Janez Molicnik via FreeIPA-users wrote: > Thank you Rob. Here are a few more details: > > - Yes the missing account is found in two different LDIF files in the export: > DOMAINNAME-COM-userRoot.ldif and DOMAINNAME-COM-ipaca.ldif > > - DirSrvErrorsLog from imports show the next warnings: > WARN - import_producer - import userRoot: Skipping entry > "uid=missing.account.name,cn=users..." which violates attribute syntax, > ending line 32805 of file > "/var/lib/dirsrv/slaprd-DOMAINNAME-COM/ldif/DOMAINNAME-COM-userRoot.ldif"
You'll want to look at this line in the LDIF. It may be a subtle LDAP syntax error. If you can share the entry, or parts of it, we can try to help sort it out. > there are another two WARN a some of lines before the one above: > WARN - load_config_dse - Config Warning: - nsslapd-maxdescriptors: invalid > value "8192", maximum file descriptors must range from 1 to 4096 (the current > process limit). Server will use a setting of 4096. > and then: > WARN default_mr_indexer_create - Plugin [caseIgnoreIA5Match] does not handle > caseExtractIA5Match These are unrelated and probably fine. The maxfiledescriptors is limited by the system configuration. > There are other WARN and ERR events, but they occur later. They are connected > to cos_plugin, replication, attrcypt_init and set_krb5_creds. Also probably not an issue. > I should also add that the minor versions of IPA are different on export and > import server. > Export was made on version 4.6.8-5.el7.centos.11.x86_64, while import was > made on version 4.6.8-5.el7.centos.15.x86_64 > There are no ERROR lines in ipaupgrade.log and the command was successful. Ok. IIRC the backup/restore only enforces the top-level versioning (4.6.8). This is fine. > Judging by https://access.redhat.com/solutions/5520131 it looks like one or > more attributes of this user is not valid. Looking at entries at > DOMAINNAME-COM-userRoot.ldif for this user I couldn't find any outliers in > its attribute values. How can I troubleshoot which attribute is invalid for > this user? If you can share the surrounding lines maybe we can help. It could be a syntax issue where the data looks right but the value isn't ok (like a string value where it should be a dn). rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
