On Mon, 2025-12-01 at 13:54 +0100, Florence Blanc-Renaud wrote: > > ERR - NSACLPlugin - __aclp__init_targetattr - targetattr > > "ipapwddictcheck" does not exist in schema. Please add > > attributeTypes "ipapwddictcheck" to schema if necessary. > > > This attribute type was added with this > commit: https://github.com/freeipa/freeipa/commit/892fea881a6ceef80af > fd6d6a3fb9b5afafa969b#diff- > f5a44cd4a6c130ee38678799b39cfe47d236d42dd40b68ed7cec5db61d9802df on > master branch and also on ipa-4-12. If you need this attribute it's > probably because you added a more recent replica in the topology and > the replication started updating the schema. > > You can try to manually edit /etc/dirsrv/slapd-IPA- > TEST/schema/60basev2.ldif in order to add the attribute definition, > and restart the server. Please make sure to make a copy first.
Thanks Florence, I have a 60basev3.ldif too. I copied them from the /usr/share/ipa/schema to /etc/dirsrv/slapd-.... structure, and ipactl start did an odd upgrade, and things are running now! In /usr/share/ipa/schema I see the 60basev2.ldif and it has two entries: attributeTypes: (2.16.840.1.113730.3.8.23.4 NAME 'ipaPwdDictCheck' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4') bjectClasses: (2.16.840.1.113730.3.8.24.1 NAME 'ipaPwdPolicy' DESC 'IPA Password policy object class' SUP top MAY (ipaPwdMaxRepeat $ ipaPwdMaxSequence $ ipaPwdDictCheck $ ipaPwdUserCheck $ passwordGraceLimit) X-ORIGIN 'IPA v4') I did attempt a minor update to dirsrv after spending hours this weekend, and I presume the upgrade was to make that effective. However, before running ipactl, I was able to start dirsrv after copying the 60basev2 and 60basev3 files. So thanks again for that observation. I wasn't aware that these files in /etc/dirsrv are generated when you setup a dirsrv instance so I read the error as a corrupted file. Copying the schema files to the "current version" was the solution. // Peter -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
