On Wed, 2014-06-11 at 13:32 -0400, Simo Sorce wrote: > On Wed, 2014-06-11 at 13:30 -0400, Simo Sorce wrote: > > On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote: > > > On 06/11/2014 06:58 PM, Simo Sorce wrote: > > > > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote: > > > >> On 06/11/2014 06:45 PM, Simo Sorce wrote: > > > >>> On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote: > > > >>>> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote: > > > >> > > > >>>> > > > >>>> Do the installed schema files have ipatokenHOTP? Did you dump the > > > >>>> schema > > > >>>> from 389DS to see if this object class is present? > > > >>> > > > >>> They are not. The schema files in /usr/share/ipa do have the > > > >>> objectclasses, but the server schema has not been updated (or the > > > >>> update > > > >>> failed). > > > >> > > > >> Can you check /var/log/ipaupgrade.log to see why the upgrade failed? Or > > > >> send it and I can check. > > > > > > > > Uhmm it failed because I previously had one of the getkeytab attributes > > > > in the server but we later changed its OID when the feature was > > > > deferred... sigh ... > > > > > > Yeah, that would be a problem. > > > > > > > I now have removed the offending attributes by turning off dirsrv and > > > > manually removing them from 99user.ldif, but running ipa-ldap-updater > > > > does not seem to do try to add the missing schema ... > > > > > > Are you saying there's nothing about schema in the log? > > > > Not for following ipa-ldap-update runs ... they seem to actually fail > > with a timeout ... investigating. > > Nevermind, I re-run ipa-ldap-updater and this time it is trying (but it > found another of the old attributes I hadn't deleted. I don't know why > previous attempts at running ipa-ldap-updater failed, but I did reboot > the machine since ... so maybe there was something wonky about DS.
Ok now ipa-ldap-updater does a lot more and passes through schema upgrade, however it fails again later complaining ipaVirtualOperation is an unknown object class .. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
