Applies to: All versions of Centrify DirectControl on Solaris platform.
Question:
The syslog is flooded with these messages every few minutes. NISmaps is not being used at all. Is there any reason for this.?
=====
adclient[676]: [ID 702911 daemon.warning] WARN <fd:22 NSSGetUserAttrDataByName base.bind.cache
LDAP search CN=user_attr,CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain,DC=com:(&(description=lp)(!CN=\01*))) threw unexpected exception: ldap search, no such object; NO such object: 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
Jun 8 19:51:19 COMPUTERNAME 'CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain,DC=com
Jun 8 19:51:19 COMPUTERNAME matched 'CN=NisMaps,CN=zone1,CN=zones,OU=Centrify,OU=Services,DC=domain, DC=com
=====
Answer:
Centrify is responding to BSM calls (like getauusernam), but the (AD) container was not found. This is the result of a new feature to provide (backend) support for other NSS databases. Centrify will fix this to tune down the WARN messages in future releases.
Centrify understands it is generating a lot of noise for syslog. We apologize for the inconvenience. Please ignore them for now or simply create empty nis maps for - audit_user and user_attr on Centrify DirectControl console side of things.
Select the Zone the machine is joined to, then go to 'Unix Data', expand and select -> NIS Maps, right click then select 'New' and select 'Generic Map' -> type 'Audit_user' and also create another generic map 'User_attr".
At the end of this KB, screenshots are available which show the creation of empty maps in the CDC console. They can be viewed on the portal.
You can also fix it on the Unix side of things as follows:
1) login as root and add this following line anywhere in /etc/centrifydc/centrifydc.conf
log.base.bind.cache: ERROR
2) Save your change then restart centrifydc
What this will do is to only log ERROR level message.
Note:
This is fixed in Centrify Direct Control 5.1.