Thanks for this. It's a bug in freeipa-healthcheck. I opened https://github.com/freeipa/freeipa-healthcheck/issues/217
Unfortunately other than removing the server as a hidden server there is no workaround other than to ignore the false positive until a new build can be made. rob Duncan Mortimer wrote: > Hi, > > LDAP search on the node in question results in the following. > > ldapsearch -Y GSSAPI -b > cn=ADTRUST,cn=`hostname`,cn=masters,cn=ipa,cn=etc,dc=my,dc=domain > SASL/GSSAPI authentication started > SASL username: ad...@ipa.my.domain > SASL SSF: 256 > SASL data security layer installed. > # extended LDIF > # > # LDAPv3 > # base > <cn=ADTRUST,cn=ipa2.my.domain,cn=masters,cn=ipa,cn=etc,dc=my,dc=domain> with > scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # ADTRUST, ipa2.my.domain, masters, ipa, etc, my.domain > dn: cn=ADTRUST,cn=ipa2.my.domain,cn=masters,cn=ipa,cn=etc,dc=my,dc=domain > objectClass: nsContainer > objectClass: ipaConfigObject > objectClass: top > cn: ADTRUST > ipaConfigString: startOrder 60 > ipaConfigString: hiddenService > > # search result > search: 4 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > > If this isn’t a false positive, what steps should I take to try to resolve > this? > > Regards, > > Duncan > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure