Need to fix sidgen plugin to ignore users in the staged area. Additionally, we need to run sid generation when users moved from the staging to production.
ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... DEBUG - ipa-sidgen-postop - Base DN: [dc=domain], Filter: [(&(objectclass=ipaobject)(!(objectclass=mepmanagedentry))(|(objectclass=posixaccount)(objectclass=posixgroup)(objectclass=ipaidobject))(!(ipantsecurityidentifier=*)))]. DEBUG - ipa-sidgen-postop - Trying to add SID for [uid=user_name,cn=staged users,cn=accounts,cn=provisioning,dc=domain]. ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 483]: ID value too large. ERR - do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry. ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [19].
ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ... ERR - sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].
ipa-server-4.5.4-10.el7.centos.3.x86_64 ipa-client-4.5.4-10.el7.centos.3.x86_64 389-ds-base-1.3.7.5-24.el7_5.x86_64 pki-ca-10.5.1-13.1.el7_5.noarch krb5-server-1.15.1-19.el7.x86_64
Email thread discussing this issue.
@abbra suggested in the e-mail thread:
So, this is a user from the staged area, right?. It looks like we need to fix sidgen plugin to ignore users in the staged area. Additionally, we need to run sid generation when users moved from the staging to production.
Metadata Update from @abiagion: - Issue set to the milestone: FreeIPA 4.7.1
Metadata Update from @rcritten: - Issue set to the milestone: FreeIPA 4.7.2 (was: FreeIPA 4.7.1)
FreeIPA 4.7.1 has been released, moving to FreeIPA 4.7.2 milestone
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.7.3 (was: FreeIPA 4.7.2)
Login to comment on this ticket.