Thanks for the feedback.
It seems the attributeType was already there. Nevertheless I tried your
suggested fix but I did not help.
ipa config-show and likewise the UI does not show SELinux related settings.
On Tue, May 7, 2013 at 11:51 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> John Blaut wrote:
>> We found out recently that an IPA server which we upgraded some time ago
>> from EL6.2/IPA 2.1 to EL6.3/IPA 2.2, reported the following errors:
>> ERROR Update failed: Object class violation: attribute
>> "ipaSELinuxUserMapOrder" not allowed
>> ERROR Upgrade failed with attribute "idnsAllowQuery" not allowed
>> The latter error we resolved by applying the patch found @
>> fact we used this fix
>> on another server in the past).
>> Unfortunately we do not have a solution for the first error (related to
>> ipaSELinuxUserMapOrder). Any ideas?
>> We do have plans to upgrade the mentioned server to EL 6.4 / IPA 3.0,
>> but I doubt this would be safe to do before we resolve the above error
> Updating might be fine, but it shouldn't be too hard to fix first.
> I'd start by getting the current schema:
> ldapsearch -x -b cn=schema objectclasses attributetypes >
> See if ipaSELinuxUserMapOrder is defined as an attributeType.
> It looks like there is an error in the update file that adds this
> attribute, so it may not be there. Look in
> and you'll see this line duplicated:
> X-ORIGIN 'IPA v3')
> If so, I'd try to remove the extra line and run:
> ipa-ldap-updater /usr/share/ipa/updates/10-**selinuxusermap.update
> That should fix it.
Freeipa-users mailing list