On 10/07/2015 09:49 AM, Alex Williams wrote:
yesterday I finally managed to get our IPA3.0.0 servers in a state
that I could upgrade the schema to dogtag 10, using the migration
script and launched a new RHEL7.1 IPA4.1 server as a replica.
Unfortunately, in both the new RHEL7.1 IPA4.1 server AND the old
RHEL6.6 IPA3.0.0 server that I replicated from (Also happens to be our
CRL master), I can no longer search for hosts or DNS entries, or host
groups, either in the UI, or on the command line.
They're there, they show up when you go to the hosts, dns or user page
in a list, but you cannot then refine the search. This is also true of
ipa host-find and ipa hostgroup-find on the command line. Is this a
bug in IPA4.1? Is it a schema issue? Is it just because we still have
an IPA3 server running the show and an IPA4 replica? I can't really
justify dropping our production IPA3 servers, if searching for records
doesn't work in IPA4.1.
I still appear to be able to search in the UI of one of our other IPA3
servers, despite the fact it has had its schema updated and it has
been connected to the new IPA4 server.
Thanks in advance for any help anyone can offer.
can you provide more info please:
* are you kinited as admin user?
* does ipa dnszone-find returns all results?
* does ipa dnszone-find <name of zone> return something?
* does ipa dnszone-show <name of zone> return the zone?
We had issue with access control, where non admin users cannot search
for zones, I'm not sure about hosts, and host groups.
I do not think that this is a schema upgrade issue nor related to Dogtag 10.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project