Hi,

In my installation of the freeipa built with the latest topology patches applied, I was unable to reset domain level to 0 on neither of nodes:


ofayans@testmaster:~/ldap]$ ipa domainlevel-set 0
ipa: ERROR: Domain Level cannot be lowered.

I am able to reset domain level to 0 manually using ldapmodify with the following ldif file:
dn: cn=domain level,cn=ipa,cn=etc,dc=zaeba,dc=li
changetype: modify
replace: ipaDomainLevel
ipaDomainLevel: 0

and subsequently raise it back to 1 with the standard command:

ofayans@testmaster:~/ldap]$ ipa domainlevel-get
-----------------------
Current domain level: 0
-----------------------
ofayans@testmaster:~/ldap]$ ipa domainlevel-set 1
-----------------------
Current domain level: 1
-----------------------

My topology looks like this:
master <=> replica1 <=> replica3

The question is: is it a correct behavior? AFAIU, The admin should not be able to *raise* domain level if one of the replicas does not support this, but there should be no limitations on *lowering* the domain level.


--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to