On Fri, Dec 19, 2025 at 9:43 PM Eric Ashley <[email protected]> wrote:
> Hi Florence, > > There's still something amiss in dse.ldif. The errors look like something > related to replication topology, which I don't have. The reported runtime > error is still literally ''. > > I've attached the new ipaupgrade.log and journal entries. > > I'm guessing that over all the years I've been upgrading this server, some > entry is not present that should be or is missing some property value. > Best regards, > Eric > Dec 19, 2025, 04:42 by [email protected]: > > > Hi Eric, > > > > I am not very familiar with the 389ds migration procedure from BDB to > LMDB but in the dse.ldif one can see that the migration has happened and > the server should already be using lmdb: > > > > dn: cn=config,cn=ldbm database,cn=plugins,cn=config > > cn: config > > modifiersName: cn=server,cn=plugins,cn=config > > modifyTimestamp: 20250808231416Z > > nsslapd-backend-implement: mdb > > ... > > > > The journal points to an invalid entry starting > with cn=usercertificate,cn=index,cn=userroot,cn=l... > > On a fresh install this entry looks like: > > dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm > database,cn=plugins,cn=con > > fig > > cn: userCertificate > > createTimestamp: 20251219092748Z > > creatorsName: cn=Directory Manager > > modifiersName: cn=Directory Manager > > modifyTimestamp: 20251219092748Z > > nsIndexType: eq > > nsIndexType: pres > > nsSystemIndex: false > > objectClass: nsIndex > > objectClass: top > > but in your dse.ldif it is missing the nsIndex objectclass: > > dn: cn=usercertificate,cn=index,cn=userroot,cn=ldbm > database,cn=plugins,cn=c > > onfig > > cn: userCertificate > > createTimestamp: 20200724163749Z > > creatorsName: cn=Directory Manager > > modifiersName: cn=Directory Manager > > modifyTimestamp: 20200724163749Z > > nsIndexType: eq > > nsIndexType: pres > > nsSystemIndex: false > > objectClass: top > > > > Try adding the missing objectclass (stop ipa, edit dse.ldif, start ipa > with ipactl start) and let us know how it went. > > flo > > > > On Thu, Dec 18, 2025 at 12:48 AM Eric Ashley <> [email protected]> > > wrote: > > > >> Hi Florence, > >> > >> It exists in the file as "dn: cn=schema > compatibility,cm=plugins,cn=config". Is there a case sensitive test > occurring somewhere? > >> > >> I think the errors are occurring on the entries that still include > "cn=ldbm". I think they should be "cn=mdb" now, but I'm not sure. Should I > change them as such? > >> > >> I've attached ipaupgrade.log and the journal entries for the failure. > dse.ldif is too large for the list, so it's available here: >> > https://drive.proton.me/urls/2CMCHCM520#PUqS5gw5wemZ > >> > >> Best regards, > >> Eric > >> > >> > >> Dec 17, 2025, 18:41 by >> [email protected]>> : > >> > >> > Hi Florence, > >> > > >> > It exists in the file as "dn: cn=schema > compatibility,cm=plugins,cn=config". Is there a case sensitive test > occurring somewhere? > >> > > >> > I think the errors are occurring on the entries that still include > "cn=ldbm". I think they should be "cn=mdb" now, but I'm not sure. Should I > change them as such? > >> > > >> > I've attached dse.ldif, ipaupgrade.log and the journal entries for > the failure. > >> > > >> > Best regards, > >> > Eric > >> > > >> > Dec 17, 2025, 04:37 by >> [email protected]>> : > >> > > >> >> Hi, > >> >> > >> >> in the file /etc/dirsrv/slapd-IPA-EXAMPLE-COM/dse.ldif, do you have > an entry with "dn: cn=Schema Compatibility,cn=plugins,cn=config" ? > >> >> Could you post the content of /var/log/ipaupgrade.log and dse.ldif? > >> >> > >> >> flo > >> >> > >> >> On Mon, Dec 15, 2025 at 10:16 PM Eric Ashley via FreeIPA-users <>> > >> [email protected]>> >> > wrote: > >> >> > >> >>> This is a follow-on to the thread titled: "Re: [Freeipa-users] > FreeIP 4.12.5-2-fc42 missing dse.ldif" > >> >>> > >> >>> After dsctl was updated to guard against the double close of the > bdb source database, I now get the following error when trying to start IPA. > >> >>> > >> >>> ``` > >> >>> # ipactl start > >> >>> IPA version error: data needs to be upgraded (expected version > '4.12.5-3.fc43', current version '4.12.5-3.fc42') > >> >>> Automatically running upgrade, for details see > /var/log/ipaupgrade.log > >> >>> Be patient, this may take a few minutes. > >> >>> Automatic upgrade failed: DN: cn=Schema > Compatibility,cn=plugins,cn=config does not exists or haven't been updated > >> >>> Upgrade failed with '' > >> >>> DN: cn=Schema Compatibility,cn=plugins,cn=config does not exists > or haven't been updated > >> >>> IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run > command ipa-server-upgrade manually. > >> >>> ('IPA upgrade failed.', 1) > >> >>> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log > for more information > >> >>> > >> >>> See the upgrade log for more details and/or run > /usr/sbin/ipa-server-upgrade again > >> >>> Aborting ipactl > >> >>> ``` > >> >>> I had to manually touch empty files in > /var/lib/dirsrv/slapd-IPA-EXAMPLE-COM/ldif/ to get dsctl to complete > correctly(ish): __dblib-changelog.ldif, __dblib-ipaca.ldif and > __dblib-userroot.ldif. Nothing was actually written into any of these file, > but with them extant it did complete without error. > >> >>> I'm still receiving this error now, with the latest versions of > all F43 updates code: > >> >>> > >> >>> ``` > >> >>> 2025-12-15T20:30:35Z ERROR Upgrade failed with '' > >> >>> 2025-12-15T20:30:35Z ERROR DN: cn=Schema > Compatibility,cn=plugins,cn=config does not exists or haven't been updated > >> >>> 2025-12-15T20:30:35Z ERROR IPA server upgrade failed: Inspect > /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. > >> >>> ```Of course, the only reference I can see to this error was a fix > 7 years ago. How do I get my IPA back online? > >> >>> > >> >>> Best regards, > >> >>> Eric > >> >>> -- > >> >>> _______________________________________________ > >> >>> FreeIPA-users mailing list -- >>> >> > [email protected] > >> >>> To unsubscribe send an email to >>> >> > [email protected] > >> >>> Fedora Code of Conduct: >>> >> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> >>> List Guidelines: >>> >> > https://fedoraproject.org/wiki/Mailing_list_guidelines > >> >>> List Archives: >>> >> > https://lists.fedorahosted.org/archives/list/[email protected] > >> >>> Do not reply to spam, report it: >>> >> > https://pagure.io/fedora-infrastructure/new_issue > >> >>> > >> > > >> > > >> > >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
