Hello everybody, In the client logs I get the error bellow when querying AD users:
[ipa_s2n_exop_done] (0x0040): ldap_extended_operation result: Time limit exceeded(3), (null). (Tue Jul 13 10:47:46 2021) [sssd[be[ipa.example.com]]] [ipa_s2n_exop_done] (0x0040): ldap_extended_operation failed, server logs might contain more details. (Tue Jul 13 10:47:46 2021) [sssd[be[ipa.example.com]]] [ipa_s2n_get_user_done] (0x0040): s2n exop request failed. (Tue Jul 13 10:47:46 2021) [sssd[be[ipa.example.com]]] [ipa_subdomain_account_done] (0x0040): ipa_get_*_acct request failed: [1432158229]: Network I/O Error. I've enabled nss debug on the server, and for that timestamp, the error is: (2021-07-13 10:47:46): [nss] [cache_req_search_cache] (0x0020): CR #415: Multiple objects were found when only one was expected! (2021-07-13 10:47:46): [nss] [cache_req_process_result] (0x0400): CR #415: Finished: Error 1432158305: Multiple objects were found when only one was expected (2021-07-13 10:47:46): [nss] [nss_protocol_done] (0x4000): Sending reply: error [1432158305]: Multiple objects were found when only one was expected (2021-07-13 10:47:46): [nss] [client_recv] (0x0200): Client disconnected! (2021-07-13 10:47:46): [nss] [client_close_fn] (0x2000): Terminated client [0x55930a1916f0][12] The GID it is trying to search corresponds to "Domain Users" group from AD (GID:1768200513), which is the default primary group for all users. ldbsearch against the cache shows only one dn: entry for the "Domain Users". Nevertheless , when running groups command for any user, it displays: "cannot find name for group ID 1768200513 " getent group 1768200513 does not resolve the group name to "Domain Users" either. Any hint or help would be really appreciated. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure