On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote:
After doing a yum update on April 14 we are experiencing this error on an ipa
user-add:
    ipa: ERROR: missing attribute "nisMapName" required by object class
    "nisMap"
The /var/log/ipaupgrade.log is too large to attach but I didn't see any obvious
errors in it.

After the update the versions are:
    ipa-server-4.2.0-15.el7_2.6.1.x86_64
    389-ds-base-1.3.4.0-29
The dirsrv instance log has this error:
    [19/Apr/2016:09:48:44 -0500] - Entry
    "uid=testuser,cn=users,cn=accounts,dc=uofmt1" missing attribute
    "nisMapName" required by object class "nisMap"
Default user object classes do not include nisMap object class. Did you
add that yourself?

Looking at the schema for the instance the attribute seems to be there:
    cd /etc/dirsrv/slapd-UOFMT1/schema
    grep nisMapName *
    10rfc2307.ldif:attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
    DESC 'Standard LDAP attribute type' SYNTAX
    1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' )
    10rfc2307.ldif:objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
    DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $
    nisMapEntry $ nisMapName ) MAY ( description ) X-ORIGIN 'RFC 2307' )
    10rfc2307.ldif:objectClasses: ( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC
    'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( nisMapName )
    MAY ( description ) X-ORIGIN 'RFC 2307' )
    99user.ldif: lass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $
    nisMapName ) MAY descripti
    99user.ldif: s' SUP top STRUCTURAL MUST nisMapName MAY description X-
    ORIGIN ( 'RFC 2307' '
    99user.ldif:attributeTypes: ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC
    'Standard LDAP attri
I've attached the dirsrv instance 10rfc2307.ldif and 99user.ldif. It doesn't
make sense that 99user.ldif has an nisMap objectclass in it. Or is this
something the upgrade it trying to override?
99user.ldif accumulates all schema changes that come through replication
or via updates.
Can you show full entry for uid=testuser (filter userPassword field) and also 
output of

$ ipa config-show --all|grep objectclass
 Default group objectclasses: top, ipaobject, groupofnames, ipausergroup, 
nestedgroup
 Default user objectclasses: ipaobject, person, top, ipasshuser, inetorgperson, 
organizationalperson, krbticketpolicyaux, krbprincipalaux, inetuser, 
posixaccount
 objectclass: ipaConfigObject, nsContainer, top, ipaGuiConfig, 
ipaUserAuthTypeClass


Since this IPA server was first installed these updates have been applied:
    grep 'IPA version' /var/log/ipaupgrade.log
    2016-02-02T15:47:48Z DEBUG IPA version 4.2.0-15.el7_2.3
    2016-03-25T19:21:18Z DEBUG IPA version 4.2.0-15.el7_2.6
    2016-03-25T19:33:21Z DEBUG IPA version 4.2.0-15.el7_2.6
    2016-03-25T19:42:23Z DEBUG IPA version 4.2.0-15.el7_2.6
    2016-04-14T15:47:31Z DEBUG IPA version 4.2.0-15.el7_2.6.1
    2016-04-14T15:56:50Z DEBUG IPA version 4.2.0-15.el7_2.6.1
    2016-04-14T16:12:58Z DEBUG IPA version 4.2.0-15.el7_2.6.1
    2016-04-14T16:22:07Z DEBUG IPA version 4.2.0-15.el7_2.6.1
Difference between -15.el7_2.6 and -15.el7_2.6.1 is a rebuild against
updated Samba version.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to