The following message will become DIAG message (from WARN message) in Suite 2014:
adclient[13722]: WARN <fd:27 CAPILdapFetch > base.zonehier Failed to extend object for CN=xxxxx,OU=xxxx,DC=xxx,DC=xx
Applies to: Centrify for DirectControl version 5.2.0 or below on all Unix/Linux platform
Question:
The following warning message is logged on Centrify-Enabled machines:
adclient[13722]: WARN <fd:27 CAPILdapFetch > base.zonehier Failed to extend object for CN=xxxxx,OU=xxxx,DC=xxx,DC=xx
The computer "xxxxx" is a collector:
May 14 10:45:24 localhost adclient[15105]: DEBUG <fd:10 CAPILdapPagedSearchGetNext > lrpc.adobject new object: CN=Vegas-Service-b347dda4-f507-4f10-ad8e-212fc9059eef,CN=xxxxx,OU=xxxx,DC=xxx,DC=xx
Is there any way to suppress or lower the level of this warning message?
Answer:
The reason of this warning message is that the AD object adclient tried to search doesn't have a dNSHostName attribute. It was thus taken as an LDAPException and throw it to outer catch, then the outer catch blocks the message as WARN and writes it into the log file.
There is no workaround before Suite 2014 (or Centrify DirectControl version 5.2.0), but these WARN messages can be safely ignored.
In Suite 2014, when the LDAP fetched an AD object that has no dNSHostName attribute, it will be logged as a DIAG message instead of WARN message. The DIAG message will look like:
[root@rhel61x64v1 ~]# tail -f /var/log/centrifydc.log | grep -i dnshostname Nov 23 13:29:16 rhel61x64v1 adclient[8625]: DIAG <fd:24 CAPILdapFetch > base.schema.cdc Computer CN=WIN2012_FANY,OU=Domain Controllers,DC=echo,DC=test does not have dNSHostName attribute, skip searching for computer extension (returning NULL)! Nov 23 13:29:16 rhel61x64v1 adclient[8625]: DIAG <fd:24 CAPILdapFetch > base.schema.cdc Computer CN=WIN2012_FANY,OU=Domain Controllers,DC=echo,DC=test does not have dNSHostName attribute, skip searching for computer extension (returning NULL)!