[Freeipa-users] Errors in IPA logs

[Lachlan Musicman]

Hi,

I've reported a bug against SSSD and Lukas has pointed to a number of
FreeIPA errors in our logs.
I've can't find any information on how I might fix these errors or what I
might do to mitigate them. Any pointers appreciated:

First error:

[sssd[be[unixdev.domain.org.au]]] [ipa_sudo_fetch_rules_done] (0x0040):
Received 1 sudo rules

[sssd[be[unixdev.domain.org.au]]] [sysdb_mod_group_member] (0x0080):
ldb_modify failed: [No such attribute](16)[attribute 'member': no matching
attribute value while deleting attribute on 'name=
ipa_bioinf_staff at unixdev.domain.org.au,cn=groups,cn=unixdev.domain.org.au,cn=sysdb']


[sssd[be[unixdev.domain.org.au]]] [sysdb_error_to_errno] (0x0020): LDB
returned unexpected error: [No such attribute]

[sssd[be[unixdev.domain.org.au]]] [sysdb_update_members_ex] (0x0020): Could
not remove member [SimpsonLachlan at domain.org.au] from group [name=
ipa_bioinf_staff at unixdev.domain.org.au,cn=groups,cn=unixdev.domain.org.au,cn=sysdb].
Skipping



Second error is long list of errors that look like


[sssd[be]] [get_ipa_groupname] (0x0020): Expected cn in second component,
got OU

[sssd[be]] [get_ipa_groupname] (0x0020): Expected groups second component,
got Users


I don't know enough about AD to speak meaningfully to these, but a quick
google shows that a group can have cn=Users as it's second component ( see
here for example
https://technet.microsoft.com/en-us/library/dn579255%28v=ws.11%29.aspx )

Is there an LDAP query that I need to define or add to the IPA server?

cheers
L.



------
The most dangerous phrase in the language is, "We've always done it this
way."

- Grace Hopper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170320/241234a0/attachment.htm>