tasks,cn=config does not exist
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.179402745 -0600]
Skipping CoS Definition cn=Password Policy,cn=accounts,dc=webwim,dc=com--no
CoS Templates found, which should be added before the CoS Definition.
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.208021605 -0600]
schema-compat-plugin - schema-compat-plugin tree scan will start in about 5
seconds!
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.216020210 -0600]
slapd started.  Listening on All Interfaces port 389 for LDAP requests
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.221359690 -0600]
Listening on All Interfaces port 636 for LDAPS requests
Jan 29 11:49:59 wwgwho01 ns-slapd: [29/Jan/2017:11:49:59.224126493 -0600]
Listening on /var/run/slapd-WEBWIM-COM.socket for LDAPI requests
Jan 29 11:49:59 wwgwho01 systemd: Started 389 Directory Server WEBWIM-COM..
Jan 29 11:49:59 wwgwho01 systemd: Starting Kerberos 5 KDC...
Jan 29 11:49:59 wwgwho01 systemd: PID file /var/run/krb5kdc.pid not
readable (yet?) after start.
Jan 29 11:49:59 wwgwho01 systemd: Started Kerberos 5 KDC.
Jan 29 11:49:59 wwgwho01 systemd: Starting Kerberos 5 Password-changing and
Administration...
Jan 29 11:49:59 wwgwho01 systemd: Started Kerberos 5 Password-changing and
Administration.
Jan 29 11:49:59 wwgwho01 systemd: Starting Generate rndc key for BIND
(DNS)...
Jan 29 11:49:59 wwgwho01 systemd: Started Generate rndc key for BIND (DNS).
Jan 29 11:49:59 wwgwho01 systemd: Starting Berkeley Internet Name Domain
(DNS) with native PKCS#11...
Jan 29 11:50:00 wwgwho01 systemd: Starting IPA memcached daemon, increases
IPA server performance...
Jan 29 11:50:00 wwgwho01 systemd: PID file
/var/run/ipa_memcached/ipa_memcached.pid not readable (yet?) after start.
Jan 29 11:50:00 wwgwho01 systemd: Started IPA memcached daemon, increases
IPA server performance.
Jan 29 11:50:00 wwgwho01 systemd: Starting The Apache HTTP Server...
Jan 29 11:50:00 wwgwho01 systemd: Started The Apache HTTP Server.
Jan 29 11:50:01 wwgwho01 systemd: Starting PKI Tomcat Server pki-tomcat...
Jan 29 11:50:01 wwgwho01 systemd: Started Session 2091 of user root.
Jan 29 11:50:01 wwgwho01 systemd: Starting Session 2091 of user root.
Jan 29 11:50:01 wwgwho01 pkidaemon: WARNING:  Symbolic link
'/var/lib/pki/pki-tomcat/ca/logs' does NOT exist!
Jan 29 11:50:01 wwgwho01 pkidaemon: INFO:  Attempting to create
'/var/lib/pki/pki-tomcat/ca/logs' -> '/var/log/pki/pki-tomcat/ca' . . .
Jan 29 11:50:01 wwgwho01 pkidaemon: ERROR:  Failed making
'/var/lib/pki/pki-tomcat/ca/logs' -> '/var/log/pki/pki-tomcat/ca' since
target '/var/log/pki/pki-tomcat/ca' does NOT exist!
Jan 29 11:50:02 wwgwho01 systemd: pki-tomcatd at pki-tomcat.service: control
process exited, code=exited status=1
Jan 29 11:50:02 wwgwho01 systemd: Failed to start PKI Tomcat Server
pki-tomcat.
Jan 29 11:50:02 wwgwho01 systemd: Unit pki-tomcatd at pki-tomcat.service
entered failed state.
Jan 29 11:50:02 wwgwho01 systemd: pki-tomcatd at pki-tomcat.service failed.
Jan 29 11:50:02 wwgwho01 systemd: Reached target PKI Tomcat Server.
Jan 29 11:50:02 wwgwho01 systemd: Starting PKI Tomcat Server.

==> /var/log/dirsrv/slapd-WEBWIM-COM/errors <==
[29/Jan/2017:11:50:04.362943677 -0600] schema-compat-plugin - warning: no
entries set up under cn=computers, cn=compat,dc=webwim,dc=com
[29/Jan/2017:11:50:04.366437178 -0600] schema-compat-plugin - Finished
plugin initialization.

==> /var/log/messages <==
Jan 29 11:50:04 wwgwho01 ns-slapd: [29/Jan/2017:11:50:04.362342340 -0600]
schema-compat-plugin - warning: no entries set up under cn=computers,
cn=compat,dc=webwim,dc=com
Jan 29 11:50:04 wwgwho01 ns-slapd: [29/Jan/2017:11:50:04.366416886 -0600]
schema-compat-plugin - Finished plugin initialization.

==> /var/log/messages <==
Jan 29 11:55:02 wwgwho01 ipactl: Failed to start pki-tomcatd Service
Jan 29 11:55:02 wwgwho01 ipactl: Shutting down
Jan 29 11:55:02 wwgwho01 systemd: Stopping Kerberos 5 KDC...
Jan 29 11:55:02 wwgwho01 systemd: Stopped Kerberos 5 KDC.
Jan 29 11:55:02 wwgwho01 systemd: Stopping Kerberos 5 Password-changing and
Administration...
Jan 29 11:55:02 wwgwho01 systemd: kadmin.service: main process exited,
code=exited, status=2/INVALIDARGUMENT
Jan 29 11:55:02 wwgwho01 systemd: Stopped Kerberos 5 Password-changing and
Administration.
Jan 29 11:55:02 wwgwho01 systemd: Unit kadmin.service entered failed state.
Jan 29 11:55:02 wwgwho01 systemd: kadmin.service failed.
Jan 29 11:55:02 wwgwho01 systemd: Stopping Berkeley Internet Name Domain
(DNS) with native PKCS#11...
Jan 29 11:55:02 wwgwho01 systemd: Stopped Berkeley Internet Name Domain
(DNS) with native PKCS#11.
Jan 29 11:55:02 wwgwho01 systemd: Stopping IPA memcached daemon, increases
IPA server performance...
Jan 29 11:55:02 wwgwho01 systemd: Stopped IPA memcached daemon, increases
IPA server performance.
Jan 29 11:55:02 wwgwho01 systemd: Stopping The Apache HTTP Server...

==> /var/log/dirsrv/slapd-WEBWIM-COM/errors <==
[29/Jan/2017:11:55:04.292133889 -0600] slapd shutting down - signaling
operation threads - op stack size 4 max work q size 2 max work q stack size
2
[29/Jan/2017:11:55:04.297642546 -0600] slapd shutting down - waiting for 29
threads to terminate
[29/Jan/2017:11:55:04.309871512 -0600] slapd shutting down - closing down
internal subsystems and plugins
[29/Jan/2017:11:55:04.340309818 -0600] Waiting for 4 database threads to
stop

==> /var/log/messages <==
Jan 29 11:55:04 wwgwho01 systemd: Stopped The Apache HTTP Server.
Jan 29 11:55:04 wwgwho01 systemd: Stopped target PKI Tomcat Server.
Jan 29 11:55:04 wwgwho01 systemd: Stopping PKI Tomcat Server.
Jan 29 11:55:04 wwgwho01 systemd: Stopping 389 Directory Server
WEBWIM-COM....
Jan 29 11:55:04 wwgwho01 ns-slapd: [29/Jan/2017:11:55:04.291435421 -0600]
slapd shutting down - signaling operation threads - op stack size 4 max
work q size 2 max work q stack size 2
Jan 29 11:55:04 wwgwho01 ns-slapd: [29/Jan/2017:11:55:04.297617077 -0600]
slapd shutting down - waiting for 29 threads to terminate
Jan 29 11:55:04 wwgwho01 ns-slapd: [29/Jan/2017:11:55:04.309827805 -0600]
slapd shutting down - closing down internal subsystems and plugins
Jan 29 11:55:04 wwgwho01 ns-slapd: [29/Jan/2017:11:55:04.340274764 -0600]
Waiting for 4 database threads to stop

==> /var/log/dirsrv/slapd-WEBWIM-COM/errors <==
[29/Jan/2017:11:55:05.310383700 -0600] All database threads now stopped
[29/Jan/2017:11:55:05.334742209 -0600] slapd shutting down - freed 2 work q
stack objects - freed 4 op stack objects
[29/Jan/2017:11:55:05.550767098 -0600] slapd stopped.

==> /var/log/messages <==
Jan 29 11:55:05 wwgwho01 ns-slapd: [29/Jan/2017:11:55:05.310344003 -0600]
All database threads now stopped
Jan 29 11:55:05 wwgwho01 ns-slapd: [29/Jan/2017:11:55:05.334698447 -0600]
slapd shutting down - freed 2 work q stack objects - freed 4 op stack
objects
Jan 29 11:55:05 wwgwho01 ns-slapd: [29/Jan/2017:11:55:05.550693828 -0600]
slapd stopped.
Jan 29 11:55:05 wwgwho01 systemd: Stopped 389 Directory Server WEBWIM-COM..
Jan 29 11:55:05 wwgwho01 ipactl: Hint: You can use --ignore-service-failure
option for forced start in case that a non-critical service failed
Jan 29 11:55:05 wwgwho01 ipactl: Aborting ipactl
Jan 29 11:55:05 wwgwho01 ipactl: Starting Directory Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting krb5kdc Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting kadmin Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting named Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting ipa_memcached Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting httpd Service
Jan 29 11:55:05 wwgwho01 ipactl: Starting pki-tomcatd Service
Jan 29 11:55:05 wwgwho01 systemd: ipa.service: main process exited,
code=exited, status=1/FAILURE
Jan 29 11:55:05 wwgwho01 systemd: Failed to start Identity, Policy, Audit.
Jan 29 11:55:05 wwgwho01 systemd: Unit ipa.service entered failed state.
Jan 29 11:55:05 wwgwho01 systemd: ipa.service failed.

==> /var/log/secure <==
Jan 29 11:55:05 wwgwho01 polkitd[550]: Unregistered Authentication Agent
for unix-process:4460:250125821 (system bus name :1.4296, object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
(disconnected from bus)




2017-01-16 3:57 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:

> On 01/16/2017 01:47 AM, Daniel Schimpfoessl wrote:
>
>> Anything else I should look for?
>>
>> Hi Daniel,
>
> did you see this mail thread [1]? They had the same issue and found a
> temporary workaround to enable dogtag to connect to LDAP. If the workaround
> works, it definitely means that the issue comes from the secured
> communications between Dogtag and LDAP, and the following could be checked:
>
> - LDAPs port 636 is enabled and answering
> - The server certificate used by the LDAP server is valid (nickname
> 'Server-Cert' in /etc/dirsrv/slapd-DOMAIN)
> - The Server certificate used by the LDAP server has been delivered by a
> CA trusted by Dogtag (CA cert must be in /etc/pki/pki-tomcat/alias)
> - The certificate used by Dogtag to authenticate to LDAP (nickname
> subsystemCert cert-pki-ca in /etc/pki/pki-tomcat/alias) is valid and stored
> in a corresponding user entry in LDAP (uid=pkidbuser,ou=people,o=ipaca).
> - The certificates must match the ones in /etc/pki/pki-tomcat/ca/CS.cfg
> (line ca.signing.cert=... must match the CA cert and ca.subsystem.cert=...
> must match subsystemCert cert-pki-ca).
>
> If the system is configured with SE linux mode = enforcing, it may explain
> the renewal issues (see BZ 1365188 [2] and 1366915 [3]).
> Flo.
>
> [1] https://www.redhat.com/archives/freeipa-users/2017-January/
> msg00215.html
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1365188
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1366915
>
> 2017-01-11 22:33 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
>> <mailto:daniel at schimpfoessl.com>>:
>>
>>     Flo,
>>
>>     these are all the errors found:
>>     grep 'RESULT err=' access | perl -pe 's/.*(RESULT\s+err=\d+).*/$1/g'
>>     | sort -n | uniq -c | sort -n
>>           2 RESULT err=6
>>          95 RESULT err=32
>>         200 RESULT err=14
>>        2105 RESULT err=0
>>
>>
>>     2017-01-05 8:10 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>>     <mailto:flo at redhat.com>>:
>>
>>
>>         On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>             From the logs:
>>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>             ... a few warnings about cache size, NSACLPLugin and
>>             schema-compat-plugin
>>             [04/Jan/2017:12:14:21.392642021 -0600] slapd started.
>>             Listening on All
>>             Interfaces port 389 for LDAP requests
>>
>>             /var/log/dirsrv/slapd-DOMAIN-COM/access
>>             ... lots of entries, not sure what to look for some lines
>>             contain RESULT
>>             with err!=0
>>             [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT
>>             err=32
>>             tag=101 nentries=0 etime=0
>>             [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT
>>             err=14 tag=97
>>             nentries=0 etime=0, SASL bind in progress
>>
>>         Hi Daniel,
>>
>>         are there any RESULT err=48 that could correspond to the error
>>         seen on pki logs?
>>
>>         Flo
>>
>>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>             [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down -
>>             signaling
>>             operation threads - op stack size 5 max work q size 2 max
>>             work q stack
>>             size 2
>>             [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down -
>>             closing
>>             down internal subsystems and plugins
>>
>>
>>             2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl
>>             <daniel at schimpfoessl.com <mailto:daniel at schimpfoessl.com>
>>             <mailto:daniel at schimpfoessl.com
>>             <mailto:daniel at schimpfoessl.com>>>:
>>
>>                 Do you have a list of all log files involved in IPA?
>>                 Would be good to consolidate them into ELK for analysis.
>>
>>                 2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud
>>             <flo at redhat.com <mailto:flo at redhat.com>
>>                 <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>>
>>
>>
>>                     On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>                         Thanks for your reply.
>>
>>                         This was the initial error I asked for help a
>>             while ago and
>>                         did not get
>>                         resolved. Further digging showed the recent
>> errors.
>>                         The service was running (using ipactl start
>>             --force) and
>>                         only after a
>>                         restart I am getting a stack trace for two
>>             primary messages:
>>
>>                         Could not connect to LDAP server host
>>             wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com> port 636 Error
>>                         netscape.ldap.LDAPException:
>>                         Authentication failed (48)
>>                         ...
>>
>>                         Internal Database Error encountered: Could not
>>             connect to
>>                         LDAP server
>>                         host wwgwho01.webwim.com
>>             <http://wwgwho01.webwim.com> <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com> port 636 Error
>>                         netscape.ldap.LDAPException: Authentication
>>             failed (48)
>>                         ...
>>
>>                         and finally:
>>                         [02/Jan/2017:12:20:34][localhost-startStop-1]:
>>                         CMSEngine.shutdown()
>>
>>
>>                         2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>>                         <flo at redhat.com <mailto:flo at redhat.com>
>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>
>>                         <mailto:flo at redhat.com <mailto:flo at redhat.com>
>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>>:
>>
>>                             systemctl start pki-tomcatd at pki-tomcat.service
>>
>>
>>
>>                     Hi Daniel,
>>
>>                     the next step would be to understand the root cause
>>             of this
>>                     "Authentication failed (48)" error. Note the exact
>>             time of this
>>                     log and look for a corresponding log in the LDAP
>>             server logs
>>                     (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably
>>             a failing
>>                     BIND with err=48. This may help diagnose the issue
>>             (if we can
>>                     see which certificate is used for the bind or if
>>             there is a
>>                     specific error message).
>>
>>                     For the record, a successful bind over SSL would
>>             produce this
>>                     type of log where we can see the certificate subject
>>             and the
>>                     user mapped to this certificate:
>>                     [...] conn=47 fd=84 slot=84 SSL connection from
>>             10.34.58.150 to
>>                     10.34.58.150
>>                     [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>>                     Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>
>>             <http://DOMAIN.COM>; issuer
>>                     CN=Certificate Authority,O=DOMAIN.COM
>>             <http://DOMAIN.COM> <http://DOMAIN.COM>
>>                     [...] conn=47 TLS1.2 client bound as
>>             uid=pkidbuser,ou=people,o=ipaca
>>                     [...] conn=47 op=0 BIND dn="" method=sasl version=3
>>             mech=EXTERNAL
>>                     [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0
>>             etime=0
>>                     dn="uid=pkidbuser,ou=people,o=ipaca"
>>
>>                     Flo
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170129/95e06b49/attachment.htm>

From daniel at schimpfoessl.com  Mon Jan 30 00:23:23 2017
From: daniel at schimpfoessl.com (Daniel Schimpfoessl)
Date: Sun, 29 Jan 2017 18:23:23 -0600
Subject: [Freeipa-users] Asking for help with crashed freeIPA istance
In-Reply-To: <e7500d16-224c-f1cc-7cbd-d76047b41dd2@redhat.com>
References: <CAEz2YV=OYqik6+pfSN6YfQvWjxdiAGLXDTqK1s2WZ_fmTBya+Q@mail.gmail.com>
	<729a8aed-4f22-ba26-3089-58c675bd64e0@redhat.com>
	<CAEz2YVkRsfb=j-65Rw_XZs0ehgBn3M7sSux0r0LmE7JzhzeE+A@mail.gmail.com>
	<585A9F46.7080207@redhat.com>
	<CAEz2YVnp=n8domDo25A8yf+8cGzGwvm8OdgLOiyqJ87LkxvUVQ@mail.gmail.com>
	<CAEz2YV=cGM2TPaoscWZhMWdFt2Z0Zm26qnk7xuEAKRy1C028gw@mail.gmail.com>
	<CAEz2YVkcTKzViL3wSqb7qGMA24ptgs5Ai7K4_bYAsPL-rQUouA@mail.gmail.com>
	<3f60bab0-11c7-0fe5-b88c-07d77c7e191b@redhat.com>
	<CAEz2YV=KVVuTRGB6XvT3JGnsbk98Ygs9x62+OtdEvJo0UgCiPw@mail.gmail.com>
	<0f7a6cc9-ae57-d957-d255-ab79033373e6@redhat.com>
	<CAEz2YVmuQWr8x1dYCbC7cPra38JPTPjVLHhvPSA9RCL_rcebsg@mail.gmail.com>
	<CAEz2YVnKDOK5U8fOcyv0ocmNwVj5pxgmDnq-PQ_wX4nDd_JmDg@mail.gmail.com>
	<9988ea17-db76-aa1f-3009-387819189354@redhat.com>
	<CAEz2YVmjEer48LA51WjjGgR_YYv5q8nwS8rXZfAv1yK1CaBRJg@mail.gmail.com>
	<CAEz2YVncx-HPgDkFDELTCgdHGNyuXnCUvy0LGy_BL+wdC+dSBQ@mail.gmail.com>
	<e7500d16-224c-f1cc-7cbd-d76047b41dd2@redhat.com>
Message-ID: <CAEz2YVkGcVBJSApH6hy3GBwCDeyG=ATrXxjKwj=a+XZtweUSMw@mail.gmail.com>

As it sounds like I might have hit a bug during the certificate update
process. Thinking about alternative solutions.
Is there an option to export the data, rebuild the server and re-import to
fully recover the IPA system incl. established members?

2017-01-16 3:57 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com>:

> On 01/16/2017 01:47 AM, Daniel Schimpfoessl wrote:
>
>> Anything else I should look for?
>>
>> Hi Daniel,
>
> did you see this mail thread [1]? They had the same issue and found a
> temporary workaround to enable dogtag to connect to LDAP. If the workaround
> works, it definitely means that the issue comes from the secured
> communications between Dogtag and LDAP, and the following could be checked:
>
> - LDAPs port 636 is enabled and answering
> - The server certificate used by the LDAP server is valid (nickname
> 'Server-Cert' in /etc/dirsrv/slapd-DOMAIN)
> - The Server certificate used by the LDAP server has been delivered by a
> CA trusted by Dogtag (CA cert must be in /etc/pki/pki-tomcat/alias)
> - The certificate used by Dogtag to authenticate to LDAP (nickname
> subsystemCert cert-pki-ca in /etc/pki/pki-tomcat/alias) is valid and stored
> in a corresponding user entry in LDAP (uid=pkidbuser,ou=people,o=ipaca).
> - The certificates must match the ones in /etc/pki/pki-tomcat/ca/CS.cfg
> (line ca.signing.cert=... must match the CA cert and ca.subsystem.cert=...
> must match subsystemCert cert-pki-ca).
>
> If the system is configured with SE linux mode = enforcing, it may explain
> the renewal issues (see BZ 1365188 [2] and 1366915 [3]).
> Flo.
>
> [1] https://www.redhat.com/archives/freeipa-users/2017-January/
> msg00215.html
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1365188
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1366915
>
> 2017-01-11 22:33 GMT-06:00 Daniel Schimpfoessl <daniel at schimpfoessl.com
>> <mailto:daniel at schimpfoessl.com>>:
>>
>>     Flo,
>>
>>     these are all the errors found:
>>     grep 'RESULT err=' access | perl -pe 's/.*(RESULT\s+err=\d+).*/$1/g'
>>     | sort -n | uniq -c | sort -n
>>           2 RESULT err=6
>>          95 RESULT err=32
>>         200 RESULT err=14
>>        2105 RESULT err=0
>>
>>
>>     2017-01-05 8:10 GMT-06:00 Florence Blanc-Renaud <flo at redhat.com
>>     <mailto:flo at redhat.com>>:
>>
>>
>>         On 01/04/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>             From the logs:
>>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>             ... a few warnings about cache size, NSACLPLugin and
>>             schema-compat-plugin
>>             [04/Jan/2017:12:14:21.392642021 -0600] slapd started.
>>             Listening on All
>>             Interfaces port 389 for LDAP requests
>>
>>             /var/log/dirsrv/slapd-DOMAIN-COM/access
>>             ... lots of entries, not sure what to look for some lines
>>             contain RESULT
>>             with err!=0
>>             [04/Jan/2017:12:18:01.753400307 -0600] conn=5 op=243 RESULT
>>             err=32
>>             tag=101 nentries=0 etime=0
>>             [04/Jan/2017:12:18:01.786928085 -0600] conn=44 op=1 RESULT
>>             err=14 tag=97
>>             nentries=0 etime=0, SASL bind in progress
>>
>>         Hi Daniel,
>>
>>         are there any RESULT err=48 that could correspond to the error
>>         seen on pki logs?
>>
>>         Flo
>>
>>             /var/log/dirsrv/slapd-DOMAIN-COM/errors
>>             [04/Jan/2017:12:19:25.566022098 -0600] slapd shutting down -
>>             signaling
>>             operation threads - op stack size 5 max work q size 2 max
>>             work q stack
>>             size 2
>>             [04/Jan/2017:12:19:25.572566622 -0600] slapd shutting down -
>>             closing
>>             down internal subsystems and plugins
>>
>>
>>             2017-01-04 8:38 GMT-06:00 Daniel Schimpfoessl
>>             <daniel at schimpfoessl.com <mailto:daniel at schimpfoessl.com>
>>             <mailto:daniel at schimpfoessl.com
>>             <mailto:daniel at schimpfoessl.com>>>:
>>
>>                 Do you have a list of all log files involved in IPA?
>>                 Would be good to consolidate them into ELK for analysis.
>>
>>                 2017-01-04 2:48 GMT-06:00 Florence Blanc-Renaud
>>             <flo at redhat.com <mailto:flo at redhat.com>
>>                 <mailto:flo at redhat.com <mailto:flo at redhat.com>>>:
>>
>>
>>
>>                     On 01/02/2017 07:24 PM, Daniel Schimpfoessl wrote:
>>
>>                         Thanks for your reply.
>>
>>                         This was the initial error I asked for help a
>>             while ago and
>>                         did not get
>>                         resolved. Further digging showed the recent
>> errors.
>>                         The service was running (using ipactl start
>>             --force) and
>>                         only after a
>>                         restart I am getting a stack trace for two
>>             primary messages:
>>
>>                         Could not connect to LDAP server host
>>             wwgwho01.webwim.com <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com> port 636 Error
>>                         netscape.ldap.LDAPException:
>>                         Authentication failed (48)
>>                         ...
>>
>>                         Internal Database Error encountered: Could not
>>             connect to
>>                         LDAP server
>>                         host wwgwho01.webwim.com
>>             <http://wwgwho01.webwim.com> <http://wwgwho01.webwim.com>
>>                         <http://wwgwho01.webwim.com> port 636 Error
>>                         netscape.ldap.LDAPException: Authentication
>>             failed (48)
>>                         ...
>>
>>                         and finally:
>>                         [02/Jan/2017:12:20:34][localhost-startStop-1]:
>>                         CMSEngine.shutdown()
>>
>>
>>                         2017-01-02 3:45 GMT-06:00 Florence Blanc-Renaud
>>                         <flo at redhat.com <mailto:flo at redhat.com>
>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>
>>                         <mailto:flo at redhat.com <mailto:flo at redhat.com>
>>             <mailto:flo at redhat.com <mailto:flo at redhat.com>>>>:
>>
>>                             systemctl start pki-tomcatd at pki-tomcat.service
>>
>>
>>
>>                     Hi Daniel,
>>
>>                     the next step would be to understand the root cause
>>             of this
>>                     "Authentication failed (48)" error. Note the exact
>>             time of this
>>                     log and look for a corresponding log in the LDAP
>>             server logs
>>                     (/var/log/dirsrv/slapd-DOMAIN-COM/access), probably
>>             a failing
>>                     BIND with err=48. This may help diagnose the issue
>>             (if we can
>>                     see which certificate is used for the bind or if
>>             there is a
>>                     specific error message).
>>
>>                     For the record, a successful bind over SSL would
>>             produce this
>>                     type of log where we can see the certificate subject
>>             and the
>>                     user mapped to this certificate:
>>                     [...] conn=47 fd=84 slot=84 SSL connection from
>>             10.34.58.150 to
>>                     10.34.58.150
>>                     [...] conn=47 TLS1.2 128-bit AES; client CN=CA
>>                     Subsystem,O=DOMAIN.COM <http://DOMAIN.COM>
>>             <http://DOMAIN.COM>; issuer
>>                     CN=Certificate Authority,O=DOMAIN.COM
>>             <http://DOMAIN.COM> <http://DOMAIN.COM>
>>                     [...] conn=47 TLS1.2 client bound as
>>             uid=pkidbuser,ou=people,o=ipaca
>>                     [...] conn=47 op=0 BIND dn="" method=sasl version=3
>>             mech=EXTERNAL
>>                     [...] conn=47 op=0 RESULT err=0 tag=97 nentries=0
>>             etime=0
>>                     dn="uid=pkidbuser,ou=people,o=ipaca"
>>
>>                     Flo
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170129/7f848d97/attachment.htm>

From jeffclay at gmail.com  Mon Jan 30 01:10:34 2017
From: jeffclay at gmail.com (Jeff Clay)
Date: Sun, 29 Jan 2017 19:10:34 -0600
Subject: [Freeipa-users] Restrict user queries by OU or group
Message-ID: <06661C82-6FB2-48EE-A519-4CF0CBBBC73B@gmail.com>

I seem to remember reading somewhere (although I can?t find it now) that you can?t manage organizational units in the IPA server. If that?s the case, how can I restrict the query results made by a particular user account? Can I restrict a user to only see others within the same group?

For example, if FIPA is my ldap backend for user accounts and I?m using a client that does contact lookups by AD I would only want contacts of a certain group or OU returned depending on the account performing the query. 

Traditionally, with ldap, this is easy to do since you can put all users within an OU and the service account performing the query is only allowed to query within that OU and the OU is usually set as the base for the search. 





From tbordaz at redhat.com  Mon Jan 30 08:10:55 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Mon, 30 Jan 2017 09:10:55 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <f9d43f4d-fb1d-1f73-efc2-b2e20fab678e@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
	<588A1BE3.7060501@redhat.com>
	<f9d43f4d-fb1d-1f73-efc2-b2e20fab678e@aixigo.de>
Message-ID: <588EF50F.8090006@redhat.com>



On 01/27/2017 12:51 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/26/17 16:55, thierry bordaz wrote:
>>
>> Those entries are managed entries and it is not possible to delete them from direct ldap command.
>> A solution proposed by Ludwig is not first make them unmanaged:
>>
>> cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>> changetype: modify
>> modify: objectclass
>> delete: mepManagedEntry
>>
>> cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>> changetype: modify
>> modify: objectclass
>> delete: mepManagedEntry
>>
>> Then retry to delete them.
>> It should work for the first one but unsure it will succeed for the second one.
>>
> I am not sure about this "managed" thing. This sounds like some
> kind of external influence.
>
> How can I make sure that removing these entries doesn't break
> something? Is the original entry managed in the same way as
> the duplicate?
>
>
> Regards
> Harri
>
Hello Harri,

sorry for this late answer.

I understand your concern and in fact it is difficult to anticipate a  
potential bad impact of this cleanup. However,I think it is safe to get 
rid of the following entry.
Before doing so you may check it exists

cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de that is managedBy the ipaservers_hostgoups.

dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepManagedEntry


If you are willing to remove that entry you need to remove the mepmanagedEntry oc. So you need to remove the mepManagedBy and oc in the same operation


Regarding the following entry
  dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
objectClass: mepOriginEntry
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de

You may want to check if it exists an entry it manages, looking for "(mepManagedBy=
cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
)". If it exists none, you should be able to remove it.

Also I think working on ipabak, you should be able to do some tests on the cleanup instance to validate everything is working fine.

regards
thierry



From jhrozek at redhat.com  Mon Jan 30 08:38:04 2017
From: jhrozek at redhat.com (Jakub Hrozek)
Date: Mon, 30 Jan 2017 09:38:04 +0100
Subject: [Freeipa-users] sudo sometimes doesn't work
In-Reply-To: <01415443-eac5-86c1-4dc8-fc429c39d833@cora.nwra.com>
References: <01415443-eac5-86c1-4dc8-fc429c39d833@cora.nwra.com>
Message-ID: <20170130083804.lxymmsc6s33jdl2e@hendrix>

On Fri, Jan 27, 2017 at 02:15:16PM -0700, Orion Poplawski wrote:
> EL7.3
> Users are in active directory via AD trust with IPA server
> 
> sudo is configured via files - users in our default "nwra" group can run
> certain sudo commands, e.g.:
> 
> Cmnd_Alias WAKEUP = /sbin/ether-wake *
> %nwra,%visitor,%ivm   ALL=NOPASSWD: WAKEUP
> 
> However, sometimes when I run sudo /sbin/ether-wake I get prompted for my
> password.  Other times it works fine.  I've attached some logs from failed
> attempt.

So the sudo command is successfull in the end, it 'just' prompts for a
password?

I think the sudo logs would be the most important part here, see:
    https://fedorahosted.org/sssd/wiki/HOWTO_Troubleshoot_SUDO
there is a section called ' a) How do I get sudo logs?' that explains
how to generate them..



From th at casalogic.dk  Mon Jan 30 10:00:48 2017
From: th at casalogic.dk (Troels Hansen)
Date: Mon, 30 Jan 2017 11:00:48 +0100 (CET)
Subject: [Freeipa-users] Needs help understand this timeout issue
Message-ID: <298041591.1827916.1485770448856.JavaMail.zimbra@casalogic.dk>

Hi there 

I'm trying to debug on a strange IPA timeout issue. 

Its SSSD 1.14, IPA 4.4, RHEL 7.3. 
2 IPA servers in AD trust. 

Besides being a bit slow on groups membership lookups on users with a moderate number of Groups, there are some users with a HUGE amount of nested groups. 

A server just installed, thereby having clean cache: 



# time id shja 
id: shja: no such user 

real 0m12.107s 
user 0m0.000s 
sys 0m0.007s 





Hmm, lets try again: 




# sss_cache -E && systemctl restart sssd 

# time id shja 
id: shja: no such user 

real 0m58.016s 
user 0m0.001s 
sys 0m0.005s 





Hmm.. 




# sss_cache -E && systemctl restart sssd 

# time id shja 




...about 30% of the users Groups are returned.... 




real 5m16.840s 
user 0m0.010s 
sys 0m0.019s 







Next lookup is pretty fast and returns all Groups (about 730). 




# time id shja 

real 0m7.670s 
user 0m0.028s 
sys 0m0.066s 







A few questions. 

The first times id seems to bail out and report no such user after whet seems to be a random amount of time. 

Then is actually starts fetching groups it fetches a portion of the Groups, and the last try it fetches all groups. 




It looks like IPA is starting a thread running in backgroups, filling the cache and this continues after the failed lookup? 




Shouldn't SSSD be able to use the cache from the the SSSD on the IPA server? 

In this example the IPA server had full cache of the user and groups but the time it took to do the lookup indicates its still traversing the AD? 




sssd.conf is pretty default: 

full_name_format = %1$s 




set on SSSD client. 




On IPA server this is added (no full_name_format): 


ignore_group_members = True 
ldap_purge_cache_timeout = 0 
ldap_user_principal = nosuchattr 

subdomain_inherit = ldap_user_principal, ignore_group_members, ldap_purge_cache_timeout 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170130/00c359f1/attachment.htm>

From dsullivan2 at bsd.uchicago.edu  Mon Jan 30 16:52:55 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Mon, 30 Jan 2017 16:52:55 +0000
Subject: [Freeipa-users] caching of lookups / performance problem
Message-ID: <4DA19EAC-6287-4EDA-BCE7-A5A22172BBCA@bsd.uchicago.edu>

Hi,

I have another question about sssd performance.  I?m having a difficult time doing a regularly performant ?ls -l? operation against /home, a mounted NFS share of all of our users home directories.  There are 667 entries in this folder, and all of them have IDs that are resolvable via freeipa/sssd.  We are using an AD trusted domain.

It is clear to me why an initial invocation of this lookup should take some time (populating the local ldb cache).   And it does.  Usually around 5-10 minutes, but sometimes longer.  After the initial lookups are complete, the output of ?ls -l' renders fine, and I can inspect the local filesystem cache using ldbsearch and see that it is populated.  The issue is that if I wait a while, or restart sssd, it appears that I have to go through all of these lookups again to render the directory listing.

I am trying to find an optimal configuration for sssd.conf that will allow a performant ?ls -l? listing of a directory with a large number of different id numbers assigned to filesystem objects to always return results immediately from the local cache (after an initial invocation of this command for any given directory).  I think basically what I want is to have the ldb cache always ?up-to-date?, or at least have sssd willing to immediately dump what it has without having to do a bunch of lookups while blocking the ?ls -l? thread.  If possible, whatever solution implemented should also survive a restart of the sssd process.  In short, aside from an initial invocation, I never want ?ls -l? to take more than a few seconds.

The issue described above is somewhat problematic because it appears to cause contention on the sssd process effectively allowing a user doing ls -l /home to inadvertently degrade system performance for another user.

So far I have tried:

1)  Implementing 'enumeration = true' for the [domain] section .  This seems to have no impact.  It might be worthwhile to note that we are using an AD trusted domain.
2)  Using the refresh_expired_interval configuration for the [domain] section

I have read the following two documents in a decent level of detail:

https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/

It almost seems to me like the answer to this would be to keep the LDB cache valid indefinitely (step 4 on https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/).

Presumably this is a problem that somebody has seen before.  Would somebody be able to advise on the best way to deal with this?  I appreciate your help.

Thank you,

Dan



From dsullivan2 at bsd.uchicago.edu  Mon Jan 30 17:06:07 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Mon, 30 Jan 2017 17:06:07 +0000
Subject: [Freeipa-users] Needs help understand this timeout issue
In-Reply-To: <298041591.1827916.1485770448856.JavaMail.zimbra@casalogic.dk>
References: <298041591.1827916.1485770448856.JavaMail.zimbra@casalogic.dk>
Message-ID: <E9286F04-8223-4929-A1FC-551202FC3ED4@bsd.uchicago.edu>

I have had to deal with the symptoms you describe, never with 730 groups though.  Based on my experience doing a lookup for a user in an AD trusted domain is a resource intensive process on the server.  I?d first start by taking a look at your logs to see if the lookup is failing on the server or on the client.  The logs should be able to tell you this.  My suspicion is that the timeout is actually occurring on the server.

If the timeout is occurring on the server, I would start by increasing one or both of these values:

ldap_opt_timeout
ldap_search_timeout

If that doesn?t work I?d take look to see if the 389 server is under high load when you are performing this operation.  The easiest way I have found to do this is to just execute an LDAP query directly against the IPA server when you are performing an id lookup, for example:

ldapsearch -D "cn=Directory Manager" -w <pw> -s base -b "cn=config" "(objectclass=*)?

If the LDAP server is not responsive you probably need to increase the number of worker threads for 389ds.  Also, you might want to disable referrals, check out the man pages for this;

ldap_referrals = false

Also, FWIW, if you crank up debug logging on the sssd client, you should be able to see the amount of seconds of timeout assigned to the operation, and witness the fact that the operation is actually timing out by inspecting the logs themselves.  The logs can get a little verbose but the data is there.

Dan



On Jan 30, 2017, at 4:00 AM, Troels Hansen <th at casalogic.dk<mailto:th at casalogic.dk>> wrote:

Hi there

I'm trying to debug on a strange IPA timeout issue.

Its SSSD 1.14, IPA 4.4, RHEL 7.3.
2 IPA servers in AD trust.

Besides being a bit slow on groups membership lookups on users with a moderate number of Groups, there are some users with a HUGE amount of nested groups.

A server just installed, thereby having clean cache:

# time id shja
id: shja: no such user
real    0m12.107s
user    0m0.000s
sys     0m0.007s

Hmm, lets try again:

# sss_cache -E && systemctl restart sssd
# time id shja
id: shja: no such user
real    0m58.016s
user    0m0.001s
sys     0m0.005s

Hmm..

# sss_cache -E && systemctl restart sssd
# time id shja

...about 30% of the users Groups are returned....

real    5m16.840s
user    0m0.010s
sys     0m0.019s


Next lookup is pretty fast and returns all Groups (about 730).

# time id shja
real    0m7.670s
user    0m0.028s
sys     0m0.066s


A few questions.
The first times id seems to bail out and report no such user after whet seems to be a random amount of time.
Then is actually starts fetching groups it fetches a portion of the Groups, and the last try it fetches all groups.

It looks like IPA is starting a thread running in backgroups, filling the cache and this continues after the failed lookup?

Shouldn't SSSD be able to use the cache from the the SSSD on the IPA server?
In this example the IPA server had full cache of the user and groups but the time it took to do the lookup indicates its still traversing the AD?

sssd.conf is pretty default:
full_name_format = %1$s

set on SSSD client.

On IPA server this is added (no full_name_format):
ignore_group_members = True
ldap_purge_cache_timeout = 0
ldap_user_principal = nosuchattr
subdomain_inherit = ldap_user_principal, ignore_group_members, ldap_purge_cache_timeout


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project




From peljasz at yahoo.co.uk  Mon Jan 30 18:01:03 2017
From: peljasz at yahoo.co.uk (lejeczek)
Date: Mon, 30 Jan 2017 18:01:03 +0000
Subject: [Freeipa-users] IPA and DNS reverse subnets
Message-ID: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>

hi everybody

I'm having trouble trying to figure out, or in other words 
make this to work:

I'm setting up a domain in a subnet like this: 10.5.10.48/28 
but not sure it I got it right.
Host reverse resoling does not seem to right. I have:

   Zone name: whale.private.
   Active zone: TRUE
   Authoritative nameserver: work1.whale.private.
   Administrator e-mail address: hostmaster.whale.private.
   SOA serial: 1485797688
   SOA refresh: 3600
   SOA retry: 900
   SOA expire: 1209600
   SOA minimum: 3600
   Allow query: any;
   Allow transfer: none;

   Zone name: 28/48.10.5.10.in-addr.arpa.   <= this here is 
like non-usual, I understand it's how such a reverse subnet 
should be defined, but not 100% sure.
   Active zone: TRUE
   Authoritative nameserver: work1.whale.private.
   Administrator e-mail address: hostmaster
   SOA serial: 1485790340
   SOA refresh: 3600
   SOA retry: 900
   SOA expire: 1209600
   SOA minimum: 3600
   Allow query: any;
   Allow transfer: none;

but:

~]$ host 10.5.10.55
Host 55.10.5.10.in-addr.arpa. not found: 3(NXDOMAIN)

and when I try to install a replica:

~]$ ipa-replica-install --setup-dns --no-forwarders --setup-ca
Password for admin at WHALE.PRIVATE:
ipa         : ERROR    Reverse DNS resolution of address 
10.5.10.55 (work1.whale.private) failed. Clients may not 
function properly. Please check your DNS setup. (Note that 
this check queries IPA DNS directly and ignores /etc/hosts.)

I understand it's all in DNS, so.. how to tweak it, to fix it?
many thank,
L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170130/f1d412f3/attachment.htm>

From tomek at pipebreaker.pl  Mon Jan 30 18:28:56 2017
From: tomek at pipebreaker.pl (Tomasz Torcz)
Date: Mon, 30 Jan 2017 19:28:56 +0100
Subject: [Freeipa-users] IPA and DNS reverse subnets
In-Reply-To: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>
References: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>
Message-ID: <20170130182855.GA140191@mother.pipebreaker.pl>

On Mon, Jan 30, 2017 at 06:01:03PM +0000, lejeczek wrote:
> hi everybody
> 
> I'm having trouble trying to figure out, or in other words make this to
> work:
> 
> I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it
> I got it right.
> Host reverse resoling does not seem to right. I have:
> 
> 
>   Zone name: 28/48.10.5.10.in-addr.arpa.   <= this here is like non-usual, I
> understand it's how such a reverse subnet should be defined, but not 100%
> sure.

  Here you got it wrong.  IPv4 reverses are split at octet boundary, you
cannot have greater granularity.  And for sure you cannot mix CIDR addressing (/28)
and netblock type.  On top of that, ?/? is not correct character in DNS.

   Your reverse zone is 10.5.10.in-addr.arpa. 

(IPv6 reverses are split at nibble boundary, FWIW).

-- 
Tomasz Torcz              ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg at chrome.pl   an IP-routable hand grenade.'' -- Andrew Morton (LKML)



From jgoddard at emerlyn.com  Mon Jan 30 18:30:31 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Mon, 30 Jan 2017 13:30:31 -0500
Subject: [Freeipa-users] Cannot create replica
Message-ID: <CA+No-6FvVPBCEEq7dvAmq_jgWK1e=pDjcVpyFs3h8QZrWTFVFw@mail.gmail.com>

My previous install of freeipa became corrupted so I'm starting fresh. I've
got a new Centos 7.2 server set up and installed ipa version s 4.4. Now I'm
trying to set up a replica on another newly created and patched centos
server. The ipa-client-install command completes without issue but when I
try ipa-replica-install --no-host-dns I get up to step 29 setting up the
initial replication and it fails. Can someone point me to the documentation
I'm missing or explain what I can do to have success? Below is the install
error log:

2017-01-30T18:13:59Z DEBUG Logging to /var/log/ipareplica-install.log
2017-01-30T18:13:59Z DEBUG ipa-replica-install was invoked with arguments
[] and options: {'no_dns_sshfp': None, 'skip_schema_check': None,
'setup_kra': None, 'ip_addresses': None, 'mkhomedir': None,
'http_cert_files': None, 'ssh_trust_dns': None, 'reverse_zones': None,
'no_forwarders': None, 'keytab': None, 'no_ntp': None, 'domain_name': None,
'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation':
None, 'no_reverse': None, 'unattended': False, 'auto_reverse': None,
'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None,
'no_ui_redirect': None, 'dirsrv_config_file': None, 'forwarders': None,
'verbose': False, 'setup_ca': None, 'realm_name': None, 'skip_conncheck':
None, 'no_ssh': None, 'forward_policy': None, 'dirsrv_cert_name': None,
'quiet': False, 'server': None, 'setup_dns': None, 'host_name': None,
'log_file': None, 'allow_zone_overlap': None}
2017-01-30T18:13:59Z DEBUG IPA version 4.4.0-14.el7.centos.4
2017-01-30T18:13:59Z DEBUG Starting external process
2017-01-30T18:13:59Z DEBUG args=/usr/sbin/selinuxenabled
2017-01-30T18:13:59Z DEBUG Process finished, return code=0
2017-01-30T18:13:59Z DEBUG stdout=
2017-01-30T18:13:59Z DEBUG stderr=
2017-01-30T18:13:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:13:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:13:59Z DEBUG httpd is not configured
2017-01-30T18:13:59Z DEBUG kadmin is not configured
2017-01-30T18:13:59Z DEBUG dirsrv is not configured
2017-01-30T18:13:59Z DEBUG pki-tomcatd is not configured
2017-01-30T18:13:59Z DEBUG install is not configured
2017-01-30T18:13:59Z DEBUG krb5kdc is not configured
2017-01-30T18:13:59Z DEBUG ntpd is not configured
2017-01-30T18:13:59Z DEBUG named is not configured
2017-01-30T18:13:59Z DEBUG ipa_memcached is not configured
2017-01-30T18:13:59Z DEBUG filestore is tracking no files
2017-01-30T18:13:59Z DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2017-01-30T18:13:59Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:13:59Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:13:59Z DEBUG Starting external process
2017-01-30T18:13:59Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
2017-01-30T18:13:59Z DEBUG Process finished, return code=0
2017-01-30T18:13:59Z DEBUG stdout=VirtualHost configuration:
*:8443                 idmfs-01.internal.emerlyn.com
(/etc/httpd/conf.d/nss.conf:83)

2017-01-30T18:13:59Z DEBUG stderr=
2017-01-30T18:13:59Z DEBUG Starting external process
2017-01-30T18:13:59Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2017-01-30T18:13:59Z DEBUG Process finished, return code=1
2017-01-30T18:13:59Z DEBUG stdout=
2017-01-30T18:13:59Z DEBUG stderr=Failed to get unit file state for
chronyd.service: No such file or directory

2017-01-30T18:13:59Z DEBUG Starting external process
2017-01-30T18:13:59Z DEBUG args=/bin/systemctl is-active chronyd.service
2017-01-30T18:13:59Z DEBUG Process finished, return code=3
2017-01-30T18:13:59Z DEBUG stdout=unknown

2017-01-30T18:13:59Z DEBUG stderr=
2017-01-30T18:13:59Z DEBUG importing all plugin modules in
ipaserver.plugins...
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.aci
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.automember
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.automount
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.baseldap
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.baseldap is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.baseuser
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.batch
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.ca
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.caacl
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.cert
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.certprofile
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.config
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.delegation
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.dns
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.dnsserver
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.dogtag
2017-01-30T18:13:59Z DEBUG skipping plugin module ipaserver.plugins.dogtag:
dogtag not selected as RA plugin
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.domainlevel
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.group
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.hbac
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.hbac is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.hbacrule
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.hbacsvcgroup
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.hbactest
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.host
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.hostgroup
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.idrange
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.idviews
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.internal
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.join
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.krbtpolicy
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.ldap2
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.location
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.migration
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.misc
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.netgroup
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.otp
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.otp is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.otpconfig
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.otptoken
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.passwd
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.permission
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.ping
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.pkinit
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.pkinit is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.privilege
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.pwpolicy
2017-01-30T18:13:59Z DEBUG Starting external process
2017-01-30T18:13:59Z DEBUG args=klist -V
2017-01-30T18:13:59Z DEBUG Process finished, return code=0
2017-01-30T18:13:59Z DEBUG stdout=Kerberos 5 version 1.14.1

2017-01-30T18:13:59Z DEBUG stderr=
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.rabase
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.rabase is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.radiusproxy
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.realmdomains
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.role
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.schema
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.selfservice
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.selinuxusermap
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.server
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.serverrole
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.serverroles
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.service
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.servicedelegation
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.session
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.stageuser
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.sudo
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.sudo is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.sudocmdgroup
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.sudorule
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.topology
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.trust
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.user
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.vault
2017-01-30T18:13:59Z DEBUG importing plugin module ipaserver.plugins.virtual
2017-01-30T18:13:59Z DEBUG ipaserver.plugins.virtual is not a valid plugin
module
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.plugins.xmlserver
2017-01-30T18:13:59Z DEBUG importing all plugin modules in
ipaserver.install.plugins...
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.adtrust
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.ca_renewal_master
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.dns
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.fix_replica_agreements
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.rename_managed
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_ca_topology
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_idranges
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_managed_permissions
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_nis
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_pacs
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_passsync
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_referint
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_services
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.update_uniqueness
2017-01-30T18:13:59Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
2017-01-30T18:14:00Z DEBUG Check if idmfs-01.internal.emerlyn.com is a
primary hostname for localhost
2017-01-30T18:14:00Z DEBUG Primary hostname for localhost:
idmfs-01.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Search DNS for idmfs-01.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Check if idmfs-01.internal.emerlyn.com is not a
CNAME
2017-01-30T18:14:00Z DEBUG Check reverse address of 10.72.100.56
2017-01-30T18:14:00Z DEBUG Found reverse name: idmfs-01.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Check if id-management-2.internal.emerlyn.com is
a primary hostname for localhost
2017-01-30T18:14:00Z DEBUG Primary hostname for localhost:
id-management-2.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Search DNS for
id-management-2.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Check if id-management-2.internal.emerlyn.com is
not a CNAME
2017-01-30T18:14:00Z DEBUG Check reverse address of 10.73.100.31
2017-01-30T18:14:00Z DEBUG Found reverse name:
id-management-2.internal.emerlyn.com
2017-01-30T18:14:00Z DEBUG Initializing principal host/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM using keytab
/etc/krb5.keytab
2017-01-30T18:14:00Z DEBUG using ccache /tmp/krbccfjuIS1/ccache
2017-01-30T18:14:01Z DEBUG Attempt 1/1: success
2017-01-30T18:14:01Z DEBUG importing all plugin modules in
ipaserver.plugins...
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.aci
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.automember
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.automount
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.baseldap
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.baseldap is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.baseuser
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.batch
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.ca
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.caacl
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.cert
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.certprofile
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.config
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.delegation
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.dns
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.dnsserver
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.dogtag
2017-01-30T18:14:01Z DEBUG skipping plugin module ipaserver.plugins.dogtag:
dogtag not selected as RA plugin
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.domainlevel
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.group
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.hbac
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.hbac is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.hbacrule
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.hbacsvcgroup
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.hbactest
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.host
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.hostgroup
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.idrange
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.idviews
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.internal
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.join
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.krbtpolicy
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.ldap2
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.location
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.migration
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.misc
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.netgroup
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.otp
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.otp is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.otpconfig
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.otptoken
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.passwd
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.permission
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.ping
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.pkinit
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.pkinit is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.privilege
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.pwpolicy
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.rabase
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.rabase is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.radiusproxy
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.realmdomains
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.role
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.schema
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.selfservice
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.selinuxusermap
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.server
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.serverrole
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.serverroles
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.service
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.servicedelegation
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.session
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.stageuser
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.sudo
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.sudo is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.sudocmd
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.sudocmdgroup
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.sudorule
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.topology
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.trust
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.user
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.vault
2017-01-30T18:14:01Z DEBUG importing plugin module ipaserver.plugins.virtual
2017-01-30T18:14:01Z DEBUG ipaserver.plugins.virtual is not a valid plugin
module
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.plugins.xmlserver
2017-01-30T18:14:01Z DEBUG importing all plugin modules in
ipaserver.install.plugins...
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.adtrust
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.ca_renewal_master
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.dns
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.fix_replica_agreements
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.rename_managed
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_ca_topology
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_idranges
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_managed_permissions
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_nis
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_pacs
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_passsync
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_referint
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_services
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.update_uniqueness
2017-01-30T18:14:01Z DEBUG importing plugin module
ipaserver.install.plugins.upload_cacrt
2017-01-30T18:14:02Z DEBUG Starting external process
2017-01-30T18:14:02Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
2017-01-30T18:14:02Z DEBUG Process finished, return code=0
2017-01-30T18:14:02Z DEBUG stdout=822249440

2017-01-30T18:14:02Z DEBUG stderr=
2017-01-30T18:14:02Z DEBUG Starting external process
2017-01-30T18:14:02Z DEBUG args=keyctl pipe 822249440
2017-01-30T18:14:02Z DEBUG Process finished, return code=0
2017-01-30T18:14:02Z DEBUG
stdout=ipa_session=95e075167249489e9656f53177826615; Domain=
id-management-2.internal.emerlyn.com; Path=/ipa; Expires=Mon, 30 Jan 2017
18:33:49 GMT; Secure; HttpOnly
2017-01-30T18:14:02Z DEBUG stderr=
2017-01-30T18:14:02Z DEBUG found session_cookie in persistent storage for
principal 'host/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM',
cookie: 'ipa_session=95e075167249489e9656f53177826615; Domain=
id-management-2.internal.emerlyn.com; Path=/ipa; Expires=Mon, 30 Jan 2017
18:33:49 GMT; Secure; HttpOnly'
2017-01-30T18:14:02Z DEBUG setting session_cookie into context
'ipa_session=95e075167249489e9656f53177826615;'
2017-01-30T18:14:02Z INFO trying
https://id-management-2.internal.emerlyn.com/ipa/session/json
2017-01-30T18:14:02Z DEBUG Created connection context.jsonclient_131648144
2017-01-30T18:14:02Z INFO Forwarding 'env' to json server '
https://id-management-2.internal.emerlyn.com/ipa/session/json'
2017-01-30T18:14:02Z DEBUG NSSConnection init
id-management-2.internal.emerlyn.com
2017-01-30T18:14:02Z DEBUG Connecting: 10.73.100.31:0
2017-01-30T18:14:02Z DEBUG approved_usage = SSL Server intended_usage = SSL
Server
2017-01-30T18:14:02Z DEBUG cert valid True for "CN=
id-management-2.internal.emerlyn.com,O=INTERNAL.EMERLYN.COM"
2017-01-30T18:14:02Z DEBUG handshake complete, peer = 10.73.100.31:443
2017-01-30T18:14:02Z DEBUG Protocol: TLS1.2
2017-01-30T18:14:02Z DEBUG Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2017-01-30T18:14:02Z DEBUG received Set-Cookie
'ipa_session=95e075167249489e9656f53177826615; Domain=
id-management-2.internal.emerlyn.com; Path=/ipa; Expires=Mon, 30 Jan 2017
18:34:02 GMT; Secure; HttpOnly'
2017-01-30T18:14:02Z DEBUG storing cookie
'ipa_session=95e075167249489e9656f53177826615; Domain=
id-management-2.internal.emerlyn.com; Path=/ipa; Expires=Mon, 30 Jan 2017
18:34:02 GMT; Secure; HttpOnly' for principal host/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
2017-01-30T18:14:02Z DEBUG Starting external process
2017-01-30T18:14:02Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
2017-01-30T18:14:02Z DEBUG Process finished, return code=0
2017-01-30T18:14:02Z DEBUG stdout=822249440

2017-01-30T18:14:02Z DEBUG stderr=
2017-01-30T18:14:02Z DEBUG Starting external process
2017-01-30T18:14:02Z DEBUG args=keyctl search @s user
ipa_session_cookie:host/idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM
2017-01-30T18:14:02Z DEBUG Process finished, return code=0
2017-01-30T18:14:02Z DEBUG stdout=822249440

2017-01-30T18:14:02Z DEBUG stderr=
2017-01-30T18:14:02Z DEBUG Starting external process
2017-01-30T18:14:02Z DEBUG args=keyctl pupdate 822249440
2017-01-30T18:14:02Z DEBUG Process finished, return code=0
2017-01-30T18:14:02Z DEBUG stdout=
2017-01-30T18:14:02Z DEBUG stderr=
2017-01-30T18:14:02Z DEBUG Destroyed connection context.jsonclient_131648144
2017-01-30T18:14:02Z DEBUG Created connection context.ldap2_100830544
2017-01-30T18:14:02Z DEBUG raw: domainlevel_get(version=u'2.213')
2017-01-30T18:14:02Z DEBUG domainlevel_get(version=u'2.213')
2017-01-30T18:14:02Z DEBUG flushing ldaps://
id-management-2.internal.emerlyn.com from SchemaCache
2017-01-30T18:14:02Z DEBUG retrieving schema for SchemaCache url=ldaps://
id-management-2.internal.emerlyn.com conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x7d94710>
2017-01-30T18:14:02Z DEBUG raw: hostgroup_find(None, cn=u'ipaservers',
version=u'2.213', host=[u'idmfs-01.internal.emerlyn.com'])
2017-01-30T18:14:02Z DEBUG hostgroup_find(None, cn=u'ipaservers',
all=False, raw=False, version=u'2.213', no_members=True, pkey_only=False,
host=(u'idmfs-01.internal.emerlyn.com',))
2017-01-30T18:14:02Z DEBUG KRB5CCNAME set to None
2017-01-30T18:14:02Z DEBUG Failed to find default ccache: Major (851968):
Unspecified GSS failure.  Minor code may provide more information, Minor
(2529639053): No Kerberos credentials available (default cache:
KEYRING:persistent:0)
2017-01-30T18:14:08Z DEBUG Initializing principal admin at INTERNAL.EMERLYN.COM
using password
2017-01-30T18:14:08Z DEBUG Starting external process
2017-01-30T18:14:08Z DEBUG args=/usr/bin/kinit admin at INTERNAL.EMERLYN.COM
-c /tmp/tmptMlYQM
2017-01-30T18:14:08Z DEBUG Process finished, return code=0
2017-01-30T18:14:08Z DEBUG stdout=Password for admin at INTERNAL.EMERLYN.COM:

2017-01-30T18:14:08Z DEBUG stderr=
2017-01-30T18:14:08Z DEBUG Destroyed connection context.ldap2_100830544
2017-01-30T18:14:08Z DEBUG Created connection context.ldap2_100830544
2017-01-30T18:14:08Z DEBUG raw: hostgroup_show(u'ipaservers', rights=True,
all=True, version=u'2.213')
2017-01-30T18:14:08Z DEBUG hostgroup_show(u'ipaservers', rights=True,
all=True, raw=False, version=u'2.213', no_members=False)
2017-01-30T18:14:08Z DEBUG flushing ldaps://
id-management-2.internal.emerlyn.com from SchemaCache
2017-01-30T18:14:08Z DEBUG retrieving schema for SchemaCache url=ldaps://
id-management-2.internal.emerlyn.com conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x7d94c68>
2017-01-30T18:14:08Z DEBUG Destroyed connection context.ldap2_100830544
2017-01-30T18:14:09Z DEBUG Created connection context.ldap2_100830544
2017-01-30T18:14:09Z DEBUG flushing ldaps://
id-management-2.internal.emerlyn.com from SchemaCache
2017-01-30T18:14:09Z DEBUG retrieving schema for SchemaCache url=ldaps://
id-management-2.internal.emerlyn.com conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x7d94908>
2017-01-30T18:14:09Z DEBUG Check forward/reverse DNS resolution
2017-01-30T18:14:09Z DEBUG Search DNS server
id-management-2.internal.emerlyn.com (['10.73.100.31', '10.73.100.31',
'10.73.100.31']) for id-management-2.internal.emerlyn.com
2017-01-30T18:14:09Z DEBUG Check reverse address 10.73.100.31 (
id-management-2.internal.emerlyn.com)
2017-01-30T18:14:09Z DEBUG Check failed: NXDOMAIN The DNS query name does
not exist: 31.100.73.10.in-addr.arpa.
2017-01-30T18:14:09Z ERROR Reverse DNS resolution of address 10.73.100.31 (
id-management-2.internal.emerlyn.com) failed. Clients may not function
properly. Please check your DNS setup. (Note that this check queries IPA
DNS directly and ignores /etc/hosts.)
2017-01-30T18:14:18Z DEBUG Name idmfs-01.internal.emerlyn.com. resolved to
set([UnsafeIPAddress('10.72.100.56')])
2017-01-30T18:14:18Z DEBUG Destroyed connection context.ldap2_100830544
2017-01-30T18:14:18Z DEBUG Starting external process
2017-01-30T18:14:18Z DEBUG args=/usr/sbin/ipa-replica-conncheck --master
id-management-2.internal.emerlyn.com --auto-master-check --realm
INTERNAL.EMERLYN.COM --hostname idmfs-01.internal.emerlyn.com --password
XXXXXXXX --ca-cert-file /etc/ipa/ca.crt
2017-01-30T18:14:24Z DEBUG Process finished, return code=0
2017-01-30T18:14:24Z DEBUG stdout=Check connection from replica to remote
master 'id-management-2.internal.emerlyn.com':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

The following list of ports use UDP protocol and would need to be
checked manually:
   Kerberos KDC: UDP (88): SKIPPED
   Kerberos Kpasswd: UDP (464): SKIPPED

Connection from replica to master is OK.
Start listening on required ports for remote master check
Get credentials to log in to remote master
Check RPC connection to remote master
Execute check on remote master
Check connection from master to remote replica '
idmfs-01.internal.emerlyn.com':
   Directory Service: Unsecure port (389): OK
   Directory Service: Secure port (636): OK
   Kerberos KDC: TCP (88): OK
   Kerberos KDC: UDP (88): OK
   Kerberos Kpasswd: TCP (464): OK
   Kerberos Kpasswd: UDP (464): OK
   HTTP Server: Unsecure port (80): OK
   HTTP Server: Secure port (443): OK

Connection from master to replica is OK.

2017-01-30T18:14:24Z DEBUG stderr=
2017-01-30T18:14:24Z DEBUG Created connection context.ldap2_100830544
2017-01-30T18:14:24Z DEBUG raw: hostgroup_add_member(u'ipaservers',
version=u'2.213', host=[u'idmfs-01.internal.emerlyn.com'])
2017-01-30T18:14:24Z DEBUG hostgroup_add_member(u'ipaservers', all=False,
raw=False, version=u'2.213', no_members=False, host=(u'
idmfs-01.internal.emerlyn.com',))
2017-01-30T18:14:24Z DEBUG add_entry_to_group: dn=fqdn=
idmfs-01.internal.emerlyn.com,cn=computers,cn=accounts,dc=internal,dc=emerlyn,dc=com
group_dn=cn=ipaservers,cn=hostgroups,cn=accounts,dc=internal,dc=emerlyn,dc=com
member_attr=member
2017-01-30T18:14:24Z DEBUG flushing ldaps://
id-management-2.internal.emerlyn.com from SchemaCache
2017-01-30T18:14:24Z DEBUG retrieving schema for SchemaCache url=ldaps://
id-management-2.internal.emerlyn.com conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x876bdd0>
2017-01-30T18:14:24Z DEBUG Destroyed connection context.ldap2_100830544
2017-01-30T18:14:24Z DEBUG Backing up system configuration file
'/etc/ipa/default.conf'
2017-01-30T18:14:24Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:24Z DEBUG Starting external process
2017-01-30T18:14:24Z DEBUG args=/bin/systemctl start messagebus.service
2017-01-30T18:14:24Z DEBUG Process finished, return code=0
2017-01-30T18:14:24Z DEBUG stdout=
2017-01-30T18:14:24Z DEBUG stderr=
2017-01-30T18:14:24Z DEBUG Starting external process
2017-01-30T18:14:24Z DEBUG args=/bin/systemctl is-active messagebus.service
2017-01-30T18:14:24Z DEBUG Process finished, return code=0
2017-01-30T18:14:24Z DEBUG stdout=active

2017-01-30T18:14:24Z DEBUG stderr=
2017-01-30T18:14:24Z DEBUG Starting external process
2017-01-30T18:14:24Z DEBUG args=/bin/systemctl restart certmonger.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-active certmonger.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=active

2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl enable certmonger.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=Created symlink from
/etc/systemd/system/multi-user.target.wants/certmonger.service to
/usr/lib/systemd/system/certmonger.service.

2017-01-30T18:14:25Z DEBUG group dirsrv exists
2017-01-30T18:14:25Z DEBUG user dirsrv exists
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-enabled chronyd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=1
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=Failed to get unit file state for
chronyd.service: No such file or directory

2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-active chronyd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=3
2017-01-30T18:14:25Z DEBUG stdout=unknown

2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:25Z DEBUG Configuring NTP daemon (ntpd)
2017-01-30T18:14:25Z DEBUG   [1/4]: stopping ntpd
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-active ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=active

2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl stop ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG   duration: 0 seconds
2017-01-30T18:14:25Z DEBUG   [2/4]: writing configuration
2017-01-30T18:14:25Z DEBUG Backing up system configuration file
'/etc/ntp.conf'
2017-01-30T18:14:25Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:25Z DEBUG Backing up system configuration file
'/etc/sysconfig/ntpd'
2017-01-30T18:14:25Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:25Z DEBUG   duration: 0 seconds
2017-01-30T18:14:25Z DEBUG   [3/4]: configuring ntpd to start on boot
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-enabled ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=enabled

2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl enable ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG   duration: 0 seconds
2017-01-30T18:14:25Z DEBUG   [4/4]: starting ntpd
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl start ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=
2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/bin/systemctl is-active ntpd.service
2017-01-30T18:14:25Z DEBUG Process finished, return code=0
2017-01-30T18:14:25Z DEBUG stdout=active

2017-01-30T18:14:25Z DEBUG stderr=
2017-01-30T18:14:25Z DEBUG   duration: 0 seconds
2017-01-30T18:14:25Z DEBUG Done configuring NTP daemon (ntpd).
2017-01-30T18:14:25Z DEBUG Created connection context.ldap2_100830544
2017-01-30T18:14:25Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:25Z DEBUG Configuring directory server (dirsrv). Estimated
time: 1 minute
2017-01-30T18:14:25Z DEBUG   [1/44]: creating directory server user
2017-01-30T18:14:25Z DEBUG group dirsrv exists
2017-01-30T18:14:25Z DEBUG user dirsrv exists
2017-01-30T18:14:25Z DEBUG   duration: 0 seconds
2017-01-30T18:14:25Z DEBUG   [2/44]: creating directory server instance
2017-01-30T18:14:25Z DEBUG Loading StateFile from
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Saving StateFile to
'/var/lib/ipa/sysrestore/sysrestore.state'
2017-01-30T18:14:25Z DEBUG Backing up system configuration file
'/etc/sysconfig/dirsrv'
2017-01-30T18:14:25Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:25Z DEBUG
dn: dc=internal,dc=emerlyn,dc=com
objectClass: top
objectClass: domain
objectClass: pilotObject
dc: internal
info: IPA V2.0

2017-01-30T18:14:25Z DEBUG writing inf template
2017-01-30T18:14:25Z DEBUG
[General]
FullMachineName=   idmfs-01.internal.emerlyn.com
SuiteSpotUserID=   dirsrv
SuiteSpotGroup=    dirsrv
ServerRoot=    /usr/lib64/dirsrv
[slapd]
ServerPort=   389
ServerIdentifier=   INTERNAL-EMERLYN-COM
Suffix=   dc=internal,dc=emerlyn,dc=com
RootDN=   cn=Directory Manager
InstallLdifFile= /var/lib/dirsrv/boot.ldif
inst_dir=   /var/lib/dirsrv/scripts-INTERNAL-EMERLYN-COM

2017-01-30T18:14:25Z DEBUG calling setup-ds.pl
2017-01-30T18:14:25Z DEBUG Starting external process
2017-01-30T18:14:25Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile -
-f /tmp/tmpvGOU1R
2017-01-30T18:14:27Z DEBUG Process finished, return code=0
2017-01-30T18:14:27Z DEBUG stdout=[17/01/30:13:14:27] - [Setup] Info Your
new DS instance 'INTERNAL-EMERLYN-COM' was successfully created.
Your new DS instance 'INTERNAL-EMERLYN-COM' was successfully created.
[17/01/30:13:14:27] - [Setup] Success Exiting . . .
Log file is '-'

Exiting . . .
Log file is '-'


2017-01-30T18:14:27Z DEBUG stderr=
2017-01-30T18:14:27Z DEBUG completed creating ds instance
2017-01-30T18:14:27Z DEBUG   duration: 1 seconds
2017-01-30T18:14:27Z DEBUG   [3/44]: updating configuration in dse.ldif
2017-01-30T18:14:27Z DEBUG Starting external process
2017-01-30T18:14:27Z DEBUG args=/bin/systemctl stop
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=
2017-01-30T18:14:28Z DEBUG stderr=
2017-01-30T18:14:28Z DEBUG   duration: 1 seconds
2017-01-30T18:14:28Z DEBUG   [4/44]: restarting directory server
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/bin/systemctl --system daemon-reload
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=
2017-01-30T18:14:28Z DEBUG stderr=
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/bin/systemctl restart
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=
2017-01-30T18:14:28Z DEBUG stderr=
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=active

2017-01-30T18:14:28Z DEBUG stderr=
2017-01-30T18:14:28Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=active

2017-01-30T18:14:28Z DEBUG stderr=
2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [5/44]: adding default schema
2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [6/44]: enabling memberof plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/memberof-conf.ldif -H ldap://
idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpENUDnG
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=replace nsslapd-pluginenabled:
    on
add memberofgroupattr:
    memberUser
add memberofgroupattr:
    memberHost
modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [7/44]: enabling winsync plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/ipa-winsync-conf.ldif -H ldap://
idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmp2haA4d
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipa-winsync
add nsslapd-pluginpath:
    libipa_winsync
add nsslapd-plugininitfunc:
    ipa_winsync_plugin_init
add nsslapd-pluginDescription:
    Allows IPA to work with the DS windows sync feature
add nsslapd-pluginid:
    ipa-winsync
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    on
add nsslapd-plugin-depends-on-type:
    database
add ipaWinSyncRealmFilter:
    (objectclass=krbRealmContainer)
add ipaWinSyncRealmAttr:
    cn
add ipaWinSyncNewEntryFilter:
    (cn=ipaConfig)
add ipaWinSyncNewUserOCAttr:
    ipauserobjectclasses
add ipaWinSyncUserFlatten:
    true
add ipaWinsyncHomeDirAttr:
    ipaHomesRootDir
add ipaWinsyncLoginShellAttr:
    ipaDefaultLoginShell
add ipaWinSyncDefaultGroupAttr:
    ipaDefaultPrimaryGroup
add ipaWinSyncDefaultGroupFilter:
    (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
add ipaWinSyncAcctDisable:
    both
add ipaWinSyncForceSync:
    true
add ipaWinSyncUserAttr:
    uidNumber -1
    gidNumber -1
adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [8/44]: configuring replication version plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/version-conf.ldif -H ldap://idmfs-01.internal.emerlyn.com:389
-x -D cn=Directory Manager -y /tmp/tmpsXVkbb
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Version Replication
add nsslapd-pluginpath:
    libipa_repl_version
add nsslapd-plugininitfunc:
    repl_version_plugin_init
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    off
add nsslapd-pluginid:
    ipa_repl_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA Replication version plugin
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-plugin-depends-on-named:
    Multimaster Replication Plugin
adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [9/44]: enabling IPA enrollment plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2Y_1cF -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpqVpKUo
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipa_enrollment_extop
add nsslapd-pluginpath:
    libipa_enrollment_extop
add nsslapd-plugininitfunc:
    ipaenrollment_init
add nsslapd-plugintype:
    extendedop
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipa_enrollment_extop
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    RedHat
add nsslapd-plugindescription:
    Enroll hosts into the IPA domain
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-realmTree:
    dc=internal,dc=emerlyn,dc=com
adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [10/44]: enabling ldapi
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpHlgcdV -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpVJTxf7
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=replace nsslapd-ldapilisten:
    on
modifying entry "cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [11/44]: configuring uniqueness plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpP_NH4d -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpVPbyTw
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    krbPrincipalName uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    krbPrincipalName
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=internal,dc=emerlyn,dc=com
add uniqueness-exclude-subtrees:
    cn=staged
users,cn=accounts,cn=provisioning,dc=internal,dc=emerlyn,dc=com
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    krbCanonicalName uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    krbCanonicalName
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=internal,dc=emerlyn,dc=com
add uniqueness-exclude-subtrees:
    cn=staged
users,cn=accounts,cn=provisioning,dc=internal,dc=emerlyn,dc=com
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    netgroup uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    cn
add uniqueness-subtrees:
    cn=ng,cn=alt,dc=internal,dc=emerlyn,dc=com
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    ipaUniqueID uniqueness
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    ipaUniqueID
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
add nsslapd-pluginDescription:
    Enforce unique attribute values
add uniqueness-subtrees:
    dc=internal,dc=emerlyn,dc=com
add uniqueness-exclude-subtrees:
    cn=staged
users,cn=accounts,cn=provisioning,dc=internal,dc=emerlyn,dc=com
add uniqueness-across-all-subtrees:
    on
adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    sudorule name uniqueness
add nsslapd-pluginDescription:
    Enforce unique attribute values
add nsslapd-pluginPath:
    libattr-unique-plugin
add nsslapd-pluginInitfunc:
    NSUniqueAttr_Init
add nsslapd-pluginType:
    preoperation
add nsslapd-pluginEnabled:
    on
add uniqueness-attribute-name:
    cn
add uniqueness-subtrees:
    cn=sudorules,cn=sudo,dc=internal,dc=emerlyn,dc=com
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginId:
    NSUniqueAttr
add nsslapd-pluginVersion:
    1.1.0
add nsslapd-pluginVendor:
    Fedora Project
adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [12/44]: configuring uuid plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/uuid-conf.ldif -H ldap://idmfs-01.internal.emerlyn.com:389
-x -D cn=Directory Manager -y /tmp/tmpYQ7MBu
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA UUID
add nsslapd-pluginpath:
    libipa_uuid
add nsslapd-plugininitfunc:
    ipauuid_init
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipauuid_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA UUID plugin
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA UUID,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpdy0lbi -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpkqyIvk
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    extensibleObject
add cn:
    IPA Unique IDs
add ipaUuidAttr:
    ipaUniqueID
add ipaUuidMagicRegen:
    autogenerate
add ipaUuidFilter:
    (|(objectclass=ipaObject)(objectclass=ipaAssociation))
add ipaUuidScope:
    dc=internal,dc=emerlyn,dc=com
add ipaUuidEnforce:
    TRUE
adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete

add objectclass:
    top
    extensibleObject
add cn:
    IPK11 Unique IDs
add ipaUuidAttr:
    ipk11UniqueID
add ipaUuidMagicRegen:
    autogenerate
add ipaUuidFilter:
    (objectclass=ipk11Object)
add ipaUuidScope:
    dc=internal,dc=emerlyn,dc=com
add ipaUuidEnforce:
    FALSE
adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [13/44]: configuring modrdn plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/modrdn-conf.ldif -H ldap://idmfs-01.internal.emerlyn.com:389
-x -D cn=Directory Manager -y /tmp/tmpOqfjAO
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA MODRDN
add nsslapd-pluginpath:
    libipa_modrdn
add nsslapd-plugininitfunc:
    ipamodrdn_init
add nsslapd-plugintype:
    betxnpostoperation
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipamodrdn_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA MODRDN plugin
add nsslapd-plugin-depends-on-type:
    database
add nsslapd-pluginPrecedence:
    60
adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpyghKlx -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpgloKvC
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    extensibleObject
add cn:
    Kerberos Principal Name
add ipaModRDNsourceAttr:
    uid
add ipaModRDNtargetAttr:
    krbPrincipalName
add ipaModRDNsuffix:
    @INTERNAL.EMERLYN.COM
add ipaModRDNfilter:
    (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
    dc=internal,dc=emerlyn,dc=com
adding new entry "cn=Kerberos Principal Name,cn=IPA
MODRDN,cn=plugins,cn=config"
modify complete

add objectclass:
    top
    extensibleObject
add cn:
    Kerberos Canonical Name
add ipaModRDNsourceAttr:
    uid
add ipaModRDNtargetAttr:
    krbCanonicalName
add ipaModRDNsuffix:
    @INTERNAL.EMERLYN.COM
add ipaModRDNfilter:
    (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
add ipaModRDNscope:
    dc=internal,dc=emerlyn,dc=com
adding new entry "cn=Kerberos Canonical Name,cn=IPA
MODRDN,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [14/44]: configuring DNS plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/ipa-dns-conf.ldif -H ldap://idmfs-01.internal.emerlyn.com:389
-x -D cn=Directory Manager -y /tmp/tmpzLP4sT
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsslapdPlugin
    extensibleObject
add cn:
    IPA DNS
add nsslapd-plugindescription:
    IPA DNS support plugin
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipa_dns
add nsslapd-plugininitfunc:
    ipadns_init
add nsslapd-pluginpath:
    libipa_dns.so
add nsslapd-plugintype:
    preoperation
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-pluginversion:
    1.0
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA DNS,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [15/44]: enabling entryUSN plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/entryusn.ldif -H ldap://idmfs-01.internal.emerlyn.com:389 -x
-D cn=Directory Manager -y /tmp/tmpGAIOs8
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=replace nsslapd-entryusn-global:
    on
modifying entry "cn=config"
modify complete

replace nsslapd-entryusn-import-initval:
    next
modifying entry "cn=config"
modify complete

replace nsslapd-pluginenabled:
    on
modifying entry "cn=USN,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [16/44]: configuring lockout plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/lockout-conf.ldif -H ldap://idmfs-01.internal.emerlyn.com:389
-x -D cn=Directory Manager -y /tmp/tmpVKsOBc
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectclass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Lockout
add nsslapd-pluginpath:
    libipa_lockout
add nsslapd-plugininitfunc:
    ipalockout_init
add nsslapd-plugintype:
    object
add nsslapd-pluginenabled:
    on
add nsslapd-pluginid:
    ipalockout_version
add nsslapd-pluginversion:
    1.0
add nsslapd-pluginvendor:
    Red Hat, Inc.
add nsslapd-plugindescription:
    IPA Lockout plugin
add nsslapd-plugin-depends-on-type:
    database
adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [17/44]: configuring topology plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpMsDuZ7 -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpol4G8y
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectClass:
    top
    nsSlapdPlugin
    extensibleObject
add cn:
    IPA Topology Configuration
add nsslapd-pluginPath:
    libtopology
add nsslapd-pluginInitfunc:
    ipa_topo_init
add nsslapd-pluginType:
    object
add nsslapd-pluginEnabled:
    on
add nsslapd-topo-plugin-shared-config-base:
    cn=ipa,cn=etc,dc=internal,dc=emerlyn,dc=com
add nsslapd-topo-plugin-shared-replica-root:
    dc=internal,dc=emerlyn,dc=com
    o=ipaca
add nsslapd-topo-plugin-shared-binddngroup:
    cn=replication
managers,cn=sysaccounts,cn=etc,dc=internal,dc=emerlyn,dc=com
add nsslapd-topo-plugin-startup-delay:
    20
add nsslapd-pluginId:
    none
add nsslapd-plugin-depends-on-named:
    ldbm database
    Multimaster Replication Plugin
add nsslapd-pluginVersion:
    1.0
add nsslapd-pluginVendor:
    none
add nsslapd-pluginDescription:
    none
adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [18/44]: creating indices
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/indices.ldif -H ldap://idmfs-01.internal.emerlyn.com:389 -x
-D cn=Directory Manager -y /tmp/tmppcBR8s
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=add objectClass:
    top
    nsIndex
add cn:
    krbPrincipalName
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
add nsMatchingRule:
    caseIgnoreIA5Match
    caseExactIA5Match
adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    ou
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    carLicense
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    title
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    manager
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    secretary
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    displayname
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add nsIndexType:
    sub
modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    uidnumber
add nsSystemIndex:
    false
add nsIndexType:
    eq
add nsMatchingRule:
    integerOrderingMatch
adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add objectClass:
    top
    nsIndex
add cn:
    gidnumber
add nsSystemIndex:
    false
add nsIndexType:
    eq
add nsMatchingRule:
    integerOrderingMatch
adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
    eq
    pres
modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

replace nsIndexType:
    eq
    pres
modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add ObjectClass:
    top
    nsIndex
add cn:
    fqdn
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add ObjectClass:
    top
    nsIndex
add cn:
    macAddress
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    memberHost
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    memberUser
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    sourcehost
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    memberservice
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    managedby
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    memberallowcmd
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    memberdenycmd
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipasudorunas
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipasudorunasgroup
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    automountkey
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipakrbprincipalalias
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipauniqueid
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipaMemberCa
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipaMemberCertProfile
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
    sub
adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    userCertificate
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    ipalocation
add ObjectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    pres
adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete

add cn:
    krbCanonicalName
add objectClass:
    top
    nsIndex
add nsSystemIndex:
    false
add nsIndexType:
    eq
    sub
adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm
database,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [19/44]: enabling referential integrity plugin
2017-01-30T18:14:28Z DEBUG Starting external process
2017-01-30T18:14:28Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/referint-conf.ldif -H ldap://
idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmppyqc4A
2017-01-30T18:14:28Z DEBUG Process finished, return code=0
2017-01-30T18:14:28Z DEBUG stdout=replace nsslapd-pluginenabled:
    on
modifying entry "cn=referential integrity
postoperation,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:28Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [20/44]: configuring certmap.conf
2017-01-30T18:14:28Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-30T18:14:28Z DEBUG Loading StateFile from
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-30T18:14:28Z DEBUG Saving StateFile to
'/var/lib/ipa/sysupgrade/sysupgrade.state'
2017-01-30T18:14:28Z DEBUG   duration: 0 seconds
2017-01-30T18:14:28Z DEBUG   [21/44]: configure autobind for root
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/usr/bin/ldapmodify -v -f
/usr/share/ipa/root-autobind.ldif -H ldap://
idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmprZhf9H
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=add objectClass:
    extensibleObject
    top
add cn:
    root-autobind
add uidNumber:
    0
add gidNumber:
    0
adding new entry "cn=root-autobind,cn=config"
modify complete

replace nsslapd-ldapiautobind:
    on
modifying entry "cn=config"
modify complete

replace nsslapd-ldapimaptoentries:
    on
modifying entry "cn=config"
modify complete


2017-01-30T18:14:29Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:29Z DEBUG   duration: 0 seconds
2017-01-30T18:14:29Z DEBUG   [22/44]: configure new location for managed
entries
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpx5ELww -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpUP3JRo
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=add nsslapd-pluginConfigArea:
    cn=Definitions,cn=Managed Entries,cn=etc,dc=internal,dc=emerlyn,dc=com
modifying entry "cn=Managed Entries,cn=plugins,cn=config"
modify complete


2017-01-30T18:14:29Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:29Z DEBUG   duration: 0 seconds
2017-01-30T18:14:29Z DEBUG   [23/44]: configure dirsrv ccache
2017-01-30T18:14:29Z DEBUG Backing up system configuration file
'/etc/sysconfig/dirsrv'
2017-01-30T18:14:29Z DEBUG Saving Index File to
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/usr/sbin/selinuxenabled
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=
2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=
2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG   duration: 0 seconds
2017-01-30T18:14:29Z DEBUG   [24/44]: enabling SASL mapping fallback
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp3KBRRM -H
ldap://idmfs-01.internal.emerlyn.com:389 -x -D cn=Directory Manager -y
/tmp/tmpIkrrhu
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
    on
modifying entry "cn=config"
modify complete


2017-01-30T18:14:29Z DEBUG stderr=ldap_initialize( ldap://
idmfs-01.internal.emerlyn.com:389/??base )

2017-01-30T18:14:29Z DEBUG   duration: 0 seconds
2017-01-30T18:14:29Z DEBUG   [25/44]: restarting directory server
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/bin/systemctl --system daemon-reload
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=
2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/bin/systemctl restart
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=
2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=active

2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-01-30T18:14:29Z DEBUG Starting external process
2017-01-30T18:14:29Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:29Z DEBUG Process finished, return code=0
2017-01-30T18:14:29Z DEBUG stdout=active

2017-01-30T18:14:29Z DEBUG stderr=
2017-01-30T18:14:29Z DEBUG   duration: 0 seconds
2017-01-30T18:14:29Z DEBUG   [26/44]: creating DS keytab
2017-01-30T18:14:29Z DEBUG Backing up system configuration file
'/etc/dirsrv/ds.keytab'
2017-01-30T18:14:29Z DEBUG   -> Not backing up - '/etc/dirsrv/ds.keytab'
doesn't exist
2017-01-30T18:14:29Z DEBUG raw: service_add(u'ldap/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM', force=True,
version=u'2.213')
2017-01-30T18:14:29Z DEBUG service_add(<ipapython.kerberos.Principal object
at 0x891cfd0>, force=True, all=False, raw=False, version=u'2.213',
no_members=False)
2017-01-30T18:14:29Z DEBUG flushing ldaps://
id-management-2.internal.emerlyn.com from SchemaCache
2017-01-30T18:14:29Z DEBUG retrieving schema for SchemaCache url=ldaps://
id-management-2.internal.emerlyn.com conn=<ldap.ldapobject.SimpleLDAPObject
instance at 0x741a9e0>
2017-01-30T18:14:30Z DEBUG raw: host_show(u'idmfs-01.internal.emerlyn.com',
version=u'2.213')
2017-01-30T18:14:30Z DEBUG host_show(u'idmfs-01.internal.emerlyn.com',
rights=False, all=False, raw=False, version=u'2.213', no_members=False)
2017-01-30T18:14:30Z DEBUG Starting external process
2017-01-30T18:14:30Z DEBUG args=/usr/sbin/ipa-getkeytab -k
/etc/dirsrv/ds.keytab -p ldap/
idmfs-01.internal.emerlyn.com at INTERNAL.EMERLYN.COM -s
id-management-2.internal.emerlyn.com
2017-01-30T18:14:30Z DEBUG Process finished, return code=0
2017-01-30T18:14:30Z DEBUG stdout=
2017-01-30T18:14:30Z DEBUG stderr=Keytab successfully retrieved and stored
in: /etc/dirsrv/ds.keytab

2017-01-30T18:14:30Z DEBUG   duration: 0 seconds
2017-01-30T18:14:30Z DEBUG   [27/44]: retrieving DS Certificate
2017-01-30T18:14:30Z DEBUG Loading Index file from
'/var/lib/ipa/sysrestore/sysrestore.index'
2017-01-30T18:14:30Z DEBUG Starting external process
2017-01-30T18:14:30Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/ -L -n INTERNAL.EMERLYN.COM IPA CA -a
2017-01-30T18:14:30Z DEBUG Process finished, return code=255
2017-01-30T18:14:30Z DEBUG stdout=
2017-01-30T18:14:30Z DEBUG stderr=certutil: Could not find cert:
INTERNAL.EMERLYN.COM IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found

2017-01-30T18:14:30Z DEBUG Starting external process
2017-01-30T18:14:30Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/ -N -f
/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM//pwdfile.txt
2017-01-30T18:14:30Z DEBUG Process finished, return code=0
2017-01-30T18:14:30Z DEBUG stdout=
2017-01-30T18:14:30Z DEBUG stderr=
2017-01-30T18:14:30Z DEBUG Starting external process
2017-01-30T18:14:30Z DEBUG args=/usr/bin/certutil -d
/etc/dirsrv/slapd-INTERNAL-EMERLYN-COM/ -A -n INTERNAL.EMERLYN.COM IPA CA
-t CT,C,C -a
2017-01-30T18:14:30Z DEBUG Process finished, return code=0
2017-01-30T18:14:30Z DEBUG stdout=
2017-01-30T18:14:30Z DEBUG stderr=
2017-01-30T18:14:30Z DEBUG certmonger request is in state
dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)
2017-01-30T18:14:35Z DEBUG certmonger request is in state
dbus.String(u'MONITORING', variant_level=1)
2017-01-30T18:14:35Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-30T18:14:35Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x85b2998>
2017-01-30T18:14:35Z DEBUG   duration: 5 seconds
2017-01-30T18:14:35Z DEBUG   [28/44]: restarting directory server
2017-01-30T18:14:35Z DEBUG Starting external process
2017-01-30T18:14:35Z DEBUG args=/bin/systemctl --system daemon-reload
2017-01-30T18:14:35Z DEBUG Process finished, return code=0
2017-01-30T18:14:35Z DEBUG stdout=
2017-01-30T18:14:35Z DEBUG stderr=
2017-01-30T18:14:35Z DEBUG Starting external process
2017-01-30T18:14:35Z DEBUG args=/bin/systemctl restart
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:37Z DEBUG Process finished, return code=0
2017-01-30T18:14:37Z DEBUG stdout=
2017-01-30T18:14:37Z DEBUG stderr=
2017-01-30T18:14:37Z DEBUG Starting external process
2017-01-30T18:14:37Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:37Z DEBUG Process finished, return code=0
2017-01-30T18:14:37Z DEBUG stdout=active

2017-01-30T18:14:37Z DEBUG stderr=
2017-01-30T18:14:37Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-01-30T18:14:37Z DEBUG Starting external process
2017-01-30T18:14:37Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:37Z DEBUG Process finished, return code=0
2017-01-30T18:14:37Z DEBUG stdout=active

2017-01-30T18:14:37Z DEBUG stderr=
2017-01-30T18:14:37Z DEBUG   duration: 1 seconds
2017-01-30T18:14:37Z DEBUG   [29/44]: setting up initial replication
2017-01-30T18:14:37Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-30T18:14:37Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x241bea8>
2017-01-30T18:14:37Z DEBUG Starting external process
2017-01-30T18:14:37Z DEBUG args=/bin/systemctl --system daemon-reload
2017-01-30T18:14:37Z DEBUG Process finished, return code=0
2017-01-30T18:14:37Z DEBUG stdout=
2017-01-30T18:14:37Z DEBUG stderr=
2017-01-30T18:14:37Z DEBUG Starting external process
2017-01-30T18:14:37Z DEBUG args=/bin/systemctl restart
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:38Z DEBUG Process finished, return code=0
2017-01-30T18:14:38Z DEBUG stdout=
2017-01-30T18:14:38Z DEBUG stderr=
2017-01-30T18:14:38Z DEBUG Starting external process
2017-01-30T18:14:38Z DEBUG args=/bin/systemctl is-active
dirsrv at INTERNAL-EMERLYN-COM.service
2017-01-30T18:14:38Z DEBUG Process finished, return code=0
2017-01-30T18:14:38Z DEBUG stdout=active

2017-01-30T18:14:38Z DEBUG stderr=
2017-01-30T18:14:38Z DEBUG wait_for_open_ports: localhost [389] timeout 300
2017-01-30T18:14:38Z DEBUG Fetching nsDS5ReplicaId from master [attempt 1/5]
2017-01-30T18:14:38Z DEBUG flushing ldap://
id-management-2.internal.emerlyn.com:389 from SchemaCache
2017-01-30T18:14:38Z DEBUG retrieving schema for SchemaCache url=ldap://
id-management-2.internal.emerlyn.com:389
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x89a2a70>
2017-01-30T18:14:39Z DEBUG Successfully updated nsDS5ReplicaId.
2017-01-30T18:14:39Z DEBUG flushing
ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket from SchemaCache
2017-01-30T18:14:39Z DEBUG retrieving schema for SchemaCache
url=ldapi://%2fvar%2frun%2fslapd-INTERNAL-EMERLYN-COM.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9cde560>
2017-01-30T18:14:54Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 414, in __setup_replica
    repl.setup_promote_replication(self.master_fqdn)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 1643, in setup_promote_replication
    raise RuntimeError("Failed to start replication")
RuntimeError: Failed to start replication

2017-01-30T18:14:54Z DEBUG   [error] RuntimeError: Failed to start
replication
2017-01-30T18:14:54Z DEBUG Destroyed connection context.ldap2_100830544
2017-01-30T18:14:54Z DEBUG   File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line
318, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
310, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
332, in execute
    for nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
586, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
372, in __runner
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
449, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
446, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
394, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
362, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line
359, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line
59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line
63, in _install
    for nothing in self._installer(self.parent):
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1714, in main
    promote(self)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 364, in decorated
    func(installer)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1415, in promote
    promote=True, pkcs12_info=dirsrv_pkcs12_info)
  File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/replicainstall.py",
line 127, in install_replica_ds
    api=remote_api,
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 399, in create_replica
    self.start_creation(runtime=60)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 449, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 439, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py",
line 414, in __setup_replica
    repl.setup_promote_replication(self.master_fqdn)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 1643, in setup_promote_replication
    raise RuntimeError("Failed to start replication")

2017-01-30T18:14:54Z DEBUG The ipa-replica-install command failed,
exception: RuntimeError: Failed to start replication
2017-01-30T18:14:54Z ERROR Failed to start replication
2017-01-30T18:14:54Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information


Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170130/1c8956a5/attachment.htm>

From peljasz at yahoo.co.uk  Mon Jan 30 19:12:10 2017
From: peljasz at yahoo.co.uk (lejeczek)
Date: Mon, 30 Jan 2017 19:12:10 +0000
Subject: [Freeipa-users] IPA and DNS reverse subnets
In-Reply-To: <20170130182855.GA140191@mother.pipebreaker.pl>
References: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>
	<20170130182855.GA140191@mother.pipebreaker.pl>
Message-ID: <2591a003-d607-ae91-b9b8-be6a7d5849d2@yahoo.co.uk>



On 30/01/17 18:28, Tomasz Torcz wrote:
> On Mon, Jan 30, 2017 at 06:01:03PM +0000, lejeczek wrote:
>> hi everybody
>>
>> I'm having trouble trying to figure out, or in other words make this to
>> work:
>>
>> I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it
>> I got it right.
>> Host reverse resoling does not seem to right. I have:
>>
>>
>>    Zone name: 28/48.10.5.10.in-addr.arpa.   <= this here is like non-usual, I
>> understand it's how such a reverse subnet should be defined, but not 100%
>> sure.
>    Here you got it wrong.  IPv4 reverses are split at octet boundary, you
> cannot have greater granularity.  And for sure you cannot mix CIDR addressing (/28)
> and netblock type.  On top of that, ?/? is not correct character in DNS.

how about this - 
http://www.zytrax.com/books/dns/ch9/reverse.html - would 
this not work?

>
>     Your reverse zone is 10.5.10.in-addr.arpa.
>
> (IPv6 reverses are split at nibble boundary, FWIW).
>



From tomek at pipebreaker.pl  Mon Jan 30 19:32:53 2017
From: tomek at pipebreaker.pl (Tomasz Torcz)
Date: Mon, 30 Jan 2017 20:32:53 +0100
Subject: [Freeipa-users] IPA and DNS reverse subnets
In-Reply-To: <2591a003-d607-ae91-b9b8-be6a7d5849d2@yahoo.co.uk>
References: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>
	<20170130182855.GA140191@mother.pipebreaker.pl>
	<2591a003-d607-ae91-b9b8-be6a7d5849d2@yahoo.co.uk>
Message-ID: <20170130193252.GB140191@mother.pipebreaker.pl>

On Mon, Jan 30, 2017 at 07:12:10PM +0000, lejeczek wrote:
> 
> 
> On 30/01/17 18:28, Tomasz Torcz wrote:
> > On Mon, Jan 30, 2017 at 06:01:03PM +0000, lejeczek wrote:
> > > hi everybody
> > > 
> > > I'm having trouble trying to figure out, or in other words make this to
> > > work:
> > > 
> > > I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it
> > > I got it right.
> > > Host reverse resoling does not seem to right. I have:
> > > 
> > > 
> > >    Zone name: 28/48.10.5.10.in-addr.arpa.   <= this here is like non-usual, I
> > > understand it's how such a reverse subnet should be defined, but not 100%
> > > sure.
> >    Here you got it wrong.  IPv4 reverses are split at octet boundary, you
> > cannot have greater granularity.  And for sure you cannot mix CIDR addressing (/28)
> > and netblock type.  On top of that, ?/? is not correct character in DNS.
> 
> how about this - http://www.zytrax.com/books/dns/ch9/reverse.html - would
> this not work?

  Wow. This is first time in my life I see this notation. Nevertheless, I was wrong
with my previous email.
  Having read your link, I found http://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation
Is this helpful?

-- 
Tomasz Torcz              ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg at chrome.pl   an IP-routable hand grenade.'' -- Andrew Morton (LKML)



From peljasz at yahoo.co.uk  Mon Jan 30 21:30:51 2017
From: peljasz at yahoo.co.uk (lejeczek)
Date: Mon, 30 Jan 2017 21:30:51 +0000
Subject: [Freeipa-users] IPA and DNS reverse subnets
In-Reply-To: <20170130193252.GB140191@mother.pipebreaker.pl>
References: <4fd52b16-416d-cbc2-8e72-b1fa9a8d233a@yahoo.co.uk>
	<20170130182855.GA140191@mother.pipebreaker.pl>
	<2591a003-d607-ae91-b9b8-be6a7d5849d2@yahoo.co.uk>
	<20170130193252.GB140191@mother.pipebreaker.pl>
Message-ID: <e69dea3b-36ca-c257-4777-bc0e99ca1379@yahoo.co.uk>



On 30/01/17 19:32, Tomasz Torcz wrote:
> On Mon, Jan 30, 2017 at 07:12:10PM +0000, lejeczek wrote:
>>
>> On 30/01/17 18:28, Tomasz Torcz wrote:
>>> On Mon, Jan 30, 2017 at 06:01:03PM +0000, lejeczek wrote:
>>>> hi everybody
>>>>
>>>> I'm having trouble trying to figure out, or in other words make this to
>>>> work:
>>>>
>>>> I'm setting up a domain in a subnet like this: 10.5.10.48/28 but not sure it
>>>> I got it right.
>>>> Host reverse resoling does not seem to right. I have:
>>>>
>>>>
>>>>     Zone name: 28/48.10.5.10.in-addr.arpa.   <= this here is like non-usual, I
>>>> understand it's how such a reverse subnet should be defined, but not 100%
>>>> sure.
>>>     Here you got it wrong.  IPv4 reverses are split at octet boundary, you
>>> cannot have greater granularity.  And for sure you cannot mix CIDR addressing (/28)
>>> and netblock type.  On top of that, ?/? is not correct character in DNS.
>> how about this - http://www.zytrax.com/books/dns/ch9/reverse.html - would
>> this not work?
>    Wow. This is first time in my life I see this notation. Nevertheless, I was wrong
> with my previous email.
>    Having read your link, I found http://www.freeipa.org/page/Howto/DNS_classless_IN-ADDR.ARPA_delegation
> Is this helpful?
>
meanwhile I had it working partially, delegation to subnets 
works but not everything.
More tampering to do, I'll post more findings later, hopefully.
thanks.



From rcritten at redhat.com  Tue Jan 31 09:21:57 2017
From: rcritten at redhat.com (Rob Crittenden)
Date: Tue, 31 Jan 2017 10:21:57 +0100
Subject: [Freeipa-users] Cannot create replica
In-Reply-To: <CA+No-6FvVPBCEEq7dvAmq_jgWK1e=pDjcVpyFs3h8QZrWTFVFw@mail.gmail.com>
References: <CA+No-6FvVPBCEEq7dvAmq_jgWK1e=pDjcVpyFs3h8QZrWTFVFw@mail.gmail.com>
Message-ID: <61a7ea07-9590-3770-64ef-cae55b9c9093@redhat.com>

Jeff Goddard wrote:
> My previous install of freeipa became corrupted so I'm starting fresh.
> I've got a new Centos 7.2 server set up and installed ipa version s 4.4.
> Now I'm trying to set up a replica on another newly created and patched
> centos server. The ipa-client-install command completes without issue
> but when I try ipa-replica-install --no-host-dns I get up to step 29
> setting up the initial replication and it fails. Can someone point me to
> the documentation I'm missing or explain what I can do to have success?
> Below is the install error log:

I'd check the 389-ds logs on both sides to see if that sheds any light. 
Based on where it blew up the agreements should already have been setup, 
this was just going to force a sync.

rob



From r3pek at r3pek.org  Tue Jan 31 12:05:34 2017
From: r3pek at r3pek.org (Carlos Silva)
Date: Tue, 31 Jan 2017 12:05:34 +0000
Subject: [Freeipa-users] Cannot create replica
In-Reply-To: <61a7ea07-9590-3770-64ef-cae55b9c9093@redhat.com>
References: <CA+No-6FvVPBCEEq7dvAmq_jgWK1e=pDjcVpyFs3h8QZrWTFVFw@mail.gmail.com>
	<61a7ea07-9590-3770-64ef-cae55b9c9093@redhat.com>
Message-ID: <CA+ZvHYF6iEfSsMpiTFF3sGkOkGGjRJyBWHd65iRfhoHWrQ6cZA@mail.gmail.com>

Been there myself.

Take a look at this bug report as it also have the solution to your
problem: https://fedorahosted.org/freeipa/ticket/6613

On Tue, Jan 31, 2017 at 9:21 AM, Rob Crittenden <rcritten at redhat.com> wrote:

> Jeff Goddard wrote:
>
>> My previous install of freeipa became corrupted so I'm starting fresh.
>> I've got a new Centos 7.2 server set up and installed ipa version s 4.4.
>> Now I'm trying to set up a replica on another newly created and patched
>> centos server. The ipa-client-install command completes without issue
>> but when I try ipa-replica-install --no-host-dns I get up to step 29
>> setting up the initial replication and it fails. Can someone point me to
>> the documentation I'm missing or explain what I can do to have success?
>> Below is the install error log:
>>
>
> I'd check the 389-ds logs on both sides to see if that sheds any light.
> Based on where it blew up the agreements should already have been setup,
> this was just going to force a sync.
>
> rob
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/74ffc009/attachment.htm>

From jgoddard at emerlyn.com  Tue Jan 31 14:33:40 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Tue, 31 Jan 2017 09:33:40 -0500
Subject: [Freeipa-users] Cannot create replica
In-Reply-To: <CA+ZvHYF6iEfSsMpiTFF3sGkOkGGjRJyBWHd65iRfhoHWrQ6cZA@mail.gmail.com>
References: <CA+No-6FvVPBCEEq7dvAmq_jgWK1e=pDjcVpyFs3h8QZrWTFVFw@mail.gmail.com>
	<61a7ea07-9590-3770-64ef-cae55b9c9093@redhat.com>
	<CA+ZvHYF6iEfSsMpiTFF3sGkOkGGjRJyBWHd65iRfhoHWrQ6cZA@mail.gmail.com>
Message-ID: <CA+No-6GM8tw71twhRfc0j431frL-y=AoeAWTYM68D4-=VD+XAQ@mail.gmail.com>

Yep,

That was it for me. Changing /var/lib/pki/pki-tomcat/conf/server.xml to
listen on 127.0.0.1 instead of ::1 did it.

Many thanks Carlos,

Jeff

On Tue, Jan 31, 2017 at 7:05 AM, Carlos Silva <r3pek at r3pek.org> wrote:

> Been there myself.
>
> Take a look at this bug report as it also have the solution to your
> problem: https://fedorahosted.org/freeipa/ticket/6613
>
> On Tue, Jan 31, 2017 at 9:21 AM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Jeff Goddard wrote:
>>
>>> My previous install of freeipa became corrupted so I'm starting fresh.
>>> I've got a new Centos 7.2 server set up and installed ipa version s 4.4.
>>> Now I'm trying to set up a replica on another newly created and patched
>>> centos server. The ipa-client-install command completes without issue
>>> but when I try ipa-replica-install --no-host-dns I get up to step 29
>>> setting up the initial replication and it fails. Can someone point me to
>>> the documentation I'm missing or explain what I can do to have success?
>>> Below is the install error log:
>>>
>>
>> I'd check the 389-ds logs on both sides to see if that sheds any light.
>> Based on where it blew up the agreements should already have been setup,
>> this was just going to force a sync.
>>
>> rob
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/d4e3529f/attachment.htm>

From harald.dunkel at aixigo.de  Tue Jan 31 14:37:45 2017
From: harald.dunkel at aixigo.de (Harald Dunkel)
Date: Tue, 31 Jan 2017 15:37:45 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <588EF50F.8090006@redhat.com>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
	<588A1BE3.7060501@redhat.com>
	<f9d43f4d-fb1d-1f73-efc2-b2e20fab678e@aixigo.de>
	<588EF50F.8090006@redhat.com>
Message-ID: <0a8a79a2-222f-4be0-5405-97a4dd065236@aixigo.de>

Hi Thierry,

On 01/30/17 09:10, thierry bordaz wrote:
> 
> I understand your concern and in fact it is difficult to anticipate a  potential bad impact of this cleanup. However,I think it is safe to get rid of the following entry.
> Before doing so you may check it exists
> 
> cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de that is managedBy the ipaservers_hostgoups.
> 
> dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
> mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
> objectClass: mepManagedEntry
> 
> 
> If you are willing to remove that entry you need to remove the mepmanagedEntry oc. So you need to remove the mepManagedBy and oc in the same operation
> 
> 
> Regarding the following entry
>  dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
> objectClass: mepOriginEntry
> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
> 
> You may want to check if it exists an entry it manages, looking for "(mepManagedBy=
> cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
> )". If it exists none, you should be able to remove it.
> 
> Also I think working on ipabak, you should be able to do some tests on the cleanup instance to validate everything is working fine.
> 

This looks like a pretty high risk, even if ipabak says everything
is fine.

The major problem was the failure on Debian Wheezy using the very old
sssd. This seems to be gone now by resolving the "easy" cases.

About the "hard" cases: AFAICS

ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de

doesn't list any hosts (the official entry does), and

cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de

points to the duplicate entry only. They are not referenced anywhere
else in the ldap database. So I would suggest to wait and see if
I run in any problem here. Would you agree to this, or do you expect
problems later?


I highly appreciate your help

Regards
Harri





> regards
> thierry
> 



From michael.van.de.borne at gmail.com  Tue Jan 31 15:01:16 2017
From: michael.van.de.borne at gmail.com (=?UTF-8?Q?Micha=c3=abl_Van_de_Borne?=)
Date: Tue, 31 Jan 2017 16:01:16 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization with
	FreeIPA
Message-ID: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>

Hello list,

Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured 
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.

For now, our solution is to copy the whole openLDAP user base to 
FreeIPA, and then use FreeIPA for the identification and authorization 
(all the keytab stuff).
But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
wondering something:
Would it be possible to configure SSSD to simultaneously target the 
openLDAP server to identify a user, and the FreeIPA server to get the 
tickets?
That way, we can avoid having to keep openLDAP and FreeIPA in sync...

_*OR*_

Is there an efficient way to keep openLDAP and FreeIPA in sync?

All ideas are welcome!!

Thank you guys,

Cheers,

m.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/1e6d5f4c/attachment.htm>

From michael.van.de.borne at gmail.com  Tue Jan 31 15:17:39 2017
From: michael.van.de.borne at gmail.com (=?UTF-8?Q?Micha=c3=abl_Van_de_Borne?=)
Date: Tue, 31 Jan 2017 16:17:39 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization with
	FreeIPA
In-Reply-To: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
Message-ID: <0db7fee1-1e2d-6e11-4f60-3f95dff5009e@gmail.com>

Hello list,

Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured 
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.

For now, our solution is to copy the whole openLDAP user base to 
FreeIPA, and then use FreeIPA for the identification and authorization 
(all the keytab stuff).
But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
wondering something:
Would it be possible to configure SSSD to simultaneously target the 
openLDAP server to identify a user, and the FreeIPA server to get the 
tickets?
That way, we can avoid having to keep openLDAP and FreeIPA in sync...

_*OR*_

Is there an efficient way to keep openLDAP and FreeIPA in sync?

All ideas are welcome!!

Thank you guys,

Cheers,

m.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/43f6b0f8/attachment.htm>

From abokovoy at redhat.com  Tue Jan 31 15:23:27 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 31 Jan 2017 17:23:27 +0200
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
Message-ID: <20170131152327.4edj2n6g66qriif5@redhat.com>

On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>Hello list,
>
>Here's my situation:
>I'm installing Hadoop for a customer, and the Hadoop cluster is 
>secured with Kerberos. I used FreeIPA as a KDC.
>The customer uses openLDAP as a directory server.
>
>For now, our solution is to copy the whole openLDAP user base to 
>FreeIPA, and then use FreeIPA for the identification and authorization 
>(all the keytab stuff).
you mean authentication, not authorization here.

>But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>wondering something:
>Would it be possible to configure SSSD to simultaneously target the 
>openLDAP server to identify a user, and the FreeIPA server to get the 
>tickets?
Here is the thing: yes, you can do that by configuring explicitly
identity and authentication providers in sssd.conf. Set identity
provider to ldap and authentication provider to krb5, add necessary
configuration parameters and that would work. No HBAC, no SUDO rules,
etc, but that's what you want, it seems.

Look at sssd-ldap and sssd-krb5 manual pages.

When you configure identity provider to IPA or AD in sssd.conf, you are
just setting defaults for all other providers to the defaults of IPA or
AD provider. If you use a different identity provider, you'd need to
define proper authentication.

>That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>
>_*OR*_
>
>Is there an efficient way to keep openLDAP and FreeIPA in sync?
>
>

>-- 
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project


-- 
/ Alexander Bokovoy



From michael.van.de.borne at gmail.com  Tue Jan 31 15:30:33 2017
From: michael.van.de.borne at gmail.com (=?UTF-8?Q?Micha=c3=abl_Van_de_Borne?=)
Date: Tue, 31 Jan 2017 16:30:33 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <20170131152327.4edj2n6g66qriif5@redhat.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
Message-ID: <204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>

mmmmh, ok, thank you.

But indeed, I would need HBAC and sudo rules in the future.
So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
Any clue on how to do this efficiently?


Thank you,

Cheers,

m.

Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>> Hello list,
>>
>> Here's my situation:
>> I'm installing Hadoop for a customer, and the Hadoop cluster is 
>> secured with Kerberos. I used FreeIPA as a KDC.
>> The customer uses openLDAP as a directory server.
>>
>> For now, our solution is to copy the whole openLDAP user base to 
>> FreeIPA, and then use FreeIPA for the identification and 
>> authorization (all the keytab stuff).
> you mean authentication, not authorization here.
>
>> But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>> wondering something:
>> Would it be possible to configure SSSD to simultaneously target the 
>> openLDAP server to identify a user, and the FreeIPA server to get the 
>> tickets?
> Here is the thing: yes, you can do that by configuring explicitly
> identity and authentication providers in sssd.conf. Set identity
> provider to ldap and authentication provider to krb5, add necessary
> configuration parameters and that would work. No HBAC, no SUDO rules,
> etc, but that's what you want, it seems.
>
> Look at sssd-ldap and sssd-krb5 manual pages.
>
> When you configure identity provider to IPA or AD in sssd.conf, you are
> just setting defaults for all other providers to the defaults of IPA or
> AD provider. If you use a different identity provider, you'd need to
> define proper authentication.
>
>> That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>
>> _*OR*_
>>
>> Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>
>>
>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/041250e3/attachment.htm>

From mbasti at redhat.com  Tue Jan 31 15:34:10 2017
From: mbasti at redhat.com (Martin Basti)
Date: Tue, 31 Jan 2017 16:34:10 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
Message-ID: <4393499d-18a7-e87f-619c-dd3879ebc78e@redhat.com>

Is there a possibility to migrate OpenLDAP  to IPA DS and use only one 
source of Identity data?

Martin^2


On 31.01.2017 16:30, Micha?l Van de Borne wrote:
> mmmmh, ok, thank you.
>
> But indeed, I would need HBAC and sudo rules in the future.
> So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
> Any clue on how to do this efficiently?
>
>
> Thank you,
>
> Cheers,
>
> m.
>
> Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
>> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>> Hello list,
>>>
>>> Here's my situation:
>>> I'm installing Hadoop for a customer, and the Hadoop cluster is 
>>> secured with Kerberos. I used FreeIPA as a KDC.
>>> The customer uses openLDAP as a directory server.
>>>
>>> For now, our solution is to copy the whole openLDAP user base to 
>>> FreeIPA, and then use FreeIPA for the identification and 
>>> authorization (all the keytab stuff).
>> you mean authentication, not authorization here.
>>
>>> But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>>> wondering something:
>>> Would it be possible to configure SSSD to simultaneously target the 
>>> openLDAP server to identify a user, and the FreeIPA server to get 
>>> the tickets?
>> Here is the thing: yes, you can do that by configuring explicitly
>> identity and authentication providers in sssd.conf. Set identity
>> provider to ldap and authentication provider to krb5, add necessary
>> configuration parameters and that would work. No HBAC, no SUDO rules,
>> etc, but that's what you want, it seems.
>>
>> Look at sssd-ldap and sssd-krb5 manual pages.
>>
>> When you configure identity provider to IPA or AD in sssd.conf, you are
>> just setting defaults for all other providers to the defaults of IPA or
>> AD provider. If you use a different identity provider, you'd need to
>> define proper authentication.
>>
>>> That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>>
>>> _*OR*_
>>>
>>> Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>>
>>>
>>
>>> -- 
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/e2de2450/attachment.htm>

From michael.van.de.borne at gmail.com  Tue Jan 31 15:41:41 2017
From: michael.van.de.borne at gmail.com (=?UTF-8?Q?Micha=c3=abl_Van_de_Borne?=)
Date: Tue, 31 Jan 2017 16:41:41 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <4393499d-18a7-e87f-619c-dd3879ebc78e@redhat.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
	<4393499d-18a7-e87f-619c-dd3879ebc78e@redhat.com>
Message-ID: <c6192ed2-c326-5ff9-52a4-219db974b643@gmail.com>

This would be the best option!

But customer won't allow this :( Since the openLDAP is also used by 
other apps.

So I need to sync them. Which means:
- adding the new users (not so difficult)
- removing old user (perhaps not too complicated)
- replicating changes like a password update (for this one, I'm 
completely clueless).

any idea?



-- 
*Micha?l Van de Borne*
Free Bird Computing SPRL - G?rant
104 rue d'Azebois, 6230 Thim?on
*Tel:* +32(0)472 695716
*Skype:* mikemowgli
*TVA:* BE0637.834.386
Linkedin profile 
<https://www.linkedin.com/in/micha%C3%ABl-van-de-borne-56409167>

Le 31-01-17 ? 16:34, Martin Basti a ?crit :
>
> Is there a possibility to migrate OpenLDAP  to IPA DS and use only one 
> source of Identity data?
>
> Martin^2
>
>
> On 31.01.2017 16:30, Micha?l Van de Borne wrote:
>> mmmmh, ok, thank you.
>>
>> But indeed, I would need HBAC and sudo rules in the future.
>> So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
>> Any clue on how to do this efficiently?
>>
>>
>> Thank you,
>>
>> Cheers,
>>
>> m.
>>
>> Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
>>> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>>> Hello list,
>>>>
>>>> Here's my situation:
>>>> I'm installing Hadoop for a customer, and the Hadoop cluster is 
>>>> secured with Kerberos. I used FreeIPA as a KDC.
>>>> The customer uses openLDAP as a directory server.
>>>>
>>>> For now, our solution is to copy the whole openLDAP user base to 
>>>> FreeIPA, and then use FreeIPA for the identification and 
>>>> authorization (all the keytab stuff).
>>> you mean authentication, not authorization here.
>>>
>>>> But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>>>> wondering something:
>>>> Would it be possible to configure SSSD to simultaneously target the 
>>>> openLDAP server to identify a user, and the FreeIPA server to get 
>>>> the tickets?
>>> Here is the thing: yes, you can do that by configuring explicitly
>>> identity and authentication providers in sssd.conf. Set identity
>>> provider to ldap and authentication provider to krb5, add necessary
>>> configuration parameters and that would work. No HBAC, no SUDO rules,
>>> etc, but that's what you want, it seems.
>>>
>>> Look at sssd-ldap and sssd-krb5 manual pages.
>>>
>>> When you configure identity provider to IPA or AD in sssd.conf, you are
>>> just setting defaults for all other providers to the defaults of IPA or
>>> AD provider. If you use a different identity provider, you'd need to
>>> define proper authentication.
>>>
>>>> That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>>>
>>>> _*OR*_
>>>>
>>>> Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>>>
>>>>
>>>
>>>> -- 
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>
>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/bffe4f95/attachment.htm>

From abokovoy at redhat.com  Tue Jan 31 15:42:35 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Tue, 31 Jan 2017 17:42:35 +0200
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
Message-ID: <20170131154235.5ktjbxqo3nskgaab@redhat.com>

On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>mmmmh, ok, thank you.
>
>But indeed, I would need HBAC and sudo rules in the future.
>So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
>Any clue on how to do this efficiently?
Well, we have 'ipa migrate-ds' functionality but this is not really
designed for continuous synchronisation. Neither is using a replication
mechanism as that was not designed to deal with inconsistent schema on
both sides (OpenLDAP schema is most likely not 1:1 to FreeIPA).

Doing a custom add/modify script looks like the only solution.

>
>
>Thank you,
>
>Cheers,
>
>m.
>
>Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
>>On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>>Hello list,
>>>
>>>Here's my situation:
>>>I'm installing Hadoop for a customer, and the Hadoop cluster is 
>>>secured with Kerberos. I used FreeIPA as a KDC.
>>>The customer uses openLDAP as a directory server.
>>>
>>>For now, our solution is to copy the whole openLDAP user base to 
>>>FreeIPA, and then use FreeIPA for the identification and 
>>>authorization (all the keytab stuff).
>>you mean authentication, not authorization here.
>>
>>>But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>>>wondering something:
>>>Would it be possible to configure SSSD to simultaneously target 
>>>the openLDAP server to identify a user, and the FreeIPA server to 
>>>get the tickets?
>>Here is the thing: yes, you can do that by configuring explicitly
>>identity and authentication providers in sssd.conf. Set identity
>>provider to ldap and authentication provider to krb5, add necessary
>>configuration parameters and that would work. No HBAC, no SUDO rules,
>>etc, but that's what you want, it seems.
>>
>>Look at sssd-ldap and sssd-krb5 manual pages.
>>
>>When you configure identity provider to IPA or AD in sssd.conf, you are
>>just setting defaults for all other providers to the defaults of IPA or
>>AD provider. If you use a different identity provider, you'd need to
>>define proper authentication.
>>
>>>That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>>
>>>_*OR*_
>>>
>>>Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>>
>>>
>>
>>>-- 
>>>Manage your subscription for the Freeipa-users mailing list:
>>>https://www.redhat.com/mailman/listinfo/freeipa-users
>>>Go to http://freeipa.org for more info on the project
>>
>>
>

-- 
/ Alexander Bokovoy



From michael.van.de.borne at gmail.com  Tue Jan 31 15:46:47 2017
From: michael.van.de.borne at gmail.com (=?UTF-8?Q?Micha=c3=abl_Van_de_Borne?=)
Date: Tue, 31 Jan 2017 16:46:47 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <20170131154235.5ktjbxqo3nskgaab@redhat.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
	<20170131154235.5ktjbxqo3nskgaab@redhat.com>
Message-ID: <528ce81a-96de-353f-e5a7-30e2079fd29d@gmail.com>

That was the feared, but somehow expected, answer.

Any entry point/documentation about how to start such a script?

cheers,

m.

-- 
*Micha?l Van de Borne*
Free Bird Computing SPRL - G?rant
104 rue d'Azebois, 6230 Thim?on
*Tel:* +32(0)472 695716
*Skype:* mikemowgli
*TVA:* BE0637.834.386
Linkedin profile 
<https://www.linkedin.com/in/micha%C3%ABl-van-de-borne-56409167>

Le 31-01-17 ? 16:42, Alexander Bokovoy a ?crit :
> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>> mmmmh, ok, thank you.
>>
>> But indeed, I would need HBAC and sudo rules in the future.
>> So I believe the only exit here is to keep openLDAP and FreeIPA in sync.
>> Any clue on how to do this efficiently?
> Well, we have 'ipa migrate-ds' functionality but this is not really
> designed for continuous synchronisation. Neither is using a replication
> mechanism as that was not designed to deal with inconsistent schema on
> both sides (OpenLDAP schema is most likely not 1:1 to FreeIPA).
>
> Doing a custom add/modify script looks like the only solution.
>
>>
>>
>> Thank you,
>>
>> Cheers,
>>
>> m.
>>
>> Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
>>> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>>> Hello list,
>>>>
>>>> Here's my situation:
>>>> I'm installing Hadoop for a customer, and the Hadoop cluster is 
>>>> secured with Kerberos. I used FreeIPA as a KDC.
>>>> The customer uses openLDAP as a directory server.
>>>>
>>>> For now, our solution is to copy the whole openLDAP user base to 
>>>> FreeIPA, and then use FreeIPA for the identification and 
>>>> authorization (all the keytab stuff).
>>> you mean authentication, not authorization here.
>>>
>>>> But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>>>> wondering something:
>>>> Would it be possible to configure SSSD to simultaneously target the 
>>>> openLDAP server to identify a user, and the FreeIPA server to get 
>>>> the tickets?
>>> Here is the thing: yes, you can do that by configuring explicitly
>>> identity and authentication providers in sssd.conf. Set identity
>>> provider to ldap and authentication provider to krb5, add necessary
>>> configuration parameters and that would work. No HBAC, no SUDO rules,
>>> etc, but that's what you want, it seems.
>>>
>>> Look at sssd-ldap and sssd-krb5 manual pages.
>>>
>>> When you configure identity provider to IPA or AD in sssd.conf, you are
>>> just setting defaults for all other providers to the defaults of IPA or
>>> AD provider. If you use a different identity provider, you'd need to
>>> define proper authentication.
>>>
>>>> That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>>>
>>>> _*OR*_
>>>>
>>>> Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>>>
>>>>
>>>
>>>> -- 
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/7a198c16/attachment.htm>

From tbordaz at redhat.com  Tue Jan 31 15:56:00 2017
From: tbordaz at redhat.com (thierry bordaz)
Date: Tue, 31 Jan 2017 16:56:00 +0100
Subject: [Freeipa-users] be_pam_handler_callback Backend returned: (3, 4,
 <NULL>) [Internal Error (System error)]
In-Reply-To: <0a8a79a2-222f-4be0-5405-97a4dd065236@aixigo.de>
References: <4ab30b17-10a1-c69c-a94e-9dffd5235127@aixigo.de>
	<20170117103812.GM11789@p.Speedport_W_724V_Typ_A_05011603_00_011>
	<3877497f-ff8d-90bd-8d42-28e0f785227b@aixigo.de>
	<587F882D.30804@redhat.com>
	<00b15c30-258d-5902-0d82-79ebe1456098@aixigo.de>
	<58820DE5.9070303@redhat.com>
	<667a3d8b-f278-7bff-745a-a0920ea88419@aixigo.de>
	<5885E1FE.3040009@redhat.com>
	<f92bde50-00ea-5cd9-376b-27b41f35cb7c@aixigo.de>
	<58863320.1040305@redhat.com>
	<46a5c6a0-b93c-0a71-f46c-73815d673bf9@aixigo.de>
	<5887413B.9030808@redhat.com>
	<32e0f585-ae91-33ed-e223-e8644af8e32a@aixigo.de>
	<58875E38.2010806@redhat.com>
	<36a38ba7-c440-eeb4-0aae-c5a1e6a7da9a@aixigo.de>
	<58878756.3010407@redhat.com>
	<a80d6390-6ef5-e106-5a9d-98f3c5dc7f2b@aixigo.de>
	<588A1BE3.7060501@redhat.com>
	<f9d43f4d-fb1d-1f73-efc2-b2e20fab678e@aixigo.de>
	<588EF50F.8090006@redhat.com>
	<0a8a79a2-222f-4be0-5405-97a4dd065236@aixigo.de>
Message-ID: <5890B390.9010503@redhat.com>



On 01/31/2017 03:37 PM, Harald Dunkel wrote:
> Hi Thierry,
>
> On 01/30/17 09:10, thierry bordaz wrote:
>> I understand your concern and in fact it is difficult to anticipate a  potential bad impact of this cleanup. However,I think it is safe to get rid of the following entry.
>> Before doing so you may check it exists
>>
>> cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de that is managedBy the ipaservers_hostgoups.
>>
>> dn: cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>> mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=example,dc=de
>> objectClass: mepManagedEntry
>>
>>
>> If you are willing to remove that entry you need to remove the mepmanagedEntry oc. So you need to remove the mepManagedBy and oc in the same operation
>>
>>
>> Regarding the following entry
>>   dn: cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
>> objectClass: mepOriginEntry
>> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=example,dc=de
>>
>> You may want to check if it exists an entry it manages, looking for "(mepManagedBy=
>> cn=ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
>> )". If it exists none, you should be able to remove it.
>>
>> Also I think working on ipabak, you should be able to do some tests on the cleanup instance to validate everything is working fine.
>>
> This looks like a pretty high risk, even if ipabak says everything
> is fine.
>
> The major problem was the failure on Debian Wheezy using the very old
> sssd. This seems to be gone now by resolving the "easy" cases.
>
> About the "hard" cases: AFAICS
>
> ipaservers+nsuniqueid=109be302-ccd911e6-a5b3d0c8-d8da17db,cn=hostgroups,cn=accounts,dc=example,dc=de
>
> doesn't list any hosts (the official entry does), and
>
> cn=ipaservers+nsuniqueid=109be304-ccd911e6-a5b3d0c8-d8da17db,cn=ng,cn=alt,dc=example,dc=de
>
> points to the duplicate entry only. They are not referenced anywhere
> else in the ldap database. So I would suggest to wait and see if
> I run in any problem here. Would you agree to this, or do you expect
> problems later?
Hello,

I fully agree. Wait for a problem to occur, if it occurs.
In case this entry would create a problem and you are afraid of deleting 
it, I think we may decide to hide it to the application (ipa).
You can do this by adding the 'objectclass: ldapsubentry'. It may be 
suffisant to workaround the problem, if the problem occurs.
With this option, you would keep the conflict entry and keep the 
possibility to "resurrect" it later.

>
> I highly appreciate your help
You are very welcome
thierry
>
> Regards
> Harri
>
>
>
>
>
>> regards
>> thierry
>>



From rmeggins at redhat.com  Tue Jan 31 16:29:54 2017
From: rmeggins at redhat.com (Rich Megginson)
Date: Tue, 31 Jan 2017 17:29:54 +0100
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <528ce81a-96de-353f-e5a7-30e2079fd29d@gmail.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
	<20170131154235.5ktjbxqo3nskgaab@redhat.com>
	<528ce81a-96de-353f-e5a7-30e2079fd29d@gmail.com>
Message-ID: <d095678d-9634-2165-cb5b-7dffb7d418a2@redhat.com>

On 01/31/2017 04:46 PM, Micha?l Van de Borne wrote:
> That was the feared, but somehow expected, answer.
>
> Any entry point/documentation about how to start such a script?

Do FreeIPA and OpenLDAP still support the syncrepl protocol?

>
> cheers,
>
> m.
>
> -- 
> *Micha?l Van de Borne*
> Free Bird Computing SPRL - G?rant
> 104 rue d'Azebois, 6230 Thim?on
> *Tel:* +32(0)472 695716
> *Skype:* mikemowgli
> *TVA:* BE0637.834.386
> Linkedin profile 
> <https://www.linkedin.com/in/micha%C3%ABl-van-de-borne-56409167>
>
> Le 31-01-17 ? 16:42, Alexander Bokovoy a ?crit :
>> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>> mmmmh, ok, thank you.
>>>
>>> But indeed, I would need HBAC and sudo rules in the future.
>>> So I believe the only exit here is to keep openLDAP and FreeIPA in 
>>> sync.
>>> Any clue on how to do this efficiently?
>> Well, we have 'ipa migrate-ds' functionality but this is not really
>> designed for continuous synchronisation. Neither is using a replication
>> mechanism as that was not designed to deal with inconsistent schema on
>> both sides (OpenLDAP schema is most likely not 1:1 to FreeIPA).
>>
>> Doing a custom add/modify script looks like the only solution.
>>
>>>
>>>
>>> Thank you,
>>>
>>> Cheers,
>>>
>>> m.
>>>
>>> Le 31-01-17 ? 16:23, Alexander Bokovoy a ?crit :
>>>> On ti, 31 tammi 2017, Micha?l Van de Borne wrote:
>>>>> Hello list,
>>>>>
>>>>> Here's my situation:
>>>>> I'm installing Hadoop for a customer, and the Hadoop cluster is 
>>>>> secured with Kerberos. I used FreeIPA as a KDC.
>>>>> The customer uses openLDAP as a directory server.
>>>>>
>>>>> For now, our solution is to copy the whole openLDAP user base to 
>>>>> FreeIPA, and then use FreeIPA for the identification and 
>>>>> authorization (all the keytab stuff).
>>>> you mean authentication, not authorization here.
>>>>
>>>>> But keeping openLDAP and FreeIPA in sync is a nightmare, and I was 
>>>>> wondering something:
>>>>> Would it be possible to configure SSSD to simultaneously target 
>>>>> the openLDAP server to identify a user, and the FreeIPA server to 
>>>>> get the tickets?
>>>> Here is the thing: yes, you can do that by configuring explicitly
>>>> identity and authentication providers in sssd.conf. Set identity
>>>> provider to ldap and authentication provider to krb5, add necessary
>>>> configuration parameters and that would work. No HBAC, no SUDO rules,
>>>> etc, but that's what you want, it seems.
>>>>
>>>> Look at sssd-ldap and sssd-krb5 manual pages.
>>>>
>>>> When you configure identity provider to IPA or AD in sssd.conf, you 
>>>> are
>>>> just setting defaults for all other providers to the defaults of 
>>>> IPA or
>>>> AD provider. If you use a different identity provider, you'd need to
>>>> define proper authentication.
>>>>
>>>>> That way, we can avoid having to keep openLDAP and FreeIPA in sync...
>>>>>
>>>>> _*OR*_
>>>>>
>>>>> Is there an efficient way to keep openLDAP and FreeIPA in sync?
>>>>>
>>>>>
>>>>
>>>>> -- 
>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>>
>>>
>>
>
>
>



From dsullivan2 at bsd.uchicago.edu  Tue Jan 31 20:05:18 2017
From: dsullivan2 at bsd.uchicago.edu (Sullivan, Daniel [CRI])
Date: Tue, 31 Jan 2017 20:05:18 +0000
Subject: [Freeipa-users] caching of lookups / performance problem
In-Reply-To: <4DA19EAC-6287-4EDA-BCE7-A5A22172BBCA@bsd.uchicago.edu>
References: <4DA19EAC-6287-4EDA-BCE7-A5A22172BBCA@bsd.uchicago.edu>
Message-ID: <A6E3EF64-0478-468C-8BBD-6E17743EE79B@bsd.uchicago.edu>

Hi,

I figured out what was going on with this issue.  Basically cache timeouts were causing a large number of uid numbers in an arbitrarily-timed directory listing to have expired cache records, which causes those records to be looked up again by the data provider (and thus blocking ?ls -l?).  To work around this issue now we currently setting the entry_cache_timeout to something arbitrarily high, i.e. 999999, I?m questioning whether or not this is the best approach.  I?d like to use something like refresh_expired_interval, although based on my testing it appears that this does not update records for a trusted AD domain.  I?ve also tried using enumeration, and that doesn?t seem to work either.

I suppose my question is this; is there a preferred method to keep cache records up-to-date for a trusted AD domain?  Right now I am thinking about cron-tabbing an ?ls -l? of /home and allowing entry_cache_nowait_percentage to fill this function, although that seems hacky to me.

Any advisement that could be provided would be greatly appreciated.

Best,

Dan Sullivan

> On Jan 30, 2017, at 10:52 AM, Sullivan, Daniel [CRI] <dsullivan2 at bsd.uchicago.edu> wrote:
> 
> Hi,
> 
> I have another question about sssd performance.  I?m having a difficult time doing a regularly performant ?ls -l? operation against /home, a mounted NFS share of all of our users home directories.  There are 667 entries in this folder, and all of them have IDs that are resolvable via freeipa/sssd.  We are using an AD trusted domain.
> 
> It is clear to me why an initial invocation of this lookup should take some time (populating the local ldb cache).   And it does.  Usually around 5-10 minutes, but sometimes longer.  After the initial lookups are complete, the output of ?ls -l' renders fine, and I can inspect the local filesystem cache using ldbsearch and see that it is populated.  The issue is that if I wait a while, or restart sssd, it appears that I have to go through all of these lookups again to render the directory listing.
> 
> I am trying to find an optimal configuration for sssd.conf that will allow a performant ?ls -l? listing of a directory with a large number of different id numbers assigned to filesystem objects to always return results immediately from the local cache (after an initial invocation of this command for any given directory).  I think basically what I want is to have the ldb cache always ?up-to-date?, or at least have sssd willing to immediately dump what it has without having to do a bunch of lookups while blocking the ?ls -l? thread.  If possible, whatever solution implemented should also survive a restart of the sssd process.  In short, aside from an initial invocation, I never want ?ls -l? to take more than a few seconds.
> 
> The issue described above is somewhat problematic because it appears to cause contention on the sssd process effectively allowing a user doing ls -l /home to inadvertently degrade system performance for another user.
> 
> So far I have tried:
> 
> 1)  Implementing 'enumeration = true' for the [domain] section .  This seems to have no impact.  It might be worthwhile to note that we are using an AD trusted domain.
> 2)  Using the refresh_expired_interval configuration for the [domain] section
> 
> I have read the following two documents in a decent level of detail:
> 
> https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/
> https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/
> 
> It almost seems to me like the answer to this would be to keep the LDB cache valid indefinitely (step 4 on https://jhrozek.wordpress.com/2015/03/11/anatomy-of-sssd-user-lookup/).
> 
> Presumably this is a problem that somebody has seen before.  Would somebody be able to advise on the best way to deal with this?  I appreciate your help.
> 
> Thank you,
> 
> Dan
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project




From jgoddard at emerlyn.com  Tue Jan 31 21:34:43 2017
From: jgoddard at emerlyn.com (Jeff Goddard)
Date: Tue, 31 Jan 2017 16:34:43 -0500
Subject: [Freeipa-users] Samba integration documentation question
Message-ID: <CA+No-6F2AZRsjU30t7rGf2gLnBC7UsH_fkZwKWVAXYmuyyQD2g@mail.gmail.com>

I'm taking the next step in getting our freeipa environment set back up.
This is a centos 7.2 freeipa 4.4 environment. I'm using this guide as a
reference for setting up samba:

http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP.


Our environment does not include any Active Directory servers - this is
more or less a stand-alone file server.

Neither Linux nor Windows clients are able to connect. The samba log errors
are:

Failed to modify entry: NT_STATUS_NOT_IMPLEMENTED

Can someone point me in the right direction?


Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170131/38f12364/attachment.htm>

From huston at astro.princeton.edu  Tue Jan 31 21:36:39 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Tue, 31 Jan 2017 16:36:39 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5Rsi4sLi8tJZY5Fjnv70=Mfu7Y55icLUP0am==YFMWoSg@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
	<2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
	<CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>
	<CANnpg5Rn+p4R3CULy-UGbR1TSpUQZdaA6HJOtQnCM=0cAKgm2g@mail.gmail.com>
	<CANnpg5Rsi4sLi8tJZY5Fjnv70=Mfu7Y55icLUP0am==YFMWoSg@mail.gmail.com>
Message-ID: <CANnpg5SqxgQHPD4r+tVpoo3BhxNhhF6iXgYMyC-Huh1Ot0jR-A@mail.gmail.com>

What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml?

    <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
address="::1" />

Doesn't work so well on a host without IPv6 turned on...

Jan 31 14:26:59 ipa server: PKIListener:
org.apache.catalina.core.StandardServer[before_init]
Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point
associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"]
Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family
unavailable

On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston
<huston at astro.princeton.edu> wrote:
> Stranger, I did an install on a different VM with the CentOS 7 minimal
> ISO, then installed ipa-server and enough things to get X11 and
> Firefox, ran ipa-server-install and it worked fine.  I tested with
> Firefox (and Safari) against my failing installation and it still
> fails.  So there's something else different that's causing it to
> break.  Will continue investigating, but if someone knows why the UI
> would break this way it would be helpful to know where to look!
>
> On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston
> <huston at astro.princeton.edu> wrote:
>> Just did it again with the same result.  Reinstalled the machine, then
>> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in
>> version 4.4.0-14.el7_3.4 and a bunch of other packages.  Next was the
>> ipa-server-install as I used before, only without --mkhomedir this
>> time.  After entering the passwords for directory administrator and
>> the admin user, I then logged in to the web interface, immediately
>> clicked "add" and added a user 'foobar'.  When I clicked "add and
>> edit" and was brought to the user information page, it looks like this
>> at the bottom:
>>
>> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0
>>
>> I then entered an employee number of '0001' just to give something to
>> save, and clicked save.  The screen now shows this (I've clicked the
>> drop-down on the manager field so the choices are visible):
>>
>> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0
>>
>> Holding shift and clicking reload, the page now looks like this (the
>> employee number field is also blank again):
>>
>> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0
>>
>> Since we do run a repackaged distribution here (Springdale Linux), I
>> just unpacked ipa-server-common from our repository with the above
>> version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm,
>> and 'diff' found zero differences between them.  Unlikely, but I
>> wanted to rule out a packaging error causing the problem.
>>
>> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston
>> <huston at astro.princeton.edu> wrote:
>>> No, that should be all of the major changes; the puppet module that
>>> installs things only puts the two plugin files in their respective
>>> places.  The client part of the IPA module makes changes to have the
>>> machine join the domain and whatnot, but those shouldn't affect the
>>> webui.
>>>
>>> I do modify the schema by adding some attribute types for Puppet,
>>> namely puppetClass, parentNode, environment, puppetVar, and the object
>>> class puppetClient.  That's basically right from one of the Puppet
>>> webpages and also worked in the past - and is one of the things the
>>> python plugin does, add the appropriate objectclass to host entries if
>>> puppetVar is added to a host entry.
>>>
>>> My steps to install:
>>> * ipa-server-install --realm=<realm> --domain=<domain> --mkhomedir
>>> --hostname=<hostname> --no-host-dns
>>> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W
>>>   < paste puppet schema changes>
>>>   < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a
>>> service account used by puppet for adding hosts to IPA >
>>> * login to web UI
>>> * * Change home directory base, default shell, default SELinux user
>>> * * Add SELinux user map for staff/sysadmin users
>>> * * Add "user adder" permission/privilege/role for users who will be
>>> able to create stageusers
>>>
>>> That's about as far as I got before I realized some of the plugin
>>> pieces weren't working, and then fixed the python plugin followed by
>>> working on the UI plugin and finding this problem.  I'll go wipe and
>>> reinstall the system again and walk through the steps, but test the UI
>>> first and in between to see if I can find which of the steps might be
>>> causing things to hiccup.
>>>
>>> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka <pvomacka at redhat.com> wrote:
>>>> Hello Steve,
>>>>
>>>> I tried to reproduce what you described on the very same version of
>>>> ipa-server and I was not successful. Actually I was not used your back-end
>>>> plugin. I tried it with no plugin and then with your UI plugin and both
>>>> worked correctly. Did you do any other changes somewhere in your
>>>> installation?
>>>>
>>>> I will try it again also with your Python plugin and we'll see.
>>>>
>>>>
>>>> On 01/24/2017 08:59 PM, Steve Huston wrote:
>>>>>
>>>>> And now I'm convinced this has nothing to do with my plugin and
>>>>> instead is a bug somewhere in FreeIPA.
>>>>>
>>>>> I removed the entirety of the "astrocustom" plugin that I wrote,
>>>>> restarted httpd, and force reloaded the page in chrome.  I clicked to
>>>>> add a new user, gave the basic information, and clicked "add and
>>>>> edit".  The bottom of the page shows the "Employee information" on the
>>>>> left side bottom, and the manager drop-down is empty.  I entered '1'
>>>>> in the "employee type" field and clicked save, and now "Employee
>>>>> Information" is on the right side directly under "Contact settings",
>>>>> and the manager drop-down is populated with the list of UIDs on the
>>>>> system.
>>>>>
>>>>> When the UI is in the failed state, the "email address" field is also
>>>>> blank, but when things switch to how they should be (after submitting
>>>>> a change) it is populated with the email address in the record.  I
>>>>> just tested by adding a telephone number to the record, and that also
>>>>> made the contact information and employee information facets refresh
>>>>> with the proper data.  Pressing shift-reload again makes all the
>>>>> information disappear (including the telephone number I just entered).
>>>>>
>>>>> This is with ipa-server-4.4.0-14.el7_3.4
>>>>>
>>>>>
>>>>> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
>>>>> <huston at astro.princeton.edu> wrote:
>>>>>>
>>>>>> Just tested again, and this is still baffling:
>>>>>>
>>>>>> * Create a stage user with the right data, works fine, can be edited.
>>>>>> * Enable that user, and now the two fields ('manager' and
>>>>>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>>>>>> the page without changing them to something else.
>>>>>> * Once that user is saved, the "Employee Information" facet moves to
>>>>>> the right side of the page, and now shows not only the current data in
>>>>>> the manager drop down but also the other choices (uids).  Change the
>>>>>> value of manager and employeetype back to what they were previously
>>>>>> and it saves.
>>>>>> * An ldapsearch run when the user is first created (as the directory
>>>>>> manager), and after having two edits (one to change the values to
>>>>>> something else to let the webui save them, and one to change them back
>>>>>> to what they should be and were the first time) produce completely
>>>>>> identical results.
>>>>>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>>>>>> those same steps.
>>>>>>
>>>>>> So something, somewhere, is being saved in a way that prevents the
>>>>>> webui from displaying them properly, that gets fixed when those values
>>>>>> are manually changed via the webui.
>>>>>>
>>>>>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>>>>>> <huston at astro.princeton.edu> wrote:
>>>>>>>
>>>>>>> Even more interesting...
>>>>>>>
>>>>>>> I tried to modify one of the records that was not displaying properly
>>>>>>> in the "active users" group, and sure enough the webui complained that
>>>>>>> the "Requested By" (relabeled "manager") field was not filled in since
>>>>>>> it was blank.  It also, however, complained that the "User tier"
>>>>>>> (relabeled "employeetype") was incorrect, even though it showed the
>>>>>>> label associated with the value 1.  I clicked the search drop-down for
>>>>>>> manager, typed in my own uid, and even though everything had been
>>>>>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>>>>>> and my uid was now in the manager field.  I then clicked the drop down
>>>>>>> for employeetype, and chose one of the other options.  I was now able
>>>>>>> to save the changes to the record.
>>>>>>>
>>>>>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>>>>>> on the right side bottom, instead of the left side bottom where it was
>>>>>>> appearing.  I was also now able to change the drop-down fields for
>>>>>>> manager and employeetype to another value, and save them, and they
>>>>>>> worked fine even filling in all the data that should have been there.
>>>>>>> This almost seemed like the data being returned by the server was
>>>>>>> flawed somehow, and confusing the webui, but once it was forced to
>>>>>>> have the right data and re-saved it worked fine subsequently.
>>>>>>>
>>>>>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>>>>>> before and after making such changes on a user, and can detect no
>>>>>>> difference between them.
>>>>>>>
>>>>>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>>>>>>
>>>>>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy
>>>>>>>>> <abokovoy at redhat.com>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and
>>>>>>>>>> client
>>>>>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The
>>>>>>>>>> client
>>>>>>>>>> code was also changed to always read metadata about API from the
>>>>>>>>>> server
>>>>>>>>>> side. This means the client can adopt to any server version that
>>>>>>>>>> supports API metadata.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Right, and I think that the most of the plugin I had belongs
>>>>>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>>>>>> I'm less concerned about that at the moment.
>>>>>>>>>
>>>>>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>>>>>> have client-side change that replaces an input string by a file
>>>>>>>>>> reference so that a file can supplied instead of typing the content
>>>>>>>>>> of
>>>>>>>>>> the file on the command line. This is one of most used patterns for
>>>>>>>>>> client side plugins.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>>>>>> By" to show what user requested and is responsible for this account)
>>>>>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>>>>>>
>>>>>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>>>>>> see your code to help, I'd guess.
>>>>>>>>
>>>>>>>> --
>>>>>>>> / Alexander Bokovoy
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Pavel^3 Vomacka
>>>>
>>>
>>>
>>>
>>> --
>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>
>>
>>
>> --
>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From huston at astro.princeton.edu  Tue Jan 31 22:00:42 2017
From: huston at astro.princeton.edu (Steve Huston)
Date: Tue, 31 Jan 2017 17:00:42 -0500
Subject: [Freeipa-users] Backend & UI plugin update for 4.4.x
In-Reply-To: <CANnpg5SqxgQHPD4r+tVpoo3BhxNhhF6iXgYMyC-Huh1Ot0jR-A@mail.gmail.com>
References: <CANnpg5TrGL8aoEpe_rKDuoBSEUVxMvFCcToQPpcKeqtyyJx9hQ@mail.gmail.com>
	<20170119161635.56vlybbhvnfn44tc@redhat.com>
	<CANnpg5Rw3w_5WVh7msEJM_z7DAydxY9ebKLR4Xn060DgWvw07w@mail.gmail.com>
	<20170119181440.x77gboawdyjep7pp@redhat.com>
	<CANnpg5TVMRAVazuXnS_tEk1NS-qscW099oEa9-6S_JTJhYaQ+A@mail.gmail.com>
	<CANnpg5QQq+i0my9getrFgnwo1g0io1cdEAkwbHwsn80XXWoTpQ@mail.gmail.com>
	<CANnpg5Sp0sYT=8s6mFUKLfWnAixeD5uZNBt3qyD_LcPxy0YJ+w@mail.gmail.com>
	<2e45b170-d467-7bd9-f9fe-efd4fcd4ded8@redhat.com>
	<CANnpg5QhEvr482YpBaRafB2PqFhu6raSt3A3Zf625eSuHLCvcw@mail.gmail.com>
	<CANnpg5Rn+p4R3CULy-UGbR1TSpUQZdaA6HJOtQnCM=0cAKgm2g@mail.gmail.com>
	<CANnpg5Rsi4sLi8tJZY5Fjnv70=Mfu7Y55icLUP0am==YFMWoSg@mail.gmail.com>
	<CANnpg5SqxgQHPD4r+tVpoo3BhxNhhF6iXgYMyC-Huh1Ot0jR-A@mail.gmail.com>
Message-ID: <CANnpg5Q50cKN0i55Ucdp9bSJyqOOkW8u0JaMd8nw-TFVu+w-4Q@mail.gmail.com>

Seems like this is to blame:  https://fedorahosted.org/freeipa/ticket/4291

The checkin says, "Installation in pure IPv6 environment failed
because pki-tomcat tried to use
IPv4 loopback. Configuring tomcat to use IPv6 loopback instead of IPv4
fixes this issue."  However it would seem that in a pure IPv4
environment, this is causing tomcat to fail to load.

On Tue, Jan 31, 2017 at 4:36 PM, Steve Huston
<huston at astro.princeton.edu> wrote:
> What defines the contents of /var/lib/pki/pki-tomcat/conf/server.xml?
>
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>
>     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> address="::1" />
>
> Doesn't work so well on a host without IPv6 turned on...
>
> Jan 31 14:26:59 ipa server: PKIListener:
> org.apache.catalina.core.StandardServer[before_init]
> Jan 31 14:27:00 ipa server: SEVERE: Failed to initialize end point
> associated with ProtocolHandler ["ajp-bio-0:0:0:0:0:0:0:1-8009"]
> Jan 31 14:27:00 ipa server: java.net.SocketException: Protocol family
> unavailable
>
> On Fri, Jan 27, 2017 at 4:23 PM, Steve Huston
> <huston at astro.princeton.edu> wrote:
>> Stranger, I did an install on a different VM with the CentOS 7 minimal
>> ISO, then installed ipa-server and enough things to get X11 and
>> Firefox, ran ipa-server-install and it worked fine.  I tested with
>> Firefox (and Safari) against my failing installation and it still
>> fails.  So there's something else different that's causing it to
>> break.  Will continue investigating, but if someone knows why the UI
>> would break this way it would be helpful to know where to look!
>>
>> On Thu, Jan 26, 2017 at 11:53 AM, Steve Huston
>> <huston at astro.princeton.edu> wrote:
>>> Just did it again with the same result.  Reinstalled the machine, then
>>> did a 'yum install ipa-server python2-ipaserver httpd' which pulled in
>>> version 4.4.0-14.el7_3.4 and a bunch of other packages.  Next was the
>>> ipa-server-install as I used before, only without --mkhomedir this
>>> time.  After entering the passwords for directory administrator and
>>> the admin user, I then logged in to the web interface, immediately
>>> clicked "add" and added a user 'foobar'.  When I clicked "add and
>>> edit" and was brought to the user information page, it looks like this
>>> at the bottom:
>>>
>>> https://www.dropbox.com/s/e67j8rdaq9wvkni/Screenshot%202017-01-26%2011.33.03.png?dl=0
>>>
>>> I then entered an employee number of '0001' just to give something to
>>> save, and clicked save.  The screen now shows this (I've clicked the
>>> drop-down on the manager field so the choices are visible):
>>>
>>> https://www.dropbox.com/s/oxmqwf2rsz15grd/Screenshot%202017-01-26%2011.33.58.png?dl=0
>>>
>>> Holding shift and clicking reload, the page now looks like this (the
>>> employee number field is also blank again):
>>>
>>> https://www.dropbox.com/s/f8ptycnetvsxjnb/Screenshot%202017-01-26%2011.35.03.png?dl=0
>>>
>>> Since we do run a repackaged distribution here (Springdale Linux), I
>>> just unpacked ipa-server-common from our repository with the above
>>> version, and http://mirror.centos.org/centos/7/updates/x86_64/Packages/ipa-server-common-4.4.0-14.el7.centos.4.noarch.rpm,
>>> and 'diff' found zero differences between them.  Unlikely, but I
>>> wanted to rule out a packaging error causing the problem.
>>>
>>> On Wed, Jan 25, 2017 at 4:12 PM, Steve Huston
>>> <huston at astro.princeton.edu> wrote:
>>>> No, that should be all of the major changes; the puppet module that
>>>> installs things only puts the two plugin files in their respective
>>>> places.  The client part of the IPA module makes changes to have the
>>>> machine join the domain and whatnot, but those shouldn't affect the
>>>> webui.
>>>>
>>>> I do modify the schema by adding some attribute types for Puppet,
>>>> namely puppetClass, parentNode, environment, puppetVar, and the object
>>>> class puppetClient.  That's basically right from one of the Puppet
>>>> webpages and also worked in the past - and is one of the things the
>>>> python plugin does, add the appropriate objectclass to host entries if
>>>> puppetVar is added to a host entry.
>>>>
>>>> My steps to install:
>>>> * ipa-server-install --realm=<realm> --domain=<domain> --mkhomedir
>>>> --hostname=<hostname> --no-host-dns
>>>> * ldapmodify -ZZ -h localhost -x -D 'cn=Directory Manager' -W
>>>>   < paste puppet schema changes>
>>>>   < paste DN entry for uid=hostadder,cn=sysaccounts,cn=etc... - a
>>>> service account used by puppet for adding hosts to IPA >
>>>> * login to web UI
>>>> * * Change home directory base, default shell, default SELinux user
>>>> * * Add SELinux user map for staff/sysadmin users
>>>> * * Add "user adder" permission/privilege/role for users who will be
>>>> able to create stageusers
>>>>
>>>> That's about as far as I got before I realized some of the plugin
>>>> pieces weren't working, and then fixed the python plugin followed by
>>>> working on the UI plugin and finding this problem.  I'll go wipe and
>>>> reinstall the system again and walk through the steps, but test the UI
>>>> first and in between to see if I can find which of the steps might be
>>>> causing things to hiccup.
>>>>
>>>> On Wed, Jan 25, 2017 at 1:42 PM, Pavel Vomacka <pvomacka at redhat.com> wrote:
>>>>> Hello Steve,
>>>>>
>>>>> I tried to reproduce what you described on the very same version of
>>>>> ipa-server and I was not successful. Actually I was not used your back-end
>>>>> plugin. I tried it with no plugin and then with your UI plugin and both
>>>>> worked correctly. Did you do any other changes somewhere in your
>>>>> installation?
>>>>>
>>>>> I will try it again also with your Python plugin and we'll see.
>>>>>
>>>>>
>>>>> On 01/24/2017 08:59 PM, Steve Huston wrote:
>>>>>>
>>>>>> And now I'm convinced this has nothing to do with my plugin and
>>>>>> instead is a bug somewhere in FreeIPA.
>>>>>>
>>>>>> I removed the entirety of the "astrocustom" plugin that I wrote,
>>>>>> restarted httpd, and force reloaded the page in chrome.  I clicked to
>>>>>> add a new user, gave the basic information, and clicked "add and
>>>>>> edit".  The bottom of the page shows the "Employee information" on the
>>>>>> left side bottom, and the manager drop-down is empty.  I entered '1'
>>>>>> in the "employee type" field and clicked save, and now "Employee
>>>>>> Information" is on the right side directly under "Contact settings",
>>>>>> and the manager drop-down is populated with the list of UIDs on the
>>>>>> system.
>>>>>>
>>>>>> When the UI is in the failed state, the "email address" field is also
>>>>>> blank, but when things switch to how they should be (after submitting
>>>>>> a change) it is populated with the email address in the record.  I
>>>>>> just tested by adding a telephone number to the record, and that also
>>>>>> made the contact information and employee information facets refresh
>>>>>> with the proper data.  Pressing shift-reload again makes all the
>>>>>> information disappear (including the telephone number I just entered).
>>>>>>
>>>>>> This is with ipa-server-4.4.0-14.el7_3.4
>>>>>>
>>>>>>
>>>>>> On Mon, Jan 23, 2017 at 1:55 PM, Steve Huston
>>>>>> <huston at astro.princeton.edu> wrote:
>>>>>>>
>>>>>>> Just tested again, and this is still baffling:
>>>>>>>
>>>>>>> * Create a stage user with the right data, works fine, can be edited.
>>>>>>> * Enable that user, and now the two fields ('manager' and
>>>>>>> 'employeeType') appear to have bogus data in the UI, and I cannot save
>>>>>>> the page without changing them to something else.
>>>>>>> * Once that user is saved, the "Employee Information" facet moves to
>>>>>>> the right side of the page, and now shows not only the current data in
>>>>>>> the manager drop down but also the other choices (uids).  Change the
>>>>>>> value of manager and employeetype back to what they were previously
>>>>>>> and it saves.
>>>>>>> * An ldapsearch run when the user is first created (as the directory
>>>>>>> manager), and after having two edits (one to change the values to
>>>>>>> something else to let the webui save them, and one to change them back
>>>>>>> to what they should be and were the first time) produce completely
>>>>>>> identical results.
>>>>>>> * The output of "ipa user-show <uid> --all --raw" is also identical at
>>>>>>> those same steps.
>>>>>>>
>>>>>>> So something, somewhere, is being saved in a way that prevents the
>>>>>>> webui from displaying them properly, that gets fixed when those values
>>>>>>> are manually changed via the webui.
>>>>>>>
>>>>>>> On Thu, Jan 19, 2017 at 2:44 PM, Steve Huston
>>>>>>> <huston at astro.princeton.edu> wrote:
>>>>>>>>
>>>>>>>> Even more interesting...
>>>>>>>>
>>>>>>>> I tried to modify one of the records that was not displaying properly
>>>>>>>> in the "active users" group, and sure enough the webui complained that
>>>>>>>> the "Requested By" (relabeled "manager") field was not filled in since
>>>>>>>> it was blank.  It also, however, complained that the "User tier"
>>>>>>>> (relabeled "employeetype") was incorrect, even though it showed the
>>>>>>>> label associated with the value 1.  I clicked the search drop-down for
>>>>>>>> manager, typed in my own uid, and even though everything had been
>>>>>>>> blank in the drop down before now my uid showed up.  I clicked on it,
>>>>>>>> and my uid was now in the manager field.  I then clicked the drop down
>>>>>>>> for employeetype, and chose one of the other options.  I was now able
>>>>>>>> to save the changes to the record.
>>>>>>>>
>>>>>>>> Upon reloading the page, the "Employee Information" facet now shoed up
>>>>>>>> on the right side bottom, instead of the left side bottom where it was
>>>>>>>> appearing.  I was also now able to change the drop-down fields for
>>>>>>>> manager and employeetype to another value, and save them, and they
>>>>>>>> worked fine even filling in all the data that should have been there.
>>>>>>>> This almost seemed like the data being returned by the server was
>>>>>>>> flawed somehow, and confusing the webui, but once it was forced to
>>>>>>>> have the right data and re-saved it worked fine subsequently.
>>>>>>>>
>>>>>>>> I looked at the output of "ipa user-show <uid> --all --raw" both
>>>>>>>> before and after making such changes on a user, and can detect no
>>>>>>>> difference between them.
>>>>>>>>
>>>>>>>> On Thu, Jan 19, 2017 at 1:14 PM, Alexander Bokovoy <abokovoy at redhat.com>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> On to, 19 tammi 2017, Steve Huston wrote:
>>>>>>>>>>
>>>>>>>>>> On Thu, Jan 19, 2017 at 11:16 AM, Alexander Bokovoy
>>>>>>>>>> <abokovoy at redhat.com>
>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> In short, FreeIPA 4.2 -> 4.4 change was by splitting server and
>>>>>>>>>>> client
>>>>>>>>>>> side plugins into different paths (ipaserver/plugins and
>>>>>>>>>>> ipaclient/plugins instead of being common in ipalib/plugins). The
>>>>>>>>>>> client
>>>>>>>>>>> code was also changed to always read metadata about API from the
>>>>>>>>>>> server
>>>>>>>>>>> side. This means the client can adopt to any server version that
>>>>>>>>>>> supports API metadata.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Right, and I think that the most of the plugin I had belongs
>>>>>>>>>> server-side; in fact, that's where I migrated it to, and things work
>>>>>>>>>> fine.  I haven't tested if I can change those values with the cli, but
>>>>>>>>>> I'm less concerned about that at the moment.
>>>>>>>>>>
>>>>>>>>>>> In my sample external plugin you referenced above you can see that I
>>>>>>>>>>> have client-side change that replaces an input string by a file
>>>>>>>>>>> reference so that a file can supplied instead of typing the content
>>>>>>>>>>> of
>>>>>>>>>>> the file on the command line. This is one of most used patterns for
>>>>>>>>>>> client side plugins.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> In this case, my biggest problem is with the web UI.  The 'manager'
>>>>>>>>>> drop down (which I have renamed through the UI plugins to "Requested
>>>>>>>>>> By" to show what user requested and is responsible for this account)
>>>>>>>>>> works fine in the 'add/modify stageuser' context, but not at all in
>>>>>>>>>> the adduser/moduser context, and I can't seem to find out why.
>>>>>>>>>
>>>>>>>>> I'll defer answer for this to our web UI wizards but they would need to
>>>>>>>>> see your code to help, I'd guess.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> / Alexander Bokovoy
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>>>>    Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>>>>      345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>>>>    Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>>>>      (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Pavel^3 Vomacka
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>>
>>>
>>>
>>> --
>>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>>
>>
>>
>> --
>> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
>
>
>
> --
> Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
>   Princeton University  |    ICBM Address: 40.346344   -74.652242
>     345 Lewis Library   |"On my ship, the Rocinante, wheeling through
>   Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
>     (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'



From abokovoy at redhat.com  Tue Jan 31 22:51:28 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 1 Feb 2017 00:51:28 +0200
Subject: [Freeipa-users] Samba integration documentation question
In-Reply-To: <CA+No-6F2AZRsjU30t7rGf2gLnBC7UsH_fkZwKWVAXYmuyyQD2g@mail.gmail.com>
References: <CA+No-6F2AZRsjU30t7rGf2gLnBC7UsH_fkZwKWVAXYmuyyQD2g@mail.gmail.com>
Message-ID: <20170131225127.qdgnz5zail5ypase@redhat.com>

On ti, 31 tammi 2017, Jeff Goddard wrote:
>I'm taking the next step in getting our freeipa environment set back up.
>This is a centos 7.2 freeipa 4.4 environment. I'm using this guide as a
>reference for setting up samba:
>
>http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP.
>
>
>Our environment does not include any Active Directory servers - this is
>more or less a stand-alone file server.
>
>Neither Linux nor Windows clients are able to connect. The samba log errors
>are:
>
>Failed to modify entry: NT_STATUS_NOT_IMPLEMENTED
>
>Can someone point me in the right direction?
Well, the first question would be to you to answer: what would you did?
If you would provide a bit more details on what exactly 'modify
entry' means in terms of exact log messages, your configuration, etc, it
would be easier to tell what happens.


-- 
/ Alexander Bokovoy



From abokovoy at redhat.com  Tue Jan 31 22:52:57 2017
From: abokovoy at redhat.com (Alexander Bokovoy)
Date: Wed, 1 Feb 2017 00:52:57 +0200
Subject: [Freeipa-users] Identification with openLDAP and authorization
 with FreeIPA
In-Reply-To: <d095678d-9634-2165-cb5b-7dffb7d418a2@redhat.com>
References: <9ecb2e8b-f0df-dbad-cf87-0c1cf2cd5a86@gmail.com>
	<20170131152327.4edj2n6g66qriif5@redhat.com>
	<204e9da7-ff30-9a36-e8d4-97c87c4069ea@gmail.com>
	<20170131154235.5ktjbxqo3nskgaab@redhat.com>
	<528ce81a-96de-353f-e5a7-30e2079fd29d@gmail.com>
	<d095678d-9634-2165-cb5b-7dffb7d418a2@redhat.com>
Message-ID: <20170131225257.ghk4inzly3jsi3my@redhat.com>

On ti, 31 tammi 2017, Rich Megginson wrote:
>On 01/31/2017 04:46 PM, Micha?l Van de Borne wrote:
>>That was the feared, but somehow expected, answer.
>>
>>Any entry point/documentation about how to start such a script?
>
>Do FreeIPA and OpenLDAP still support the syncrepl protocol?
a standard syncrepl provider/consumer pair expects to have the very same
LDAP schema on both sides. This is not the case with OpenLDAP and
FreeIPA.

-- 
/ Alexander Bokovoy