[Freeipa-users] LDAP replication conflicts, but no apparent data damage
thierry bordaz
tbordaz at redhat.com
Wed Jan 4 16:02:40 UTC 2017
On 01/04/2017 03:57 PM, thierry bordaz wrote:
> Hello,
>
> I fail to reproduce the problem with retroCL. The error means that the
> changelog index was back in the past. I have no clue how it happened.
> Do you know if it happened at the same time of the attempts to rename
> conflict entries ?
>
> I reproduced failure to rename a conflict entry. This is a new bug.
> The problem comes from the access to rdn attribute 'nsuniqueid' that
> the server prevents to update.
> Curriously it looking there are two bugs, as the deleteoldrdn is not
> taken into consideration and access to the attribute is tested even if
> the deletion of the oldrdn is not requested.
> I will open a ticket for it.
Hummm ... typo in my tests. the deleteoldrdn is correctly handled and as
long as you do not attempt to delete the oldrdn, the rename of a
conflict entry will succeed.
>
>
> regards
> thierry
> On 01/03/2017 06:20 PM, Dan.Finkelstein at high5games.com wrote:
>>
>> Also, after attempting to rename one of the duplicated attributes, I
>> get this in the error logs:
>>
>> 03/Jan/2017:17:19:30.605440097 +0000] retrocl-plugin -
>> retrocl_postob: operation failure [68]
>>
>> [03/Jan/2017:17:19:32.056965127 +0000] DSRetroclPlugin - replog: an
>> error occured while adding change number 4799286, dn =
>> changenumber=4799286,cn=changelog: Already exists.
>>
>> [03/Jan/2017:17:19:32.058077520 +0000] retrocl-plugin -
>> retrocl_postob: operation failure [68]
>>
>> [03/Jan/2017:17:19:32.297145459 +0000] DSRetroclPlugin - replog: an
>> error occured while adding change number 4799286, dn =
>> changenumber=4799286,cn=changelog: Already exists.
>>
>> [03/Jan/2017:17:19:32.298205569 +0000] retrocl-plugin -
>> retrocl_postob: operation failure [68]
>>
>> id:image001.jpg at 01D1C26F.0E28FA60 <http://www.high5games.com/>
>>
>> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>>
>> One World Trade Center, New York, NY 10007
>>
>> www.high5games.com <http://www.high5games.com/>
>>
>> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and
>> Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
>> <https://twitter.com/High5Games>, YouTube
>> <http://www.youtube.com/High5Games>, Linkedin
>> <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>> //
>>
>> /This message and any attachments may contain confidential or
>> privileged information and are only for the use of the intended
>> recipient of this message. If you are not the intended recipient,
>> please notify the sender by return email, and delete or destroy this
>> and all copies of this message and all attachments. Any unauthorized
>> disclosure, use, distribution, or reproduction of this message or any
>> attachments is prohibited and may be unlawful./
>>
>> *From: *<freeipa-users-bounces at redhat.com> on behalf of Dan
>> Finkelstein <Dan.Finkelstein at high5games.com>
>> *Date: *Tuesday, January 3, 2017 at 11:08
>> *To: *"mbasti at redhat.com" <mbasti at redhat.com>,
>> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no
>> apparent data damage
>>
>> I've read through that page before, just last week, but I confess
>> it's gone over my head. Could you give me an example of how to fix
>> /one/ of the conflicts below? I think when I see how it's done, I can
>> do the rest.
>>
>> Thanks,
>>
>> Dan
>>
>> <http://www.high5games.com/>
>>
>> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ | 212.604.3447
>>
>> One World Trade Center, New York, NY 10007
>>
>> www.high5games.com <http://www.high5games.com/>
>>
>> Play High 5 Casino <https://apps.facebook.com/highfivecasino/> and
>> Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>> Follow us on: Facebook <http://www.facebook.com/high5games>, Twitter
>> <https://twitter.com/High5Games>, YouTube
>> <http://www.youtube.com/High5Games>, Linkedin
>> <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>> //
>>
>> /This message and any attachments may contain confidential or
>> privileged information and are only for the use of the intended
>> recipient of this message. If you are not the intended recipient,
>> please notify the sender by return email, and delete or destroy this
>> and all copies of this message and all attachments. Any unauthorized
>> disclosure, use, distribution, or reproduction of this message or any
>> attachments is prohibited and may be unlawful./
>>
>> *From: *Martin Basti <mbasti at redhat.com>
>> *Date: *Tuesday, January 3, 2017 at 09:07
>> *To: *Dan Finkelstein <Dan.Finkelstein at high5games.com>,
>> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>> *Subject: *Re: [Freeipa-users] LDAP replication conflicts, but no
>> apparent data damage
>>
>> Here is a directory server documentation about replication conflicts
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
>>
>> I hope it will help
>>
>> Martin
>>
>> On 03.01.2017 14:20,
>> <mailto:Dan.Finkelstein at high5games.com>Dan.Finkelstein at high5games.com
>> wrote:
>>
>> I'm using the most recent FreeIPA 4.4.0 on CentOS 7.3 and have
>> been cleaning up various dangling replicas and other cruft, but
>> when I run the ipa consistency checker, it produces output that
>> LDAP has conflicts. I then run:
>>
>> ldapsearch -D "cn=Directory Manager" -W -b "dc=h5c,dc=local"
>> "nsds5ReplConflict=*" \* nsds5ReplConflict
>>
>> Which produces output as follows (which I don't know what to do
>> with, yet):
>>
>> # extended LDIF
>>
>> #
>>
>> # LDAPv3
>>
>> # base <dc=test,dc=local> with scope subtree
>>
>> # filter: nsds5ReplConflict=*
>>
>> # requesting: * nsds5ReplConflict
>>
>> #
>>
>> # ipaservers + 9865b29e-c9a411e6-a937f721-75eb0f97, hostgroups,
>> accounts, test.l
>>
>> ocal
>>
>> dn:
>> cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=hostgroups
>>
>> ,cn=accounts,dc=test,dc=local
>>
>> memberOf: cn=Replication
>> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Add Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Modify Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Remove Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Read PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=h5
>>
>> c,dc=local
>>
>> memberOf: cn=Modify PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=
>>
>> test,dc=local
>>
>> memberOf: cn=Read LDBM Database
>> Configuration,cn=permissions,cn=pbac,dc=test,dc
>>
>> =local
>>
>> memberOf: cn=Add Configuration
>> Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Read Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>>
>> l
>>
>> memberOf:
>> cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,c
>>
>> n=alt,dc=test,dc=local
>>
>> member:
>> fqdn=ipa-replica-gib02.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>>
>> cal
>>
>> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: ipahostgroup
>>
>> objectClass: ipaobject
>>
>> objectClass: groupOfNames
>>
>> objectClass: nestedGroup
>>
>> objectClass: mepOriginEntry
>>
>> description: IPA server hosts
>>
>> cn: ipaservers
>>
>> ipaUniqueID: b13812a8-c9a4-11e6-8bb5-00505684b9a0
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>>
>> 5c,dc=local
>>
>> # ipaservers + 9865b2a0-c9a411e6-a937f721-75eb0f97, ng, alt,
>> test.local
>>
>> dn:
>> cn=ipaservers+nsuniqueid=9865b2a0-c9a411e6-a937f721-75eb0f97,cn=ng,cn=alt,
>>
>> dc=test,dc=local
>>
>> memberHost:
>> cn=ipaservers+nsuniqueid=9865b29e-c9a411e6-a937f721-75eb0f97,cn=ho
>>
>> stgroups,cn=accounts,dc=test,dc=local
>>
>> objectClass: ipanisnetgroup
>>
>> objectClass: ipaobject
>>
>> objectClass: mepManagedEntry
>>
>> objectClass: ipaAssociation
>>
>> objectClass: top
>>
>> nisDomainName: test.local
>>
>> cn: ipaservers
>>
>> description: ipaNetgroup ipaservers
>>
>> mepManagedBy:
>> cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>>
>> ipaUniqueID: b13f8506-c9a4-11e6-8bb5-00505684b9a0
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>> # domain + 9865b2a7-c9a411e6-a937f721-75eb0f97, topology, ipa,
>> etc, test.local
>>
>> dn:
>> cn=domain+nsuniqueid=9865b2a7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ip
>>
>> a,cn=etc,dc=test,dc=local
>>
>> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>> internalModifiersName in
>>
>> ternalModifyTimestamp
>>
>> ipaReplTopoConfRoot: dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: iparepltopoconf
>>
>> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>> entryusn krblasts
>>
>> uccessfulauth krblastfailedauth krbloginfailedcount
>>
>> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>> idnssoaserial
>>
>> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>>
>> cn: domain
>>
>> nsds5ReplConflict: namingConflict
>> cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>>
>> c=local
>>
>> # locations + 9865b2ab-c9a411e6-a937f721-75eb0f97, etc, test.local
>>
>> dn:
>> cn=locations+nsuniqueid=9865b2ab-c9a411e6-a937f721-75eb0f97,cn=etc,dc=test,
>>
>> dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: locations
>>
>> nsds5ReplConflict: namingConflict
>> cn=locations,cn=etc,dc=test,dc=local
>>
>> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>> 3.0;acl "permi
>>
>> ssion:System: Add IPA Locations";allow (add) groupdn =
>> "ldap:///cn=System: Ad
>>
>> d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "description")(targetfilter =
>> "(objectclass=ipaLocationObje
>>
>> ct)")(version 3.0;acl "permission:System: Modify IPA
>> Locations";allow (write)
>>
>> groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>> Locations,cn=permissions,cn=pbac,dc
>>
>> =test,dc=local";)
>>
>> aci: (targetattr = "createtimestamp || description || entryusn ||
>> idnsname ||
>>
>> modifytimestamp || objectclass")(targetfilter =
>> "(objectclass=ipaLocationObje
>>
>> ct)")(version 3.0;acl "permission:System: Read IPA
>> Locations";allow (compare,
>>
>> read,search) groupdn = "ldap:///cn=System <ldap://cn=System>:
>> Read IPA Locations,cn=permissions,
>>
>> cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>> 3.0;acl "permi
>>
>> ssion:System: Remove IPA Locations";allow (delete) groupdn =
>> "ldap:///cn=Syst
>>
>> em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> # cas + 9865b2b1-c9a411e6-a937f721-75eb0f97, ca, test.local
>>
>> dn:
>> cn=cas+nsuniqueid=9865b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=loca
>>
>> l
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: cas
>>
>> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>>
>> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System
>>
>> : Add CA";allow (add) groupdn = "ldap:///cn=System
>> <ldap://cn=System>: Add CA,cn=permissions,cn=
>>
>> pbac,dc=test,dc=local";)
>>
>> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System
>>
>> : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>> <ldap://cn=System>: Delete CA,cn=permis
>>
>> sions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "cn || description")(targetfilter =
>> "(objectclass=ipaca)")(
>>
>> version 3.0;acl "permission:System: Modify CA";allow (write)
>> groupdn = "ldap:
>>
>> ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "cn || createtimestamp || description ||
>> entryusn || ipacai
>>
>> d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>> objectclass")(targ
>>
>> etfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System: Read CA
>>
>> s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>>
>> # custodia + 9865b2e2-c9a411e6-a937f721-75eb0f97, ipa, etc,
>> test.local
>>
>> dn:
>> cn=custodia+nsuniqueid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,d
>>
>> c=test,dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: custodia
>>
>> nsds5ReplConflict: namingConflict
>> cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>>
>> # dogtag + 9865b2e4-c9a411e6-a937f721-75eb0f97, custodia +
>> 9865b2e2-c9a411e6-a9
>>
>> 37f721-75eb0f97, ipa, etc, test.local
>>
>> dn:
>> cn=dogtag+nsuniqueid=9865b2e4-c9a411e6-a937f721-75eb0f97,cn=custodia+nsuni
>>
>> queid=9865b2e2-c9a411e6-a937f721-75eb0f97,cn=ipa,cn=etc,dc=test,dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: dogtag
>>
>> nsds5ReplConflict: namingConflict
>> cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>>
>> c=local
>>
>> # ca + 9865b2e7-c9a411e6-a937f721-75eb0f97, topology, ipa, etc,
>> test.local
>>
>> dn:
>> cn=ca+nsuniqueid=9865b2e7-c9a411e6-a937f721-75eb0f97,cn=topology,cn=ipa,cn
>>
>> =etc,dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: iparepltopoconf
>>
>> cn: ca
>>
>> ipaReplTopoConfRoot: o=ipaca
>>
>> nsds5ReplConflict: namingConflict
>> cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>>
>> cal
>>
>> # System: Add CA + 9865b2ed-c9a411e6-a937f721-75eb0f97,
>> permissions, pbac, test.
>>
>> local
>>
>> dn: cn=System: Add
>> CA+nsuniqueid=9865b2ed-c9a411e6-a937f721-75eb0f97,cn=permis
>>
>> sions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: add
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Add CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: add
>> ca,cn=permissions,cn=pbac,dc=
>>
>> test,dc=local
>>
>> # System: Delete CA + 9865b2f1-c9a411e6-a937f721-75eb0f97,
>> permissions, pbac, h
>>
>> 5c.local
>>
>> dn: cn=System: Delete
>> CA+nsuniqueid=9865b2f1-c9a411e6-a937f721-75eb0f97,cn=per
>>
>> missions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: delete
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Delete CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: delete
>> ca,cn=permissions,cn=pbac,
>>
>> dc=test,dc=local
>>
>> # System: Modify CA + 9865b2f5-c9a411e6-a937f721-75eb0f97,
>> permissions, pbac, h
>>
>> 5c.local
>>
>> dn: cn=System: Modify
>> CA+nsuniqueid=9865b2f5-c9a411e6-a937f721-75eb0f97,cn=per
>>
>> missions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify
>> ca,cn=permissions,cn=pbac,
>>
>> dc=test,dc=local
>>
>> # System: Read CAs + 9865b2f9-c9a411e6-a937f721-75eb0f97,
>> permissions, pbac, h5
>>
>> c.local
>>
>> dn: cn=System: Read
>> CAs+nsuniqueid=9865b2f9-c9a411e6-a937f721-75eb0f97,cn=perm
>>
>> issions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: all
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read CAs
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: ipacaissuerdn
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipacasubjectdn
>>
>> ipaPermDefaultAttr: ipacaid
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read
>> cas,cn=permissions,cn=pbac,d
>>
>> c=test,dc=local
>>
>> # System: Modify DNS Servers Configuration +
>> 9865b2fe-c9a411e6-a937f721-75eb0f9
>>
>> 7, permissions, pbac, test.local
>>
>> dn: cn=System: Modify DNS Servers
>> Configuration+nsuniqueid=9865b2fe-c9a411e6-a
>>
>> 937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify DNS Servers Configuration
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: idnssoamname
>>
>> ipaPermDefaultAttr: idnssubstitutionvariable
>>
>> ipaPermDefaultAttr: idnsforwardpolicy
>>
>> ipaPermDefaultAttr: idnsforwarders
>>
>> ipaPermLocation: dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify dns servers
>> configuration,
>>
>> cn=permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Read DNS Servers Configuration +
>> 9865b302-c9a411e6-a937f721-75eb0f97,
>>
>> permissions, pbac, test.local
>>
>> dn: cn=System: Read DNS Servers
>> Configuration+nsuniqueid=9865b302-c9a411e6-a93
>>
>> 7f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read DNS Servers Configuration
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: idnsforwardpolicy
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: idnsforwarders
>>
>> ipaPermDefaultAttr: idnsserverid
>>
>> ipaPermDefaultAttr: idnssubstitutionvariable
>>
>> ipaPermDefaultAttr: idnssoamname
>>
>> ipaPermLocation: dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read dns servers
>> configuration,cn
>>
>> =permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage Host Principals +
>> 9865b329-c9a411e6-a937f721-75eb0f97, permiss
>>
>> ions, pbac, test.local
>>
>> dn: cn=System: Manage Host
>> Principals+nsuniqueid=9865b329-c9a411e6-a937f721-75
>>
>> eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipahost)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage Host Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage host
>> principals,cn=permiss
>>
>> ions,cn=pbac,dc=test,dc=local
>>
>> # System: Add IPA Locations +
>> 9865b33f-c9a411e6-a937f721-75eb0f97, permissions,
>>
>> pbac, test.local
>>
>> dn: cn=System: Add IPA
>> Locations+nsuniqueid=9865b33f-c9a411e6-a937f721-75eb0f9
>>
>> 7,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: add
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Add IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: add ipa
>> locations,cn=permissions,
>>
>> cn=pbac,dc=test,dc=local
>>
>> # System: Modify IPA Locations +
>> 9865b343-c9a411e6-a937f721-75eb0f97, permissio
>>
>> ns, pbac, test.local
>>
>> dn: cn=System: Modify IPA
>> Locations+nsuniqueid=9865b343-c9a411e6-a937f721-75eb
>>
>> 0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify ipa
>> locations,cn=permissio
>>
>> ns,cn=pbac,dc=test,dc=local
>>
>> # System: Read IPA Locations +
>> 9865b347-c9a411e6-a937f721-75eb0f97, permissions
>>
>> , pbac, test.local
>>
>> dn: cn=System: Read IPA
>> Locations+nsuniqueid=9865b347-c9a411e6-a937f721-75eb0f
>>
>> 97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: idnsname
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read ipa
>> locations,cn=permissions
>>
>> ,cn=pbac,dc=test,dc=local
>>
>> # System: Remove IPA Locations +
>> 9865b34b-c9a411e6-a937f721-75eb0f97, permissio
>>
>> ns, pbac, test.local
>>
>> dn: cn=System: Remove IPA
>> Locations+nsuniqueid=9865b34b-c9a411e6-a937f721-75eb
>>
>> 0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: delete
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Remove IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: remove ipa
>> locations,cn=permissio
>>
>> ns,cn=pbac,dc=test,dc=local
>>
>> # System: Read Locations of IPA Servers +
>> 9865b34f-c9a411e6-a937f721-75eb0f97,
>>
>> permissions, pbac, test.local
>>
>> dn: cn=System: Read Locations of IPA
>> Servers+nsuniqueid=9865b34f-c9a411e6-a937
>>
>> f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read Locations of IPA Servers
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipaserviceweight
>>
>> ipaPermDefaultAttr: ipalocation
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read locations of
>> ipa servers,cn=
>>
>> permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Read Status of Services on IPA Servers +
>> 9865b353-c9a411e6-a937f721-7
>>
>> 5eb0f97, permissions, pbac, test.local
>>
>> dn: cn=System: Read Status of Services on IPA
>> Servers+nsuniqueid=9865b353-c9a4
>>
>> 11e6-a937f721-75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read Status of Services on IPA Servers
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipaconfigstring
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read status of
>> services on ipa se
>>
>> rvers,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage Service Principals +
>> 9865b357-c9a411e6-a937f721-75eb0f97, perm
>>
>> issions, pbac, test.local
>>
>> dn: cn=System: Manage Service
>> Principals+nsuniqueid=9865b357-c9a411e6-a937f721
>>
>> -75eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaservice)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage Service Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=Service
>> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage service
>> principals,cn=perm
>>
>> issions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage User Principals +
>> 9865b364-c9a411e6-a937f721-75eb0f97, permiss
>>
>> ions, pbac, test.local
>>
>> dn: cn=System: Manage User
>> Principals+nsuniqueid=9865b364-c9a411e6-a937f721-75
>>
>> eb0f97,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=posixaccount)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage User Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=Modify Users and Reset
>> passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage user
>> principals,cn=permiss
>>
>> ions,cn=pbac,dc=test,dc=local
>>
>> # servers + 9865b37b-c9a411e6-a937f721-75eb0f97, dns, test.local
>>
>> dn:
>> cn=servers+nsuniqueid=9865b37b-c9a411e6-a937f721-75eb0f97,cn=dns,dc=test,dc
>>
>> =local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: servers
>>
>> nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>>
>> # ipa + cba8431e-c9a411e6-a937f721-75eb0f97, cas +
>> 9865b2b1-c9a411e6-a937f721-7
>>
>> 5eb0f97, ca, test.local
>>
>> dn:
>> cn=ipa+nsuniqueid=cba8431e-c9a411e6-a937f721-75eb0f97,cn=cas+nsuniqueid=98
>>
>> 65b2b1-c9a411e6-a937f721-75eb0f97,cn=ca,dc=test,dc=local
>>
>> description: IPA CA
>>
>> ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>> objectClass: top
>>
>> objectClass: ipaca
>>
>> ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>> ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>>
>> cn: ipa
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>>
>> # ipaservers + 6f4721f7-c9a811e6-943e8d1c-0faa636d, hostgroups,
>> accounts, test.l
>>
>> ocal
>>
>> dn:
>> cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=hostgroups
>>
>> ,cn=accounts,dc=test,dc=local
>>
>> memberOf: cn=Replication
>> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Add Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Modify Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Remove Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Modify DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Read PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=h5
>>
>> c,dc=local
>>
>> memberOf: cn=Modify PassSync Managers
>> Configuration,cn=permissions,cn=pbac,dc=
>>
>> test,dc=local
>>
>> memberOf: cn=Read LDBM Database
>> Configuration,cn=permissions,cn=pbac,dc=test,dc
>>
>> =local
>>
>> memberOf: cn=Add Configuration
>> Sub-Entries,cn=permissions,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> memberOf: cn=Read DNA Range,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> memberOf: cn=Read Replication
>> Agreements,cn=permissions,cn=pbac,dc=test,dc=loca
>>
>> l
>>
>> memberOf:
>> cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,c
>>
>> n=alt,dc=test,dc=local
>>
>> member:
>> fqdn=ipa-replica-gib01.test.local,cn=computers,cn=accounts,dc=test,dc=lo
>>
>> cal
>>
>> mepManagedEntry: cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: ipahostgroup
>>
>> objectClass: ipaobject
>>
>> objectClass: groupOfNames
>>
>> objectClass: nestedGroup
>>
>> objectClass: mepOriginEntry
>>
>> description: IPA server hosts
>>
>> cn: ipaservers
>>
>> ipaUniqueID: 863f47b6-c9a8-11e6-a9b0-00505684f6ff
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipaservers,cn=hostgroups,cn=accounts,dc=h
>>
>> 5c,dc=local
>>
>> # ipaservers + 6f4721f9-c9a811e6-943e8d1c-0faa636d, ng, alt,
>> test.local
>>
>> dn:
>> cn=ipaservers+nsuniqueid=6f4721f9-c9a811e6-943e8d1c-0faa636d,cn=ng,cn=alt,
>>
>> dc=test,dc=local
>>
>> memberHost:
>> cn=ipaservers+nsuniqueid=6f4721f7-c9a811e6-943e8d1c-0faa636d,cn=ho
>>
>> stgroups,cn=accounts,dc=test,dc=local
>>
>> objectClass: ipanisnetgroup
>>
>> objectClass: ipaobject
>>
>> objectClass: mepManagedEntry
>>
>> objectClass: ipaAssociation
>>
>> objectClass: top
>>
>> nisDomainName: test.local
>>
>> cn: ipaservers
>>
>> description: ipaNetgroup ipaservers
>>
>> mepManagedBy:
>> cn=ipaservers,cn=hostgroups,cn=accounts,dc=test,dc=local
>>
>> ipaUniqueID: 864e605c-c9a8-11e6-a9b0-00505684f6ff
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipaservers,cn=ng,cn=alt,dc=test,dc=local
>>
>> # domain + 6f472200-c9a811e6-943e8d1c-0faa636d, topology, ipa,
>> etc, test.local
>>
>> dn:
>> cn=domain+nsuniqueid=6f472200-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ip
>>
>> a,cn=etc,dc=test,dc=local
>>
>> nsds5ReplicaStripAttrs: modifiersName modifyTimestamp
>> internalModifiersName in
>>
>> ternalModifyTimestamp
>>
>> ipaReplTopoConfRoot: dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: iparepltopoconf
>>
>> nsDS5ReplicatedAttributeListTotal: (objectclass=*) $ EXCLUDE
>> entryusn krblasts
>>
>> uccessfulauth krblastfailedauth krbloginfailedcount
>>
>> nsDS5ReplicatedAttributeList: (objectclass=*) $ EXCLUDE memberof
>> idnssoaserial
>>
>> entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
>>
>> cn: domain
>>
>> nsds5ReplConflict: namingConflict
>> cn=domain,cn=topology,cn=ipa,cn=etc,dc=test,d
>>
>> c=local
>>
>> # locations + 6f472204-c9a811e6-943e8d1c-0faa636d, etc, test.local
>>
>> dn:
>> cn=locations+nsuniqueid=6f472204-c9a811e6-943e8d1c-0faa636d,cn=etc,dc=test,
>>
>> dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: locations
>>
>> nsds5ReplConflict: namingConflict
>> cn=locations,cn=etc,dc=test,dc=local
>>
>> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>> 3.0;acl "permi
>>
>> ssion:System: Add IPA Locations";allow (add) groupdn =
>> "ldap:///cn=System: Ad
>>
>> d IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "description")(targetfilter =
>> "(objectclass=ipaLocationObje
>>
>> ct)")(version 3.0;acl "permission:System: Modify IPA
>> Locations";allow (write)
>>
>> groupdn = "ldap:///cn=System <ldap://cn=System>: Modify IPA
>> Locations,cn=permissions,cn=pbac,dc
>>
>> =test,dc=local";)
>>
>> aci: (targetattr = "createtimestamp || description || entryusn ||
>> idnsname ||
>>
>> modifytimestamp || objectclass")(targetfilter =
>> "(objectclass=ipaLocationObje
>>
>> ct)")(version 3.0;acl "permission:System: Read IPA
>> Locations";allow (compare,
>>
>> read,search) groupdn = "ldap:///cn=System <ldap://cn=System>:
>> Read IPA Locations,cn=permissions,
>>
>> cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetfilter = "(objectclass=ipaLocationObject)")(version
>> 3.0;acl "permi
>>
>> ssion:System: Remove IPA Locations";allow (delete) groupdn =
>> "ldap:///cn=Syst
>>
>> em: Remove IPA Locations,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> # cas + 6f47220a-c9a811e6-943e8d1c-0faa636d, ca, test.local
>>
>> dn:
>> cn=cas+nsuniqueid=6f47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=loca
>>
>> l
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: cas
>>
>> nsds5ReplConflict: namingConflict cn=cas,cn=ca,dc=test,dc=local
>>
>> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System
>>
>> : Add CA";allow (add) groupdn = "ldap:///cn=System
>> <ldap://cn=System>: Add CA,cn=permissions,cn=
>>
>> pbac,dc=test,dc=local";)
>>
>> aci: (targetfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System
>>
>> : Delete CA";allow (delete) groupdn = "ldap:///cn=System
>> <ldap://cn=System>: Delete CA,cn=permis
>>
>> sions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "cn || description")(targetfilter =
>> "(objectclass=ipaca)")(
>>
>> version 3.0;acl "permission:System: Modify CA";allow (write)
>> groupdn = "ldap:
>>
>> ///cn=System: Modify CA,cn=permissions,cn=pbac,dc=test,dc=local";)
>>
>> aci: (targetattr = "cn || createtimestamp || description ||
>> entryusn || ipacai
>>
>> d || ipacaissuerdn || ipacasubjectdn || modifytimestamp ||
>> objectclass")(targ
>>
>> etfilter = "(objectclass=ipaca)")(version 3.0;acl
>> "permission:System: Read CA
>>
>> s";allow (compare,read,search) userdn = "ldap:///all" <ldap://all>;)
>>
>> # custodia + 6f47223b-c9a811e6-943e8d1c-0faa636d, ipa, etc,
>> test.local
>>
>> dn:
>> cn=custodia+nsuniqueid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,d
>>
>> c=test,dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: custodia
>>
>> nsds5ReplConflict: namingConflict
>> cn=custodia,cn=ipa,cn=etc,dc=test,dc=local
>>
>> # dogtag + 6f47223d-c9a811e6-943e8d1c-0faa636d, custodia +
>> 6f47223b-c9a811e6-94
>>
>> 3e8d1c-0faa636d, ipa, etc, test.local
>>
>> dn:
>> cn=dogtag+nsuniqueid=6f47223d-c9a811e6-943e8d1c-0faa636d,cn=custodia+nsuni
>>
>> queid=6f47223b-c9a811e6-943e8d1c-0faa636d,cn=ipa,cn=etc,dc=test,dc=local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: dogtag
>>
>> nsds5ReplConflict: namingConflict
>> cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=test,d
>>
>> c=local
>>
>> # ca + 6f472240-c9a811e6-943e8d1c-0faa636d, topology, ipa, etc,
>> test.local
>>
>> dn:
>> cn=ca+nsuniqueid=6f472240-c9a811e6-943e8d1c-0faa636d,cn=topology,cn=ipa,cn
>>
>> =etc,dc=test,dc=local
>>
>> objectClass: top
>>
>> objectClass: iparepltopoconf
>>
>> cn: ca
>>
>> ipaReplTopoConfRoot: o=ipaca
>>
>> nsds5ReplConflict: namingConflict
>> cn=ca,cn=topology,cn=ipa,cn=etc,dc=test,dc=lo
>>
>> cal
>>
>> # System: Add CA + 6f472246-c9a811e6-943e8d1c-0faa636d,
>> permissions, pbac, test.
>>
>> local
>>
>> dn: cn=System: Add
>> CA+nsuniqueid=6f472246-c9a811e6-943e8d1c-0faa636d,cn=permis
>>
>> sions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: add
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Add CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: add
>> ca,cn=permissions,cn=pbac,dc=
>>
>> test,dc=local
>>
>> # System: Delete CA + 6f47224a-c9a811e6-943e8d1c-0faa636d,
>> permissions, pbac, h
>>
>> 5c.local
>>
>> dn: cn=System: Delete
>> CA+nsuniqueid=6f47224a-c9a811e6-943e8d1c-0faa636d,cn=per
>>
>> missions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: delete
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Delete CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: delete
>> ca,cn=permissions,cn=pbac,
>>
>> dc=test,dc=local
>>
>> # System: Modify CA + 6f47224e-c9a811e6-943e8d1c-0faa636d,
>> permissions, pbac, h
>>
>> 5c.local
>>
>> dn: cn=System: Modify
>> CA+nsuniqueid=6f47224e-c9a811e6-943e8d1c-0faa636d,cn=per
>>
>> missions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify CA
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=CA Administrator,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify
>> ca,cn=permissions,cn=pbac,
>>
>> dc=test,dc=local
>>
>> # System: Read CAs + 6f472252-c9a811e6-943e8d1c-0faa636d,
>> permissions, pbac, h5
>>
>> c.local
>>
>> dn: cn=System: Read
>> CAs+nsuniqueid=6f472252-c9a811e6-943e8d1c-0faa636d,cn=perm
>>
>> issions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaca)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: all
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read CAs
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: ipacaissuerdn
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipacasubjectdn
>>
>> ipaPermDefaultAttr: ipacaid
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=cas,cn=ca,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read
>> cas,cn=permissions,cn=pbac,d
>>
>> c=test,dc=local
>>
>> # System: Modify DNS Servers Configuration +
>> 6f472257-c9a811e6-943e8d1c-0faa636
>>
>> d, permissions, pbac, test.local
>>
>> dn: cn=System: Modify DNS Servers
>> Configuration+nsuniqueid=6f472257-c9a811e6-9
>>
>> 43e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify DNS Servers Configuration
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: idnssoamname
>>
>> ipaPermDefaultAttr: idnssubstitutionvariable
>>
>> ipaPermDefaultAttr: idnsforwardpolicy
>>
>> ipaPermDefaultAttr: idnsforwarders
>>
>> ipaPermLocation: dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify dns servers
>> configuration,
>>
>> cn=permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Read DNS Servers Configuration +
>> 6f47225b-c9a811e6-943e8d1c-0faa636d,
>>
>> permissions, pbac, test.local
>>
>> dn: cn=System: Read DNS Servers
>> Configuration+nsuniqueid=6f47225b-c9a811e6-943
>>
>> e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=idnsServerConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read DNS Servers Configuration
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Servers,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: idnsforwardpolicy
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: idnsforwarders
>>
>> ipaPermDefaultAttr: idnsserverid
>>
>> ipaPermDefaultAttr: idnssubstitutionvariable
>>
>> ipaPermDefaultAttr: idnssoamname
>>
>> ipaPermLocation: dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read dns servers
>> configuration,cn
>>
>> =permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage Host Principals +
>> 6f472282-c9a811e6-943e8d1c-0faa636d, permiss
>>
>> ions, pbac, test.local
>>
>> dn: cn=System: Manage Host
>> Principals+nsuniqueid=6f472282-c9a811e6-943e8d1c-0f
>>
>> aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipahost)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage Host Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=Host Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=Host Enrollment,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=computers,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage host
>> principals,cn=permiss
>>
>> ions,cn=pbac,dc=test,dc=local
>>
>> # System: Add IPA Locations +
>> 6f472298-c9a811e6-943e8d1c-0faa636d, permissions,
>>
>> pbac, test.local
>>
>> dn: cn=System: Add IPA
>> Locations+nsuniqueid=6f472298-c9a811e6-943e8d1c-0faa636
>>
>> d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: add
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Add IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: add ipa
>> locations,cn=permissions,
>>
>> cn=pbac,dc=test,dc=local
>>
>> # System: Modify IPA Locations +
>> 6f47229c-c9a811e6-943e8d1c-0faa636d, permissio
>>
>> ns, pbac, test.local
>>
>> dn: cn=System: Modify IPA
>> Locations+nsuniqueid=6f47229c-c9a811e6-943e8d1c-0faa
>>
>> 636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Modify IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: modify ipa
>> locations,cn=permissio
>>
>> ns,cn=pbac,dc=test,dc=local
>>
>> # System: Read IPA Locations +
>> 6f4722a0-c9a811e6-943e8d1c-0faa636d, permissions
>>
>> , pbac, test.local
>>
>> dn: cn=System: Read IPA
>> Locations+nsuniqueid=6f4722a0-c9a811e6-943e8d1c-0faa63
>>
>> 6d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: description
>>
>> ipaPermDefaultAttr: idnsname
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read ipa
>> locations,cn=permissions
>>
>> ,cn=pbac,dc=test,dc=local
>>
>> # System: Remove IPA Locations +
>> 6f4722a4-c9a811e6-943e8d1c-0faa636d, permissio
>>
>> ns, pbac, test.local
>>
>> dn: cn=System: Remove IPA
>> Locations+nsuniqueid=6f4722a4-c9a811e6-943e8d1c-0faa
>>
>> 636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaLocationObject)
>>
>> ipaPermRight: delete
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Remove IPA Locations
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermLocation: cn=locations,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: remove ipa
>> locations,cn=permissio
>>
>> ns,cn=pbac,dc=test,dc=local
>>
>> # System: Read Locations of IPA Servers +
>> 6f4722a8-c9a811e6-943e8d1c-0faa636d,
>>
>> permissions, pbac, test.local
>>
>> dn: cn=System: Read Locations of IPA
>> Servers+nsuniqueid=6f4722a8-c9a811e6-943e
>>
>> 8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read Locations of IPA Servers
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipaserviceweight
>>
>> ipaPermDefaultAttr: ipalocation
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read locations of
>> ipa servers,cn=
>>
>> permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Read Status of Services on IPA Servers +
>> 6f4722ac-c9a811e6-943e8d1c-0
>>
>> faa636d, permissions, pbac, test.local
>>
>> dn: cn=System: Read Status of Services on IPA
>> Servers+nsuniqueid=6f4722ac-c9a8
>>
>> 11e6-943e8d1c-0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaConfigObject)
>>
>> ipaPermRight: read
>>
>> ipaPermRight: compare
>>
>> ipaPermRight: search
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Read Status of Services on IPA Servers
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=DNS Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: objectclass
>>
>> ipaPermDefaultAttr: ipaconfigstring
>>
>> ipaPermDefaultAttr: cn
>>
>> ipaPermLocation: cn=masters,cn=ipa,cn=etc,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: read status of
>> services on ipa se
>>
>> rvers,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage Service Principals +
>> 6f4722b0-c9a811e6-943e8d1c-0faa636d, perm
>>
>> issions, pbac, test.local
>>
>> dn: cn=System: Manage Service
>> Principals+nsuniqueid=6f4722b0-c9a811e6-943e8d1c
>>
>> -0faa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=ipaservice)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage Service Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=Service
>> Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=services,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage service
>> principals,cn=perm
>>
>> issions,cn=pbac,dc=test,dc=local
>>
>> # System: Manage User Principals +
>> 6f4722bd-c9a811e6-943e8d1c-0faa636d, permiss
>>
>> ions, pbac, test.local
>>
>> dn: cn=System: Manage User
>> Principals+nsuniqueid=6f4722bd-c9a811e6-943e8d1c-0f
>>
>> aa636d,cn=permissions,cn=pbac,dc=test,dc=local
>>
>> ipaPermTargetFilter: (objectclass=posixaccount)
>>
>> ipaPermRight: write
>>
>> ipaPermBindRuleType: permission
>>
>> ipaPermissionType: V2
>>
>> ipaPermissionType: MANAGED
>>
>> ipaPermissionType: SYSTEM
>>
>> cn: System: Manage User Principals
>>
>> objectClass: ipapermission
>>
>> objectClass: top
>>
>> objectClass: groupofnames
>>
>> objectClass: ipapermissionv2
>>
>> member: cn=User Administrators,cn=privileges,cn=pbac,dc=test,dc=local
>>
>> member: cn=Modify Users and Reset
>> passwords,cn=privileges,cn=pbac,dc=test,dc=lo
>>
>> cal
>>
>> ipaPermDefaultAttr: krbprincipalname
>>
>> ipaPermDefaultAttr: krbcanonicalname
>>
>> ipaPermLocation: cn=users,cn=accounts,dc=test,dc=local
>>
>> nsds5ReplConflict: namingConflict cn=system: manage user
>> principals,cn=permiss
>>
>> ions,cn=pbac,dc=test,dc=local
>>
>> # servers + 6f4722d4-c9a811e6-943e8d1c-0faa636d, dns, test.local
>>
>> dn:
>> cn=servers+nsuniqueid=6f4722d4-c9a811e6-943e8d1c-0faa636d,cn=dns,dc=test,dc
>>
>> =local
>>
>> objectClass: nsContainer
>>
>> objectClass: top
>>
>> cn: servers
>>
>> nsds5ReplConflict: namingConflict cn=servers,cn=dns,dc=test,dc=local
>>
>> # ipa + 90a80ea3-c9a811e6-943e8d1c-0faa636d, cas +
>> 6f47220a-c9a811e6-943e8d1c-0
>>
>> faa636d, ca, test.local
>>
>> dn:
>> cn=ipa+nsuniqueid=90a80ea3-c9a811e6-943e8d1c-0faa636d,cn=cas+nsuniqueid=6f
>>
>> 47220a-c9a811e6-943e8d1c-0faa636d,cn=ca,dc=test,dc=local
>>
>> description: IPA CA
>>
>> ipaCaIssuerDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>> objectClass: top
>>
>> objectClass: ipaca
>>
>> ipaCaSubjectDN: CN=Certificate Authority,O=TEST.LOCAL
>>
>> ipaCaId: bcab810a-f59b-40ff-add4-560f50be04d3
>>
>> cn: ipa
>>
>> nsds5ReplConflict: namingConflict
>> cn=ipa,cn=cas,cn=ca,dc=test,dc=local
>>
>> # search result
>>
>> search: 2
>>
>> result: 0 Success
>>
>> # numResponses: 51
>>
>> # numEntries: 50
>>
>> <http://www.high5games.com/>
>>
>> *Daniel Alex Finkelstein*| Lead Dev Ops Engineer
>>
>> _Dan.Finkelstein at h5g.com <mailto:Dan.Finkelstein at h5g.com>_ |
>> 212.604.3447
>>
>> One World Trade Center, New York, NY 10007
>>
>> www.high5games.com <http://www.high5games.com/>
>>
>> Play High 5 Casino <https://apps.facebook.com/highfivecasino/>
>> and Shake the Sky <https://apps.facebook.com/shakethesky/>
>>
>> Follow us on: Facebook <http://www.facebook.com/high5games>,
>> Twitter <https://twitter.com/High5Games>, YouTube
>> <http://www.youtube.com/High5Games>, Linkedin
>> <http://www.linkedin.com/company/1072533?trk=tyah>
>>
>> //
>>
>> /This message and any attachments may contain confidential or
>> privileged information and are only for the use of the intended
>> recipient of this message. If you are not the intended recipient,
>> please notify the sender by return email, and delete or destroy
>> this and all copies of this message and all attachments. Any
>> unauthorized disclosure, use, distribution, or reproduction of
>> this message or any attachments is prohibited and may be unlawful./
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4334 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4335 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 4336 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/50664fce/attachment-0002.jpe>
More information about the Freeipa-users
mailing list