Rob Crittenden via FreeIPA-users
writes:
> Jochen Kellner via FreeIPA-users wrote:
>>
>> Hi,
>>
>> I'm about to decomission one of my IPA replicas running on up to date
>> fedora 35 (freeipa-server-common-4.9.7-4.fc35.noarch). On my CA renewal
>> master (freeipa1.example.org) I try to remove
On Centos 7
389-ds-base-snmp-1.3.9.1-13.el7_7.x86_64
389-ds-base-libs-1.3.9.1-13.el7_7.x86_64
389-ds-base-1.3.9.1-13.el7_7.x86_64
389-ds-base-debuginfo-1.3.9.1-13.el7_7.x86_64
On Centos 8 Stream
389-ds-base-1.4.3.23-7.module_el8.5.0+889+90e0384f.x86_64
Hi,
the error looks similar to https://github.com/389ds/389-ds-base/issues/4872.
The CentOS 8 Streams master probably has a version of 389ds that doesn't
contain the fix, and has entryuuid plugin enabled (that generates an
entryuuid attribute). The schema failed to be replicated to the CentOS 7
Jochen Kellner via FreeIPA-users wrote:
>
> Hi,
>
> I'm about to decomission one of my IPA replicas running on up to date
> fedora 35 (freeipa-server-common-4.9.7-4.fc35.noarch). On my CA renewal
> master (freeipa1.example.org) I try to remove freeipa4.example.org:
>
> [root@freeipa1 ~]# ipa
Hi,
On my Centos 7 master there was this error message
[19/Nov/2021:11:16:11.863597190 +0100] - ERR - oc_check_allowed_sv - Entry
"ipaUniqueID=b2211c08-4921-11ec-974b-509a4c9d3b10,cn=sudorules,cn=sudo,dc=example,dc=com"
-- attribute "entryuuid" not allowed
[19/Nov/2021:11:16:26.331298112
I've found an older thread where you've given some recommendations on how to
change this via LDAP. I've fixed this by applying the following:
ldapmodify -D 'cn=Directory Manager' -W << EOF
dn: cn=REDACTED-DOMAIN.COM_id_range,cn=ranges,cn=etc,dc=redacted-domain,dc=com
changetype: modify
add:
Hi,
Sorry the delay in getting back to you, I tried ipactl restart and that
resolved issue.
Many Thanks for helping me solving this issue.
Tania
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Hi Sam,
Thanks for the insight. I've deployed all IPA servers via freeipa ansible
collection, all of them defined as CAs.
I've fixed the issue for now but in a slightly different way (before your
reply):
mv /var/lib/ipa/private/httpd.key ./
mv /var/lib/ipa/certs/httpd.crt ./
ipa-getcert request