On 07/30/2012 03:21 PM, John Blaut wrote: > Hi > > I am following the same issue with Robert. > > In /etc/dirsrv/slapd-<DOMAIN>/schema/99user.ldif we can see that these new > attributes have been added.
Hello John, I assume that the new attributes were not added to the MAY list in idnsZone objectclass due to an issue with IPA upgrade which is already described in the following ticket: https://fedorahosted.org/freeipa/ticket/2440 The ticket should contain more information about the issue and also an LDIF that should workaround it until a fix is released. > > Unfortunately I couldn't verify using ldapsearch on 'cn=schema' to see if this > is indeed the case as well within the LDAP data. > > However if I browse other pre-existing DNS zones using ldapsearch I see that > these already have the two attributes in place, so I guess the update > procedure > managed to insert them somehow: > > idnsAllowQuery: any; > idnsAllowTransfer: none; If I understand it correctly, you have existing DNS zones with there attributes defined? I assume this would mean that idnsZone objectclass has the attribute list updated. But then it is quite strange that you get the '"idnsAllowTransfer" not allowed' error. Martin > > So we are a bit confused that when trying to add a new zone, we get errors due > to these attributes. This is also preventing us to add new replicas (which > require new reverse zones). > > Regards > > John > > > On Mon, Jul 30, 2012 at 2:57 PM, Simo Sorce <s...@redhat.com > <mailto:s...@redhat.com>> wrote: > > On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote: > > Hi Simo, > > > > Thanks for your reply. > > > > Yes the IPA server has been updated from 2.1 to 2.2. Prior to the > > update, DNS zones could be created without any issues. > > > > I have also noticed that the command 'ipa ping' is displaying the > > incorrect IPA server version (IPA server version 2.1.90.rc1. API > > version 2.34) when infact the IPA server version 2.2.x should be > > displayed. > > This is odd, have you restarted httpd since the update ? > > The symptom below seem to suggest somethinhg went wrong in updating the > DNS schema where we added a few attributes to allow zone transfers. > > Can you check the ipaserver-upgrade.log file and see if there are any > errors in there ? > > Simo. > > > Regards, > > > > Robert.. > > > > > > On 27 July 2012 17:29, Simo Sorce <s...@redhat.com > <mailto:s...@redhat.com>> wrote: > > On Thu, 2012-07-26 at 09:47 +0200, Robert Bowell wrote: > > > Hi, > > > > > > > > > I'm encountering a strange problem.. upon trying to add a > > new DNS zone > > > the following message is being displayed "attribute > > > "idnsAllowTransfer" not allowed" and the DNS entry is not > > created. Has > > > any one ever encountered such a problem if so what needs to > > be done to > > > resolve it ? > > > > > > > > > IPA server version 2.1.3. API version 2.13 > > > > > > > > > Was this server upgraded from a 2.0.x one ? > > > > Simo. > > > > -- > > Simo Sorce * Red Hat, Inc * New York > > > > > > > -- > Simo Sorce * Red Hat, Inc * New York > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org <mailto:Freeipaemail@example.com> > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users