> Le 22 juil. 2015 à 17:43, Alexander Bokovoy <aboko...@redhat.com> a écrit : > > On Wed, 22 Jul 2015, Alexandre Ellert wrote: >> >>> Le 22 juil. 2015 à 17:09, Alexander Bokovoy <aboko...@redhat.com> a écrit : >>> >>> On Wed, 22 Jul 2015, Alexandre Ellert wrote: >>>> >>>>> Le 20 juil. 2015 à 17:17, Alexander Bokovoy <aboko...@redhat.com> a écrit >>>>> : >>>>> >>>>> On Mon, 20 Jul 2015, Alexandre Ellert wrote: >>>>>> >>>>>>> Can you please show output from >>>>>>> fgrep -r 'dc' /etc/dirsrv/slapd-INSTANCE/schema >>>>>> >>>>>> # fgrep -r 'dc' /etc/dirsrv/slapd-NUMEEZY-FR/schema >>>>> >>>>> This is original 'dc' definition: >>>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( >>>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) >>>>> >>>>> This is the offending one: >>>>>> /etc/dirsrv/slapd-NUMEEZY-FR/schema/99user.ldif:attributeTypes: ( >>>>>> 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) D >>>>> >>>>>> In 00core.ldif, I have : >>>>>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' >>>>>> 'domaincomponent' ) >>>>>> EQUALITY caseIgnoreIA5Match >>>>>> SUBSTR caseIgnoreIA5SubstringsMatch >>>>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 >>>>>> SINGLE-VALUE >>>>>> X-ORIGIN 'RFC 4519' >>>>>> X-DEPRECATED 'domaincomponent' ) >>>>> If you look into 99user.ldif, you'll see the wrong definition there. >>>>> >>>>> 99user.ldif accumulates definitions coming from replication or updates. >>>>> You can check other IPA masters, do they have 'dc' attribute defined in >>>>> a wrong way? >>>> >>>> I have a second IPA master and here is the occurence of ‘ domaincomponent' >>>> in /etc/dirsrv/slapd-NUMEEZY-FR/schema : >>>> In 00core.ldif : >>>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' >>>> ) >>>> EQUALITY caseIgnoreIA5Match >>>> SUBSTR caseIgnoreIA5SubstringsMatch >>>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 >>>> SINGLE-VALUE >>>> X-ORIGIN 'RFC 4519' >>>> X-DEPRECATED 'domaincomponent’ ) >>>> In 99user.ldif : >>>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' >>>> ) D >>>> ESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR >>>> caseIgn >>>> oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE >>>> X-ORI >>>> GIN ( 'RFC 2247' 'user defined' ) ) >>>> >>>> This two definition are exactly the same on both IPA masters. >>>> >>>> I don’t understand what is wrong in 99user.ldif ? How can I correct with >>>> the good definition ? >>> The correct definition is in the 00core.ldif. The one in 99user.ldif is >>> wrong. >>> >>> I think you can remove it from 99user.ldif on both servers but you need >>> to shut down dirsrv instances on both to do that. >>> -- >>> / Alexander Bokovoy >> >> I shut down IPA on both servers (ipactl stop) and removed this section in >> 99user.ldif : >>> attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' >>> ) D >>> ESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR >>> caseIgn >>> oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE >>> X-ORI >>> GIN ( 'RFC 2247' 'user defined' ) ) >> >> But still have the same behavior (pki-tomcatd don’t start, same errors >> in logs). Do you have another idea ? > We need to find out where the definition comes from. > > Can you give me output of > # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv > from both servers?
Server 1: # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) Server 2 : # fgrep -r 0.9.2342.19200300.100.1.25 /etc/dirsrv /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) /etc/dirsrv/slapd-NUMEEZY-FR/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) > > With correct setup IPA 4.x should show: > /etc/dirsrv/schema/00core.ldif:attributeTypes: ( 0.9.2342.19200300.100.1.25 > NAME ( 'dc' 'domaincomponent' ) > /etc/dirsrv/slapd-EXAMPLE-COM/schema/00core.ldif:attributeTypes: ( > 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) > > I.e. there are two lines -- in the default schema and in the IPA > instance schema. — Seems to be good ?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
