On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote: > On 02/21/2013 09:40 AM, Rob Crittenden wrote: >> Erinn Looney-Triggs wrote: >>> On 02/21/2013 09:34 AM, Rob Crittenden wrote: >>>> Erinn Looney-Triggs wrote: >>>>> On 02/21/2013 09:07 AM, Rob Crittenden wrote: >>>>>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME >>>>>> 'ipaExternalMember' >>>>>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch >>>>>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 >>>>>> X-ORIGIN 'IPA v3' ) >>>>>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' >>>>>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ >>>>>> description $$ owner) X-ORIGIN 'IPA v3' ) >>>>> Well that fails as well, though in sort of a self inflicted way: >>>>> >>>>> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed, >>>>> exception: DatabaseError: Server is unwilling to perform: Minimum SSF >>>>> not met. arguments: base="cn=config,cn=ldbm >>>>> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)" >>>>> 2013-02-21T16:24:30Z ERROR Unexpected error - see >>>>> /var/log/ipaupgrade.log for details: >>>>> DatabaseError: Server is unwilling to perform: Minimum SSF not met. >>>>> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config", >>>>> scope=0, filterstr="(objectclass=*)" >>>>> >>>>> >>>>> Now this probably comes about because I set: >>>>> nsslapd-minssf: 56 >>>>> For security. >>>>> >>>>> I can cange that back to the default and probably move past this, >>>>> but is >>>>> that a known issue? Is there another way around? >>>> As root try the --ldapi flag: >>>> >>>> # ipa-ldap-updater --ldapi /path/to/scheme.update >>>> >>>> rob >>>> >>> ERROR: LDAPUpdate: syntax error: >>> dn is not defined in the update, data source=schema.update >>> >>> -Erinn >>> >> Sorry, add this to the top of your update file: >> >> dn: cn=schema >> >> rob > No worries! Thanks for the help, after a restart of IPA the web UI is > working again. I reckon this is something that needs to be fixed, does > opening a support case and pointing them to that bug help you folks out > with this in any way?
This is a know defect. We just did not realize it would have such a bad impact on upgrade. Sorry, the errata is on the way. I would recommend everyone to not upgrade to 6.4 until the errata is shipped. We will notify you as soon as it goes out. Sorry again. > > -Erinn > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users