Applies to: All versions of Centrify DirectControl on all platforms
Question:
The following messages can be seen in /var/log/messages running CDC 5.0.2 on a Red Hat Enterprise Linux 5:
adclient[3010]: WARN <gpworker> base.zonehier Failed to extend object for CN=SRVARI11,CN=Computers,DC=csb,DC=local
adclient[3010]: WARN <gpworker> base.bind.cache LDAP search CN=Computers,CN=srvari11.csb.local:zone,CN=Computers,
CN=ARI,CN=ARI,CN=CSB,CN=Zones,CN=Centrify,CN=Program Data,DC=csb,DC=local:(&(objectCategory=ServiceConnectionPoint)(|(managedBy=CN=SRVARI11,
CN=Computers,DC=csb,DC=local)(keywords=parentLink:S-1-5-21-251014051-3522727938-3902368344-4227))) threw unexpected exception:
ldap search, no such object : No such object : 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=srvari11.cs
adclient[3010]: WARN <gpworker> base.zonehier Failed to extend object for CN=SRVARI11,CN=Computers,DC=csb,DC=local
adclient[3010]: INFO <fd:10 PAMVerifyPassword > audit User 'thiril' authenticated based on Kerberos exchange to AD
Another example on a RHEL5;
adclient[1737]: INFO <fd:11 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
adclient[1737]: INFO <fd:25 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
adclient[1737]: WARN <fd:11 CAPIGetObjectBySID > base.zonehier Failed to extend object for CN=cm-rhel5-1,CN=Computers,DC=cm-demo,DC=local
adclient[1737]: INFO <fd:11 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
cda.dash[3406]: ERROR: Unable to reconnect: Unable to send lrpc2 message: 404 (Socket closed), 13 bytes of session data lost.
cda.dash[3406]: ERROR: Error in sending buffered stdin data.
Answer:
These messages are safe to ignore as the computer objects are found when when the system traverses up the Zone-hierarchy.
When searching the machine's computer object, DirectControl will search in the Computer Zone first, but since the computer object was created in the base Zone, it throws an exception:
"No such object"
Then the hierarchical Zone will catch the exception and log that warning message.
Resolution:
This issue has been addressed in Suite 2013.