lejeczek via FreeIPA-users wrote: > hi gents, > > I'm trying to add replica but process fails: > ... > Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes > [1/27]: creating certificate server db > [2/27]: setting up initial replication > Starting replication, please wait until this has completed. > Update in progress, 4 seconds elapsed > Update succeeded > > [3/27]: creating installation admin user > [error] ObjectclassViolation: unknown object class "cmsuser" > > and log: > ... > 2018-04-23T12:45:43Z DEBUG [3/27]: creating installation admin user > 2018-04-23T12:45:43Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 504, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", > line 494, in run_step > method() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", > line 437, in setup_admin > api.Backend.ldap2.add_entry(entry) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 1504, in add_entry > self.conn.add_s(str(entry.dn), list(attrs.items())) > File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ > self.gen.throw(type, value, traceback) > File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line > 990, in error_handler > raise errors.ObjectclassViolation(info=info) > ObjectclassViolation: unknown object class "cmsuser" > > 2018-04-23T12:45:43Z DEBUG [error] ObjectclassViolation: unknown > object class "cmsuser" > 2018-04-23T12:45:43Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in > execute > .. > > Where to start troubleshooting? Is it existing masters and or new > replica candidate.?
How did you provide this new schema for the existing masters? I'm guessing you dropped a schema file into the right directory. If so this the wrong way to add schema. Schema needs to be added online so that it will be replicated to other masters. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org