users@redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
DuplicateEntry: This entry already exists
On 26.01.2016 21:51, Martin Basti wrote:
>
>
> On 26.01.2016 21:03, Nathan Peters wrote:
>> After some more investigation, it appears that there may be m
branch, but they are wrong as they only
apply to cert manager, and not all users
I'm not sure if this covers your issues, but it may be related
https://fedorahosted.org/freeipa/ticket/5412
Martin
and this https://fedorahosted.org/freeipa/ticket/5575
-Original Message-
From:
ion:Add Replication Agreements";al
low (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=
pbac,dc=ipatestdomain,dc=net";)
aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsd
s5replicationagreement)(objectclass=nsDSWindowsReplicationAgre
ctually 3 issues :
===
1. Missing aci on base cn=config entry
2. Missing aci on dc\3Dipatestdomain\2Cdc\3Dnet, mapping tree, config branch
3. acis are on the o=ipaca branch, but they are wrong as they only apply to
cert manager, and not all users
-Original Message-
From: M
l "permission:Modify Replication Agreeme
nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag
reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";)
aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(ob
jectclass
(objectCl
ass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreeme
nts"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Ag
reements,cn=permissions,cn=pbac,dc=ipatestdomain,dc=net";)
aci: (targetattr=*)(targetfilter="(|(objectcla
dnaNextValue || dnaThre
shold || dnaType || objectclass)(version 3.0;acl "permission:Read DNA Range";
allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss
ions,cn=pbac,dc=myproddomain,dc=net";)
# userRoot, ldbm database, plugins, config
dn: cn=userRoot,cn=ld
uot;permission:Read DNA Range";
allow (read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss
ions,cn=pbac,dc=myproddomain,dc=net";)
# userRoot, ldbm database, plugins, config
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
aci: (targetattr=nsslapd-readonly)(
(read, search, compare) groupdn = "ldap:///cn=Read DNA Range,cn=permiss
ions,cn=pbac,dc=dev-mydomain,dc=net";)
# userRoot, ldbm database, plugins, config
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the dat
updn = "ldap:///cn=Read DNA Range,cn=permiss
ions,cn=pbac,dc=dev-mydomain,dc=net";)
# userRoot, ldbm database, plugins, config
dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config
aci: (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the databas
e readonly"; al
ies: 12
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: January-21-16 7:29 AM
To: Nathan Peters; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
DuplicateEntry: This entry already exists
On 01/21/2016 12:50 A
rch result
search: 2
result: 0 Success
# numResponses: 13
# numEntries: 12
-Original Message-
From: Rich Megginson [mailto:rmegg...@redhat.com]
Sent: January-21-16 7:29 AM
To: Nathan Peters; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
conn=76094 op=5 UNBIND
[21/Jan/2016:19:54:40 -0800] conn=76094 op=5 fd=143 closed - U1
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ludwig Krispenz
Sent: January-21-16 7:45 AM
To: freeipa-users@redhat.com
Subject: Re: [Fre
om: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Nathan Peters
> Sent: January-20-16 11:41 PM
> To: Rich Megginson; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails
> with DuplicateEntry: Th
Megginson; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
DuplicateEntry: This entry already exists
All checks below were performed from the host we are trying to turn into a
replica and they were performed against the master who logs I also show
users@redhat.com
Subject: Re: [Freeipa-users] Freeipa 4.3.0 replica installation fails with
DuplicateEntry: This entry already exists
All checks below were performed from the host we are trying to turn into a
replica and they were performed against the master who logs I also show
The first check was to
ectClass: nsIndex
# search result
search: 4
result: 0 Success
# numResponses: 51
# numEntries: 50
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rich Megginson
Sent: January-20-16 11:44 AM
To: freeipa-users@redhat.com
Subj
default indexes, config, ldbm database, plugins, config
dn: cn=uniquemember,cn=default indexes,cn=config,cn=ldbm database,cn=plugins,c
n=config
cn: uniquemember
objectClass: top
objectClass: nsIndex
# search result
search: 4
result: 0 Success
# numResponses: 51
# numEntries: 50
-Original Message-
search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
-----Original Message-----
From: Petr Vobornik [mailto:pvobo...@redhat.com]
Sent: January-20-16 2:02 AM
To: Rob Crittenden; Nathan Peters; Ludwig Krispenz
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Freei
aLastUpdateStatus: 0 Replica acquired successfully: Incremental upd
ate succeeded
nsds5replicaUpdateInProgress: FALSE
nsds5replicaLastInitStart: 1970010100Z
nsds5replicaLastInitEnd: 1970010100Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
-Original Message
On 01/20/2016 12:31 AM, Rob Crittenden wrote:
Nathan Peters wrote:
[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD
dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config"
[18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105
nentries=0 etime=0
[18/Jan/2
Nathan Peters wrote:
> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 ADD
> dn="cn=replica,cn=dc\3Ddev-globalrelay\2Cdc\3Dnet,cn=mapping tree,cn=config"
> [18/Jan/2016:09:28:33 -0800] conn=18732 op=10 RESULT err=68 tag=105
> nentries=0 etime=0
> [18/Jan/2016:09:28:33 -0800] conn=18732 op=11 UNBI
tEnd: 1970010100Z
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: January-19-16 12:33 PM
To: Nathan Peters; Ludwig Krispenz
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Fre
"(objectClass=*)" attrs=ALL
> [18/Jan/2016:09:28:32 -0800] conn=2 op=2 RESULT err=32 tag=101 nentries=0
> etime=0
> [18/Jan/2016:09:28:32 -0800] conn=2 op=3 SRCH base="cn=schema" scope=0
> filter="(objectClass=*)" attrs="attributeTypes objectClasses
-0800] conn=2 op=9 MOD
dn="cn=replica,cn=dc\3Dmydomain\2Cdc\3Dnet,cn=mapping tree,cn=config"
[18/Jan/2016:09:28:32 -0800] conn=2 op=9 RESULT err=0 tag=103 nentries=0 etime=0
[18/Jan/2016:09:28:32 -0800] conn=2 op=10 ADD dn="cn=Peer
Master,cn=mapping,cn=sasl,cn=config"
[18/Jan/2016:
On 01/18/2016 11:04 AM, Ludwig Krispenz wrote:
On 01/18/2016 04:47 AM, Nathan Peters wrote:
This is another issue I'm not sure how to debug or solve in 4.3.0. A
failed replica installation left a replica with stuff in the tree, but
not configured properly on the localhost. I did ipa-server-i
On 01/18/2016 04:47 AM, Nathan Peters wrote:
This is another issue I'm not sure how to debug or solve in 4.3.0. A
failed replica installation left a replica with stuff in the tree, but
not configured properly on the localhost. I did ipa-server-install
--uninstall as suggested by the instal
This is another issue I'm not sure how to debug or solve in 4.3.0. A failed
replica installation left a replica with stuff in the tree, but not configured
properly on the localhost. I did ipa-server-install -uninstall as suggested by
the installation program and it deleted the local copy of th
28 matches
Mail list logo