[Freeipa-users] SRV (mixed?) records
Petr Spacek
pspacek at redhat.com
Thu Nov 10 11:44:59 UTC 2016
On 10.11.2016 12:08, lejeczek wrote:
>
>
> On 10/11/16 10:44, Petr Spacek wrote:
>> This is non-standard situation so it asks for non-standard commands.
>>
>> I would try:
>> $ ipa privilege-mod 'DNS Servers'
>> --addattr=member=krbprincipalname=DNS/rider..xx.xx..xx.xx.x at .xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x'
>>
>> $ ipa privilege-mod 'DNS Servers'
>> --addattr=member=krbprincipalname=ipa-dnskeysyncd/rider..xx.xx..xx.xx.x at .xx.xx..xx.xx.x,cn=services,cn=xxcounts,dc=,dc=xx,dc=xx,dc=,dc=xx,dc=xx,dc=x'
>>
>>
>> Be very careful when constructing these DNs, --addattr do not validate the
>> input!
>
> well, I realize these can be trivial trifles, but man, you saved the... week!
> And to finish (hopefully) - maybe even more of a puzzle: how it happened?
> This box member was fine, suddenly (I was recovering/reconnecting replication
> agreements), maybe not suddenly, but when I noticed at some point, it did
> that. It lost those ldap bits?
Good question! I really do not know. You may dig into /var/log/dirsrv/* and
look for modifications in the privilege LDAP entry but that is the only advice
I have.
Please let us know if you found out how it happened.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list