[Freeipa-users] be_pam_handler_callback Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
Harald Dunkel
harald.dunkel at aixigo.de
Tue Jan 17 15:12:51 UTC 2017
On 01/17/17 11:38, Sumit Bose wrote:
> On Tue, Jan 17, 2017 at 10:44:14AM +0100, Harald Dunkel wrote:
>> It seems something got corrupted in my ipa setup. I found this in the
>> sssd log file on Wheezy:
>>
>> (Tue Jan 17 10:19:02 2017) [hbac_shost_attrs_to_rule] (0x0400): Processing source hosts for rule [allow_all]
>> (Tue Jan 17 10:19:02 2017) [hbac_eval_user_element] (0x0080): Parse error on [cn=System: Manage Host Principals+nsuniqueid=109be36e-ccd911e6-a5b3d0c8-d8da17db,cn=permissions,cn=pbac,dc=example,dc=de]
>
> Looks like there was a replication conflict, please see
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Managing_Replication-Solving_Common_Replication_Conflicts.html
> how to resolve it.
>
% ldapsearch -D "cn=directory manager" -w secret -b "dc=example,dc=de" "nsds5ReplConflict=*" \* nsds5ReplConflict | grep nsds5ReplConflict | wc -l
26
:-(
I have 4 ipa servers. How can I make sure that no new problem arises
while I try to cleanup this mess? Can I freeze Freeipa somehow to
resolve this?
> We already have a ticket for SSSD to ignore those object, but
> unfortunately there is currently no patch available for SSSD so you have
> to resolve the replication conflict to get it working again.
>
You mean sssd should ignore the conflict, not telling anybody?
I am not sure if thats the right way.
Thanx very much for your advice
Harri
More information about the Freeipa-users
mailing list