On 02/26/2013 06:10 PM, Erinn Looney-Triggs wrote:
On 02/26/2013 12:08 PM, Martin Kosek wrote:
On 02/26/2013 06:05 PM, Erinn Looney-Triggs wrote:
On 02/26/2013 10:29 AM, Dmitri Pal wrote:
On 02/21/2013 12:31 PM, Dmitri Pal wrote:
On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote:
On 02/21/2013 09:40 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 02/21/2013 09:34 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 02/21/2013 09:07 AM, Rob Crittenden wrote:
add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME
'ipaExternalMember' DESC 'External Group Member
Identifier' EQUALITY caseIgnoreMatch ORDERING
caseIgnoreOrderingMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME
'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY (
ipaExternalMember $$ memberOf $$ description $$ owner)
X-ORIGIN 'IPA v3' )
Well that fails as well, though in sort of a self inflicted
way:
2013-02-21T16:24:30Z INFO The ipa-ldap-updater command
failed, exception: DatabaseError: Server is unwilling to
perform: Minimum SSF not met. arguments:
base="cn=config,cn=ldbm database,cn=plugins,cn=config",
scope=0, filterstr="(objectclass=*)" 2013-02-21T16:24:30Z
ERROR Unexpected error - see /var/log/ipaupgrade.log for
details: DatabaseError: Server is unwilling to perform:
Minimum SSF not met. arguments: base="cn=config,cn=ldbm
database,cn=plugins,cn=config", scope=0,
filterstr="(objectclass=*)"
Now this probably comes about because I set: nsslapd-minssf:
56 For security.
I can cange that back to the default and probably move past
this, but is that a known issue? Is there another way
around?
As root try the --ldapi flag:
# ipa-ldap-updater --ldapi /path/to/scheme.update
rob
ERROR: LDAPUpdate: syntax error: dn is not defined in the
update, data source=schema.update
-Erinn
Sorry, add this to the top of your update file:
dn: cn=schema
rob
No worries! Thanks for the help, after a restart of IPA the web UI
is working again. I reckon this is something that needs to be fixed,
does opening a support case and pointing them to that bug help you
folks out with this in any way?
This is a know defect. We just did not realize it would have such a
bad impact on upgrade. Sorry, the errata is on the way.
I would recommend everyone to not upgrade to 6.4 until the errata is
shipped. We will notify you as soon as it goes out.
Sorry again.
We did some research of this issue: 1) The upgrade works fine from 6.3
to 6.4 and the issue does not exhibit itself 2) We have been able to
reproduce it with the direct upgrade from 6.2 to 6.4 3) Since the
expected upgrade part is 6.2 -> 6.3 -> 6.4 the question comes up whether
this fix is actually that urgent. 4) In the presence of the simple
workaround we feel that it is not that important to include this fix
into the errata that we are working on.
Please let us know if you think that there is a problem with the plan
above.
Well all I can tell you on this, is that mine was an upgrade from 6.3 to
6.4, so there is a case where it will fail going from 6.3 to 6.4, but how
applicable it is I can't say.
Hi Erinn,
Is 6.3 the original RHEL version where IPA server was installed? Or was IPA
installed on RHEL-6.2 and then you upgraded RHEL to 6.3?
Thank you,
Martin
These systems have gone through all the point releases from 6 on up I
believe.
-Erinn
Ok, then this use case is also covered by the upcoming 6.4 fix. I just wanted
to check that.
Thanks,
Martin
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
