Rob, I got past this, as you indicated, by doing that after first running: # ipa-ldap-updater --ldapi ./schema.update
Using a schema.update tip file I found in a note from you after some hard core googling. Should that extra step have been necessary? * * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Tue, Aug 13, 2013 at 3:39 PM, Rob Crittenden <[email protected]> wrote: > Bret Wortman wrote: > >> I tried this, but no joy: >> >> # /usr/sbin/ipa-upgradeconfig --debug >> : >> : >> DEBUG: caSignedLogCert.cfg >> <http://bl-1.com/click/load/**VWRaa1w-b0221U28CYQNlAT4-b0231<http://bl-1.com/click/load/VWRaa1w-b0221U28CYQNlAT4-b0231> >> **> profile >> >> validity range is 720 >> INFO: [Certificate renewal should stop the CA] >> ERROR: Unable to find certmonger request ID for auditSigning Cert >> INFO: The ipa-upgradeconfig command was successful >> # >> > > Run getcert list and sift through the output and see if you have a request > tracking for nickname auditSigningCert cert-pki-ca (or similar). > > But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error >> every time, and /var/log/httpd/error_log shows, in part: >> >> [Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: >> 'ipadnszone' >> [Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO: >> [email protected] <mailto:[email protected]>: json_metadata(None, None, >> >> object=u'all'): KeyError >> [Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO: >> [email protected] <mailto:[email protected]>: json_metadata(None, None, >> command=u'all'): SUCCESS >> >> DNS resolution, authentication and authorization all /appear/ to be >> working fine. >> > > The DNS schema was not updated properly. I'd run: > > # ipa-ldap-updater --upgrade > > rob > >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
