On (19/03/15 17:45), Jakub Hrozek wrote: >On Thu, Mar 19, 2015 at 05:39:21PM +0100, Lukas Slebodnik wrote: >> On (19/03/15 14:23), Domenico Viggiani wrote: >> >> -----Original Message----- >> >> >> >> There was an issue with build queue, so it took litle bit longer. >> >> >> >> The dependency problem should be fixed now. >> >Installed, restarted services sssd/realmd, problem replicated but log SEEMS >> >the same. >> >Log attached. >> > >> Almost the same log. >> >> [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): Processing membership >> SID [S-1-5-21-2248061571-2151176789-1472819363-28167] >> [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): SID >> [S-1-5-21-2248061571-2151176789-1472819363-28167] maps to GID [684028167] >> [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): Processing membership >> SID [S-1-5-21-2248061571-2151176789-1472819363-6709] >> [sdap_ad_tokengroups_initgr_mapping_done] (0x1000): SID >> [S-1-5-21-2248061571-2151176789-1472819363-6709] maps to GID [684006709] >> [sdap_ad_tokengroups_update_members] (0x1000): Updating memberships for >> [testuser] >> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such >> attribute](16)[attribute 'member': no matching attribute value while >> deleting attribute on 'name=DGOP-Direzione Generale >> Operativa,cn=groups,cn=mydomain.COM,cn=sysdb'] >> [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such >> attribute] >> [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) >> [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from >> group [name=DGOP-Direzione Generale >> Operativa,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping >> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such >> attribute](16)[attribute 'member': no matching attribute value while >> deleting attribute on 'name=Organigramma,cn=groups,cn=mydomain.COM,cn=sysdb'] >> [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such >> attribute] >> [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) >> [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from >> group [name=Organigramma,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping >> [sysdb_mod_group_member] (0x0080): ldb_modify failed: [No such >> attribute](16)[attribute 'member': no matching attribute value while >> deleting attribute on 'name=IT-Area IT,cn=groups,cn=mydomain.COM,cn=sysdb'] >> [sysdb_error_to_errno] (0x0020): LDB returned unexpected error: [No such >> attribute] >> [sysdb_mod_group_member] (0x0400): Error: 14 (Bad address) >> [sysdb_update_members_ex] (0x0020): Could not remove member [testuser] from >> group [name=IT-Area IT,cn=groups,cn=mydomain.COM,cn=sysdb]. Skipping >> [sdap_get_initgr_done] (0x1000): Mapping primary group to unix ID >> >> Here is the most important part. >> I have no idea waht could cause error: >> attribute 'member': no matching attribute value while deleting attribute >> on .. > >I think the next line tells :-) the attribute wasn't stored in the cache >in the first place. Do you think this failure is fatal and terminates >the group update? Because I think we need to find out why is the >posix=false attribute not being updated in the first place.. > >Would it be possible to also see the cache dump after the login attempt? ># ldbsearch -H /var/lib/sss/db/cache_$domain.ldb
It can be related, because I was not able to find out any other problematic operation/debug message in log file. * There was problem with modification of group membership. * Part of this sysdb modification could be a modification of attribute posix. I agree that output of ldbsearch might help. LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
