[Freeipa-users] LDAP replication conflicts, but no apparent data damage
Dan.Finkelstein at high5games.com
Dan.Finkelstein at high5games.com
Tue Jan 3 13:20:48 UTC 2017
I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have been cleaning up various dangling replicas and other cruft, but when I run the ipa consistency checker, it produces output that LDAP has conflicts. I then run:
ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local" "nsds5ReplConflict=*" \* nsds5ReplConflict
Which produces output as follows (which I don't know what to do with, yet):
# extended LDIF
#
# LDAPv3
# base <dc=test,dc=local> with scope subtree
# filter: nsds5ReplConflict=*
# requesting: * nsds5ReplConflict
#
# ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local
# ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
# domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local
# locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
dn: cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
# cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
dn: cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all";)
# custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
# dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia + 9865b2e2-c9a411e6-a9
37f721-75eb0f97, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local
# ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal
# System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local
# System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local
# System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local
# System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local
# System: Modify DNS Servers Configuration + 9865b2fe-c9a411e6-a937f721-75eb0f9
7, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=9865b2fe-c9a411e6-a
937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local
# System: Read DNS Servers Configuration + 9865b302-c9a411e6-a937f721-75eb0f97,
permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=9865b302-c9a411e6-a93
7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local
# System: Manage Host Principals + 9865b329-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local
# System: Add IPA Locations + 9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
7,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local
# System: Modify IPA Locations + 9865b343-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local
# System: Read IPA Locations + 9865b347-c9a411e6-a937f721-75eb0f97, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local
# System: Remove IPA Locations + 9865b34b-c9a411e6-a937f721-75eb0f97, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local
# System: Read Locations of IPA Servers + 9865b34f-c9a411e6-a937f721-75eb0f97,
permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=9865b34f-c9a411e6-a937
f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local
# System: Read Status of Services on IPA Servers + 9865b353-c9a411e6-a937f721-7
5eb0f97, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=9865b353-c9a4
11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local
# System: Manage Service Principals + 9865b357-c9a411e6-a937f721-75eb0f97, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=9865b357-c9a411e6-a937f721
-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local
# System: Manage User Principals + 9865b364-c9a411e6-a937f721-75eb0f97, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local
# servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
dn: cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
# ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas + 9865b2b1-c9a411e6-a937f721-7
5eb0f97, ca, test.local
dn: cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
# ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups, accounts, test.l
ocal
dn: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
,cn=accounts,dc=test,dc=local
memberOf: cn=Replication Administrators,cn=privileges,cn=pbac,dc=test,dc=local
memberOf: cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read PassSync Managers Configuration,cn=permissions,cn=pbac,dc=h5
c,dc=local
memberOf: cn=Modify PassSync Managers Configuration,cn=permissions,cn=pbac,dc=
test,dc=local
memberOf: cn=Read LDBM Database Configuration,cn=permissions,cn=pbac,dc=test,dc
=local
memberOf: cn=Add Configuration Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
cal
memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
memberOf: cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
l
memberOf: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
n=alt,dc=test,dc=local
member: fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
cal
mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
objectClass: top
objectClass: ipahostgroup
objectClass: ipaobject
objectClass: groupOfNames
objectClass: nestedGroup
objectClass: mepOriginEntry
description: IPA server hosts
cn: ipaservers
ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
5c,dc=local
# ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt, test.local
dn: cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
dc=test,dc=local
memberHost: cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
stgroups,cn=accounts,dc=test,dc=local
objectClass: ipanisnetgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: ipaAssociation
objectClass: top
nisDomainName: test.local
cn: ipaservers
description: ipaNetgroup ipaservers
mepManagedBy: cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
nsds5ReplConflict: namingConflict cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
# domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
a,cn=etc,dc=test,dc=local
nsds5ReplicaStripAttrs: modifiersName modifyTimestamp internalModifiersName in
ternalModifyTimestamp
ipaReplTopoConfRoot: dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE entryusn krblasts
uccessfulauth krblastfailedauth krbloginfailedcount
nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof idnssoaserial
entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
cn: domain
nsds5ReplConflict: namingConflict cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
c=local
# locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
dn: cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
dc=local
objectClass: nsContainer
objectClass: top
cn: locations
nsds5ReplConflict: namingConflict cn=locations,cn=etc,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Add IPA Locations";allow (add) groupdn = "ldap:///cn=System: Ad
d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "description")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Modify IPA Locations";allow (write)
groupdn = "ldap:///cn=System: Modify IPA Locations,cn=permissions,cn=pbac,dc
=test,dc=local";)
aci: (targetattr = "createtimestamp || description || entryusn || idnsname ||
modifytimestamp || objectclass")(targetfilter = "(objectclass=ipaLocationObje
ct)")(version 3.0;acl "permission:System: Read IPA Locations";allow (compare,
read,search) groupdn = "ldap:///cn=System: Read IPA Locations,cn=permissions,
cn=pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaLocationObject)")(version 3.0;acl "permi
ssion:System: Remove IPA Locations";allow (delete) groupdn = "ldap:///cn=Syst
em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
# cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
dn: cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
l
objectClass: nsContainer
objectClass: top
cn: cas
nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Add CA";allow (add) groupdn = "ldap:///cn=System: Add CA,cn=permissions,cn=
pbac,dc=test,dc=local";)
aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System
: Delete CA";allow (delete) groupdn = "ldap:///cn=System: Delete CA,cn=permis
sions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || description")(targetfilter = "(objectclass=ipaca)")(
version 3.0;acl "permission:System: Modify CA";allow (write) groupdn = "ldap:
///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
aci: (targetattr = "cn || createtimestamp || description || entryusn || ipacai
d || ipacaissuerdn || ipacasubjectdn || modifytimestamp || objectclass")(targ
etfilter = "(objectclass=ipaca)")(version 3.0;acl "permission:System: Read CA
s";allow (compare,read,search) userdn = "ldap:///all";)
# custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc, test.local
dn: cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
c=test,dc=local
objectClass: nsContainer
objectClass: top
cn: custodia
nsds5ReplConflict: namingConflict cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
# dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia + 6f47223b-c9a811e6-94
3e8d1c-0faa636d, ipa, etc, test.local
dn: cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
objectClass: nsContainer
objectClass: top
cn: dogtag
nsds5ReplConflict: namingConflict cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
c=local
# ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc, test.local
dn: cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
=etc,dc=test,dc=local
objectClass: top
objectClass: iparepltopoconf
cn: ca
ipaReplTopoConfRoot: o=ipaca
nsds5ReplConflict: namingConflict cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
cal
# System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d, permissions, pbac, test.
local
dn: cn=System: Add CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
sions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ca,cn=permissions,cn=pbac,dc=
test,dc=local
# System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Delete CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Delete CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: delete ca,cn=permissions,cn=pbac,
dc=test,dc=local
# System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h
5c.local
dn: cn=System: Modify CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
missions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify CA
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ca,cn=permissions,cn=pbac,
dc=test,dc=local
# System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d, permissions, pbac, h5
c.local
dn: cn=System: Read CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
issions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaca)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: all
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read CAs
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
ipaPermDefaultAttr: description
ipaPermDefaultAttr: ipacaissuerdn
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipacasubjectdn
ipaPermDefaultAttr: ipacaid
ipaPermDefaultAttr: cn
ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read cas,cn=permissions,cn=pbac,d
c=test,dc=local
# System: Modify DNS Servers Configuration + 6f472257-c9a811e6-943e8d1c-0faa636
d, permissions, pbac, test.local
dn: cn=System: Modify DNS Servers Configuration+nsuniqueid=6f472257-c9a811e6-9
43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnssoamname
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: idnsforwarders
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify dns servers configuration,
cn=permissions,cn=pbac,dc=test,dc=local
# System: Read DNS Servers Configuration + 6f47225b-c9a811e6-943e8d1c-0faa636d,
permissions, pbac, test.local
dn: cn=System: Read DNS Servers Configuration+nsuniqueid=6f47225b-c9a811e6-943
e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read DNS Servers Configuration
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: idnsforwardpolicy
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: idnsforwarders
ipaPermDefaultAttr: idnsserverid
ipaPermDefaultAttr: idnssubstitutionvariable
ipaPermDefaultAttr: idnssoamname
ipaPermLocation: dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read dns servers configuration,cn
=permissions,cn=pbac,dc=test,dc=local
# System: Manage Host Principals + 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage Host Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipahost)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Host Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage host principals,cn=permiss
ions,cn=pbac,dc=test,dc=local
# System: Add IPA Locations + 6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
pbac, test.local
dn: cn=System: Add IPA Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: add
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Add IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: add ipa locations,cn=permissions,
cn=pbac,dc=test,dc=local
# System: Modify IPA Locations + 6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Modify IPA Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Modify IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: description
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: modify ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local
# System: Read IPA Locations + 6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
, pbac, test.local
dn: cn=System: Read IPA Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
6d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: description
ipaPermDefaultAttr: idnsname
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read ipa locations,cn=permissions
,cn=pbac,dc=test,dc=local
# System: Remove IPA Locations + 6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
ns, pbac, test.local
dn: cn=System: Remove IPA Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaLocationObject)
ipaPermRight: delete
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Remove IPA Locations
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: remove ipa locations,cn=permissio
ns,cn=pbac,dc=test,dc=local
# System: Read Locations of IPA Servers + 6f4722a8-c9a811e6-943e8d1c-0faa636d,
permissions, pbac, test.local
dn: cn=System: Read Locations of IPA Servers+nsuniqueid=6f4722a8-c9a811e6-943e
8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Locations of IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaserviceweight
ipaPermDefaultAttr: ipalocation
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read locations of ipa servers,cn=
permissions,cn=pbac,dc=test,dc=local
# System: Read Status of Services on IPA Servers + 6f4722ac-c9a811e6-943e8d1c-0
faa636d, permissions, pbac, test.local
dn: cn=System: Read Status of Services on IPA Servers+nsuniqueid=6f4722ac-c9a8
11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaConfigObject)
ipaPermRight: read
ipaPermRight: compare
ipaPermRight: search
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Read Status of Services on IPA Servers
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: objectclass
ipaPermDefaultAttr: ipaconfigstring
ipaPermDefaultAttr: cn
ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: read status of services on ipa se
rvers,cn=permissions,cn=pbac,dc=test,dc=local
# System: Manage Service Principals + 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
issions, pbac, test.local
dn: cn=System: Manage Service Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=ipaservice)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage Service Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=Service Administrators,cn=privileges,cn=pbac,dc=test,dc=local
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage service principals,cn=perm
issions,cn=pbac,dc=test,dc=local
# System: Manage User Principals + 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
ions, pbac, test.local
dn: cn=System: Manage User Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
aa636d,cn=permissions,cn=pbac,dc=test,dc=local
ipaPermTargetFilter: (objectclass=posixaccount)
ipaPermRight: write
ipaPermBindRuleType: permission
ipaPermissionType: V2
ipaPermissionType: MANAGED
ipaPermissionType: SYSTEM
cn: System: Manage User Principals
objectClass: ipapermission
objectClass: top
objectClass: groupofnames
objectClass: ipapermissionv2
member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
member: cn=Modify Users and Reset passwords,cn=privileges,cn=pbac,dc=test,dc=lo
cal
ipaPermDefaultAttr: krbprincipalname
ipaPermDefaultAttr: krbcanonicalname
ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
nsds5ReplConflict: namingConflict cn=system: manage user principals,cn=permiss
ions,cn=pbac,dc=test,dc=local
# servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
dn: cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
=local
objectClass: nsContainer
objectClass: top
cn: servers
nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
# ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas + 6f47220a-c9a811e6-943e8d1c-0
faa636d, ca, test.local
dn: cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
description: IPA CA
ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
objectClass: top
objectClass: ipaca
ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
cn: ipa
nsds5ReplConflict: namingConflict cn=ipa,cn=cas,cn=ca,dc=test,dc=local
# search result
search: 2
result: 0 Success
# numResponses: 51
# numEntries: 50
[id:image001.jpg at 01D1C26F.0E28FA60]<http://www.high5games.com/>
Daniel Alex Finkelstein| Lead Dev Ops Engineer
Dan.Finkelstein at h5g.com<mailto:Dan.Finkelstein at h5g.com> | 212.604.3447
One World Trade Center, New York, NY 10007
www.high5games.com<http://www.high5games.com/>
Play High 5 Casino<https://apps.facebook.com/highfivecasino/> and Shake the Sky<https://apps.facebook.com/shakethesky/>
Follow us on: Facebook<http://www.facebook.com/high5games>, Twitter<https://twitter.com/High5Games>, YouTube<http://www.youtube.com/High5Games>, Linkedin<http://www.linkedin.com/company/1072533?trk=tyah>
This message and any attachments may contain confidential or privileged information and are only for the use of the intended recipient of this message. If you are not the intended recipient, please notify the sender by return email, and delete or destroy this and all copies of this message and all attachments. Any unauthorized disclosure, use, distribution, or reproduction of this message or any attachments is prohibited and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/61586234/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4334 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170103/61586234/attachment.jpg>
More information about the Freeipa-users
mailing list