On Thu, Mar 19, 2015 at 05:39:21PM +0100, Lukas Slebodnik wrote: > On (19/03/15 14:23), Domenico Viggiani wrote: > >> -----Original Message----- > >> > >> There was an issue with build queue, so it took litle bit longer. > >> > >> The dependency problem should be fixed now. > >Installed, restarted services sssd/realmd, problem replicated but log SEEMS > >the same. > >Log attached. > > > Almost the same log. > > [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): Processing membership SID > [S-1-5-21-2248061571-2151176789-1472819363-28167] > [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): SID > [S-1-5-21-2248061571-2151176789-1472819363-28167] maps to GID [684028167] > [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): Processing membership SID > [S-1-5-21-2248061571-2151176789-1472819363-6709] > [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): SID > [S-1-5-21-2248061571-2151176789-1472819363-6709] maps to GID [684006709] > [sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for > [testuser] > [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such > attribute](16)[attribute 'member': no matching attribute value while deleting > attribute on 'name=DGOP-Direzione Generale > Operativa,cn=groups,cn=mydomain.COM,cn=sysdb'] > [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such > attribute] > [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) > [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from > group [name=DGOP-Direzione Generale > Operativa,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping > [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such > attribute](16)[attribute 'member': no matching attribute value while deleting > attribute on 'name=Organigramma,cn=groups,cn=mydomain.COM,cn=sysdb'] > [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such > attribute] > [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) > [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from > group [name=Organigramma,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping > [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such > attribute](16)[attribute 'member': no matching attribute value while deleting > attribute on 'name=IT-Area IT,cn=groups,cn=mydomain.COM,cn=sysdb'] > [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such > attribute] > [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) > [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from > group [name=IT-Area IT,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping > [sdap_get_initgr_done] (0x1000): Mapping primary group to unix ID > > Here is the most important part. > I have no idea waht could cause error: > attribute 'member': no matching attribute value while deleting attribute on > ..
I think the next line tells :-) the attribute wasn't stored in the cache in the first place. Do you think this failure is fatal and terminates the group update? Because I think we need to find out why is the posix=false attribute not being updated in the first place.. Would it be possible to also see the cache dump after the login attempt? # ldbsearch -H /var/lib/sss/db/cache_$domain.ldb _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
