On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote: > On 06/11/2014 06:45 PM, Simo Sorce wrote: > > On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote: > >> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote: > > >> > >> Do the installed schema files have ipatokenHOTP? Did you dump the schema > >> from 389DS to see if this object class is present? > > > > They are not. The schema files in /usr/share/ipa do have the > > objectclasses, but the server schema has not been updated (or the update > > failed). > > Can you check /var/log/ipaupgrade.log to see why the upgrade failed? Or > send it and I can check.
Uhmm it failed because I previously had one of the getkeytab attributes in the server but we later changed its OID when the feature was deferred... sigh ... I now have removed the offending attributes by turning off dirsrv and manually removing them from 99user.ldif, but running ipa-ldap-updater does not seem to do try to add the missing schema ... Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel