On 07/30/2012 03:21 PM, John Blaut wrote:
> Hi
> 
> I am following the same issue with Robert.
> 
> In /etc/dirsrv/slapd-<DOMAIN>/schema/99user.ldif we can see that these new
> attributes have been added.

Hello John,

I assume that the new attributes were not added to the MAY list in idnsZone
objectclass due to an issue with IPA upgrade which is already described in the
following ticket:

https://fedorahosted.org/freeipa/ticket/2440

The ticket should contain more information about the issue and also an LDIF
that should workaround it until a fix is released.

> 
> Unfortunately I couldn't verify using ldapsearch on 'cn=schema' to see if this
> is indeed the case as well within the LDAP data.
> 
> However if I browse other pre-existing DNS zones using ldapsearch I see that
> these already have the two attributes in place, so I guess the update 
> procedure
> managed to insert them somehow:
> 
> idnsAllowQuery: any;
> idnsAllowTransfer: none;

If I understand it correctly, you have existing DNS zones with there attributes
defined? I assume this would mean that idnsZone objectclass has the attribute
list updated. But then it is quite strange that you get the
'"idnsAllowTransfer" not allowed' error.

Martin

> 
> So we are a bit confused that when trying to add a new zone, we get errors due
> to these attributes. This is also preventing us to add new replicas (which
> require new reverse zones).
> 
> Regards
> 
> John
> 
> 
> On Mon, Jul 30, 2012 at 2:57 PM, Simo Sorce <s...@redhat.com
> <mailto:s...@redhat.com>> wrote:
> 
>     On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote:
>     > Hi Simo,
>     >
>     > Thanks for your reply.
>     >
>     > Yes the IPA server has been updated from 2.1 to 2.2. Prior to the
>     > update, DNS zones could be created  without any issues.
>     >
>     > I have also noticed that the command  'ipa ping' is displaying the
>     > incorrect IPA server version (IPA server version 2.1.90.rc1. API
>     > version 2.34) when infact the IPA server version 2.2.x should be
>     > displayed.
> 
>     This is odd, have you restarted httpd since the update ?
> 
>     The symptom below seem to suggest somethinhg went wrong in updating the
>     DNS schema where we added a few attributes to allow zone transfers.
> 
>     Can you check the ipaserver-upgrade.log file and see if there are any
>     errors in there ?
> 
>     Simo.
> 
>     > Regards,
>     >
>     > Robert..
>     >
>     >
>     > On 27 July 2012 17:29, Simo Sorce <s...@redhat.com
>     <mailto:s...@redhat.com>> wrote:
>     >         On Thu, 2012-07-26 at 09:47 +0200, Robert Bowell wrote:
>     >         > Hi,
>     >         >
>     >         >
>     >         > I'm encountering a strange problem.. upon trying to add a
>     >         new DNS zone
>     >         > the following message is being displayed "attribute
>     >         > "idnsAllowTransfer" not allowed" and the DNS entry is not
>     >         created. Has
>     >         > any one ever encountered such a problem if so what needs to
>     >         be done to
>     >         > resolve it ?
>     >         >
>     >         >
>     >         > IPA server version 2.1.3. API version 2.13
>     >         >
>     >
>     >
>     >         Was this server upgraded from a 2.0.x one ?
>     >
>     >         Simo.
>     >
>     >         --
>     >         Simo Sorce * Red Hat, Inc * New York
>     >
>     >
> 
> 
>     --
>     Simo Sorce * Red Hat, Inc * New York
> 
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to