On 02/21/2013 09:34 AM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 02/21/2013 09:07 AM, Rob Crittenden wrote:
>>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember'
>>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch
>>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>>> X-ORIGIN 'IPA v3' )
>>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup'
>>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$
>>> description $$ owner) X-ORIGIN 'IPA v3' )
>>
>> Well that fails as well, though in sort of a self inflicted way:
>>
>> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed,
>> exception: DatabaseError: Server is unwilling to perform: Minimum SSF
>> not met. arguments: base="cn=config,cn=ldbm
>> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)"
>> 2013-02-21T16:24:30Z ERROR Unexpected error - see
>> /var/log/ipaupgrade.log for details:
>> DatabaseError: Server is unwilling to perform: Minimum SSF not met.
>> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config",
>> scope=0, filterstr="(objectclass=*)"
>>
>>
>> Now this probably comes about because I set:
>> nsslapd-minssf: 56
>> For security.
>>
>> I can cange that back to the default and probably move past this, but is
>> that a known issue? Is there another way around?
> 
> As root try the --ldapi flag:
> 
> # ipa-ldap-updater --ldapi /path/to/scheme.update
> 
> rob
> 

ERROR: LDAPUpdate: syntax error:
  dn is not defined in the update, data source=schema.update

-Erinn

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to