2:26 a.m.
Hi,
According to the code [1], this error happens in the deref plugin when it
performs an internal search but doesn't find any entry. I would try to
enable the internal searches logging (follow this doc [2] and [3]) to
identify the internal search and understand what is missing.
HTH,
flo
[1]
https://github.com/389ds/389-ds-base/blob/cf4c82c21595aff31d58e7ed97ed9a1...
[2]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/12...
[3]
https://access.redhat.com/documentation/en-us/red_hat_directory_server/12...
On Wed, Oct 5, 2022 at 10:39 PM Ryan Slominski via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi FreeIPA users,
I've got a username in the preserved list that is bugged. If you try
to search for the record on the web UI it throws an error, but still shows
a record in the result table. On the UI the error is in a dialog box that
reads: "Operations Error" with "Some operations failed.". In the
/var/log/dirsrv/slapd-REDACTED/errors file the error is:
[05/Oct/2022:13:20:01.492580320 -0400] - WARN - deref-plugin -
deref_do_deref_attr - conn=3223751 op=105 - failed to retrieve the entry
[uid=redacted=users,cn=accounts,dc=acc,dc=redacted,dc=org], although the
entry exists
Tried to manually restore and manually delete with no luck:
ipa user-undel redacted
ipa: ERROR: redacted: user not found
ipa user-del redacted
ipa: ERROR: redacted: user not found
kadmin.local: delprinc redacted
Are you sure you want to delete the principal "redacted@REDACTED"?
(yes/no): yes
delete_principal: Kerberos database constraints violated while deleting
principal "redacted@REDACTED"
ldapsearch -Y GSSAPI -LL -b "uid=redacted,cn=deleted
users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org"
SASL/GSSAPI authentication started
SASL username: redacted@REDACTED
SASL SSF: 256
SASL data security layer installed.
version: 1
No such object (32)
Matched DN: cn=deleted
users,cn=accounts,cn=provisioning,dc=acc,dc=redacted,dc=org
# Note the above LDAP query finds other preserved users fine
The username is NOT bugged no the other replicas. However,
"ipa-replica-manage list" suggests sync is working fine.
Similar, but I think different:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
I'm using the Red Hat Identity Manager version 4.6.8-5.el7_9.9 flavor of
FreeIPA.
Ideas?
Thanks,
Ryan
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue