> Le 22 juil. 2015 à 17:09, Alexander Bokovoy <aboko...@redhat.com> a écrit : > > On Wed, 22 Jul 2015, Alexandre Ellert wrote: >> >>> Le 20 juil. 2015 à 17:17, Alexander Bokovoy <aboko...@redhat.com> a écrit : >>> >>> On Mon, 20 Jul 2015, Alexandre Ellert wrote: >>>> >>>>> Can you please show output from >>>>> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema >>>> >>>> # fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema >>> >>> This is original 'dc' definition: >>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>> >>> This is the offending one: >>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( >>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D >>> >>>> In 00core.ldif, I have : >>>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' >>>> ) >>>> EQUALITY caseIgnoreIA5Match >>>> SUBSTR caseIgnoreIA5SubstringsMatch >>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 >>>> SINGLE-VALUE >>>> X-ORIGIN 'RFC 4519' >>>> X-DEPRECATED 'domaincomponent' ) >>> If you look into 99user.ldif, you'll see the wrong definition there. >>> >>> 99user.ldif accumulates definitions coming from replication or updates. >>> You can check other IPA masters, do they have 'dc' attribute defined in >>> a wrong way? >> >> I have a second IPA master and here is the occurence of ‘ domaincomponent' >> in /etc/dirsrv/slapd-NUMEEZY-FR/schema : >> In 00core.ldif : >> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >> EQUALITY caseIgnoreIA5Match >> SUBSTR caseIgnoreIA5SubstringsMatch >> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 >> SINGLE-VALUE >> X-ORIGIN 'RFC 4519' >> X-DEPRECATED 'domaincomponent’ ) >> In 99user.ldif : >> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >> D >> ESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgn >> oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI >> GIN ( 'RFC 2247' 'user defined' ) ) >> >> This two definition are exactly the same on both IPA masters. >> >> I don’t understand what is wrong in 99user.ldif ? How can I correct with the >> good definition ? > The correct definition is in the 00core.ldif. The one in 99user.ldif is > wrong. > > I think you can remove it from 99user.ldif on both servers but you need > to shut down dirsrv instances on both to do that. > -- > / Alexander Bokovoy
I shut down IPA on both servers (ipactl stop) and removed this section in 99user.ldif : > attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D > ESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgn > oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORI > GIN ( 'RFC 2247' 'user defined' ) ) But still have the same behavior (pki-tomcatd don’t start, same errors in logs). Do you have another idea ? Thanks for your support
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
