#1816 Non-fatal errors looking up trusted domains with IPA back end
Closed: Fixed None Opened 6 years ago by jhrozek.

I see the following error on a 6.4 ipa-client:

[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaNTTrustedDomain][cn=trusts,dc=r,dc=test].
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTFlatName]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
[sssd[be[r.test]]] [be_run_online_cb] (0x0080): Going online. Running callbacks.
[sssd[be[r.test]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [objectclass=ipaIDRange][cn=ranges,cn=etc,dc=r,dc=test].
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [cn]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaBaseRID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaSecondaryBaseRID]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaIDRangeSize]
[sssd[be[r.test]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [ipaNTTrustedDomainSID]
[sssd[be[r.test]]] [sdap_get_generic_ext_done] (0x0400): Search result: Success(0), no errmsg set
[sssd[be[r.test]]] [sysdb_update_ranges] (0x0400): Adding range [R.TEST_id_range].
[sssd[be[r.test]]] [sysdb_range_create] (0x0040): Invalid range, expected that either the secondary base rid or the SID of the trusted domain is set, but not both or none of them.
[sssd[be[r.test]]] [sysdb_range_create] (0x0400): Error: 22 (Invalid argument)
[sssd[be[r.test]]] [sysdb_update_ranges] (0x0040): sysdb_range_create failed.
[sssd[be[r.test]]] [ipa_subdomains_handler_ranges_done] (0x0040): sysdb_update_ranges failed.
[sssd[be[r.test]]] [get_subdomains_callback] (0x0400): Backend returned: (3, 22, <NULL>) [Internal Error (Authentication token lock busy)]
[sssd[nss]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 22 error message: Internal Error (Authentication token lock busy)

The errors are not fatal and the SSSD recovers luckily.


No externally visible change, no clone needed.

rhbz: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta

Seeing the same with EL6.4/ipa 3.0.0 server and sssd-1.9.4-5.fc18.x86_64 client. Not sure what effect it has.

cc: => orion

Not critical for beta, can be done in 1.10

milestone: SSSD 1.10 beta => SSSD 1.10.0
review: => 0

Fields changed

changelog: =>
owner: somebody => okos
status: new => assigned

Fields changed

patch: 0 => 1

milestone: SSSD 1.10.0 => SSSD 1.10 beta
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => Hides a spurious and confusing DEBUG message from the user.

Metadata Update from @jhrozek:
- Issue assigned to okos
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata