#1816 Non-fatal errors looking up trusted domains with IPA back end
Closed: Fixed None Opened 7 years ago by jhrozek.

I see the following error on a 6.4 ipa-client:

[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=r,dc=test].
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
[sssd[be[r.test]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
[sssd[be[r.test]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=r,dc=test].
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSecondaryBaseRID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
[sssd[be[r.test]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
[sssd[be[r.test]]] [sysdb_update_ranges] (0x0400): Adding range [R.TEST_id_range].
[sssd[be[r.test]]] [sysdb_range_create] (0x0040): Invalid range, expected that either the secondary base rid or the SID of the trusted domain is set, but not both or none of them.
[sssd[be[r.test]]] [sysdb_range_create] (0x0400): Error: 22 (Invalid argument)
[sssd[be[r.test]]] [sysdb_update_ranges] (0x0040): sysdb_range_create failed.
[sssd[be[r.test]]] [ipa_subdomains_handler_ranges_done] (0x0040): sysdb_update_ranges failed.
[sssd[be[r.test]]] [get_subdomains_callback] (0x0400): Backend returned: (3, 22, <NULL>) [Internal Error (Authentication token lock busy)]
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 22 error message: Internal Error (Authentication token lock busy)

The errors are not fatal and the SSSD recovers luckily.


No externally visible change, no clone needed.

rhbz: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta

Seeing the same with EL6.4/ipa 3.0.0 server and sssd-1.9.4-5.fc18.x86_64 client. Not sure what effect it has.

cc: => orion

Not critical for beta, can be done in 1.10

milestone: SSSD 1.10 beta => SSSD 1.10.0
review: => 0

Fields changed

changelog: =>
owner: somebody => okos
status: new => assigned

Fields changed

patch: 0 => 1

milestone: SSSD 1.10.0 => SSSD 1.10 beta
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => Hides a spurious and confusing DEBUG message from the user.

Metadata Update from @jhrozek:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.10 beta

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2858

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata