Rob, I got past this, as you indicated, by doing that after first running:

# ipa-ldap-updater --ldapi ./schema.update

Using a schema.update tip file I found in a note from you after some hard
core googling. Should that extra step have been necessary?


*
*
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret


On Tue, Aug 13, 2013 at 3:39 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> Bret Wortman wrote:
>
>> I tried this, but no joy:
>>
>> # /usr/sbin/ipa-upgradeconfig --debug
>> :
>> :
>> DEBUG: caSignedLogCert.cfg
>> <http://bl-1.com/click/load/**VWRaa1w-b0221U28CYQNlAT4-b0231<http://bl-1.com/click/load/VWRaa1w-b0221U28CYQNlAT4-b0231>
>> **> profile
>>
>> validity range is 720
>> INFO: [Certificate renewal should stop the CA]
>> ERROR: Unable to find certmonger request ID for auditSigning Cert
>> INFO: The ipa-upgradeconfig command was successful
>> #
>>
>
> Run getcert list and sift through the output and see if you have a request
> tracking for nickname auditSigningCert cert-pki-ca (or similar).
>
>  But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
>> every time, and /var/log/httpd/error_log shows, in part:
>>
>> [Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError:
>> 'ipadnszone'
>> [Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO:
>> br...@foo.net <mailto:br...@foo.net>: json_metadata(None, None,
>>
>> object=u'all'): KeyError
>> [Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO:
>> br...@foo.net <mailto:br...@foo.net>: json_metadata(None, None,
>> command=u'all'): SUCCESS
>>
>> DNS resolution, authentication and authorization all /appear/ to be
>> working fine.
>>
>
> The DNS schema was not updated properly. I'd run:
>
> # ipa-ldap-updater --upgrade
>
> rob
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to