Janez Molicnik via FreeIPA-users wrote:
> Thank you Rob. Here are a few more details:
> 
> - Yes the missing account is found in two different LDIF files in the export: 
> DOMAINNAME-COM-userRoot.ldif and DOMAINNAME-COM-ipaca.ldif
> 
> - DirSrvErrorsLog from imports show the next warnings:
> WARN - import_producer - import userRoot: Skipping entry 
> "uid=missing.account.name,cn=users..." which violates attribute syntax, 
> ending line 32805 of file 
> "/var/lib/dirsrv/slaprd-DOMAINNAME-COM/ldif/DOMAINNAME-COM-userRoot.ldif"

You'll want to look at this line in the LDIF. It may be a subtle LDAP
syntax error. If you can share the entry, or parts of it, we can try to
help sort it out.

> there are another two WARN a some of lines before the one above:
> WARN - load_config_dse - Config Warning: - nsslapd-maxdescriptors: invalid 
> value "8192", maximum file descriptors must range from 1 to 4096 (the current 
> process limit). Server will use a setting of 4096.
> and then:
> WARN default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle 
> caseExtractIA5Match

These are unrelated and probably fine. The maxfiledescriptors is limited
by the system configuration.

> There are other WARN and ERR events, but they occur later. They are connected 
> to cos_plugin, replication, attrcypt_init and set_krb5_creds.

Also probably not an issue.

> I should also add that the minor versions of IPA are different on export and 
> import server.
> Export was made on version 4.6.8-5.el7.centos.11.x86_64, while import was 
> made on version 4.6.8-5.el7.centos.15.x86_64
> There are no ERROR lines in ipaupgrade.log and the command was successful.

Ok. IIRC the backup/restore only enforces the top-level versioning
(4.6.8). This is fine.

> Judging by https://access.redhat.com/solutions/5520131 it looks like one or 
> more attributes of this user is not valid. Looking at entries at 
> DOMAINNAME-COM-userRoot.ldif for this user I couldn't find any outliers in 
> its attribute values. How can I troubleshoot which attribute is invalid for 
> this user?

If you can share the surrounding lines maybe we can help. It could be a
syntax issue where the data looks right but the value isn't ok (like a
string value where it should be a dn).

rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to