Re: [Freeipa-users] .LDAPUpdate: ERROR Add failure missing required attribute "objectclass"
On 04/11/2015 09:51 PM, Traiano Welcome wrote: > Hi > > I got this error while installing an IPA replica of my primary master > IDM server: > > ".LDAPUpdate: ERRORAdd failure missing required attribute "objectclass" > > > Replica add command: > > ipa-replica-install --setup-ca --setup-dns --no-forwarders > /var/lib/ipa/replica-info-siteX-idm-slve.lol.local.gpg > > A little more context: > > > --- > . > . > . > > Done configuring ipa-otpd. > Applying LDAP updates > ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure > missing required attribute "objectclass" > ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure > missing required attribute "objectclass" > ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure > missing required attribute "objectclass" > ipa : ERRORAnonymous ACI not found, cannot update it > Restarting the directory server > Restarting the KDC > Restarting the certificate server > Using reverse zone xxx.16.172.in-addr.arpa. > > --- > > What does this error mean? If it's suggesting that somehow a key ldap > attribute was not created, how can I fix this? Most probably, update process tried to add members to some object/role/privilege, it did not exist so it tried to add just the members, which failed as objectclass is required for new objects. We would need to see ipareplica-install.log, to see which attribute it was. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] .LDAPUpdate: ERROR Add failure missing required attribute "objectclass"
Hi Dmitri Thanks for the response. On Mon, Apr 13, 2015 at 5:14 AM, Dmitri Pal wrote: > On 04/11/2015 03:51 PM, Traiano Welcome wrote: >> >> Hi >> >> I got this error while installing an IPA replica of my primary master >> IDM server: >> >> ".LDAPUpdate: ERRORAdd failure missing required attribute >> "objectclass" >> >> >> Replica add command: >> >> ipa-replica-install --setup-ca --setup-dns --no-forwarders >> /var/lib/ipa/replica-info-siteX-idm-slve.lol.local.gpg >> >> A little more context: >> >> >> --- >> . >> . >> . >> >> Done configuring ipa-otpd. >> Applying LDAP updates >> ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure >> missing required attribute "objectclass" >> ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure >> missing required attribute "objectclass" >> ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure >> missing required attribute "objectclass" >> ipa : ERRORAnonymous ACI not found, cannot update it >> Restarting the directory server >> Restarting the KDC >> Restarting the certificate server >> Using reverse zone xxx.16.172.in-addr.arpa. >> >> --- >> >> What does this error mean? If it's suggesting that somehow a key ldap >> attribute was not created, how can I fix this? >> >> Thanks in advance, >> Traiano >> > > > You are probably installing a replica on a server that has different version > than the server that created the initial replica file. > What are the versions you are working with? > That's possible, but very unlikely, I installed master and replicas of the same .iso, to make sure of no package variations in repos. CentOS 7.0 with this set of packages off the installation CD: --- ipa-admintools-3.3.3-28.el7.centos.x86_64.rpm ipa-client-3.3.3-28.el7.centos.x86_64.rpm ipa-gothic-fonts-003.03-5.el7.noarch.rpm ipa-mincho-fonts-003.03-5.el7.noarch.rpm ipa-pgothic-fonts-003.03-5.el7.noarch.rpm ipa-pmincho-fonts-003.03-5.el7.noarch.rpm ipa-python-3.3.3-28.el7.centos.x86_64.rpm ipa-server-3.3.3-28.el7.centos.x86_64.rpm ipa-server-trust-ad-3.3.3-28.el7.centos.x86_64.rpm python-sssdconfig-1.11.2-65.el7.noarch.rpm sssd-1.11.2-65.el7.x86_64.rpm sssd-ad-1.11.2-65.el7.x86_64.rpm sssd-client-1.11.2-65.el7.x86_64.rpm sssd-common-1.11.2-65.el7.x86_64.rpm sssd-common-pac-1.11.2-65.el7.x86_64.rpm sssd-ipa-1.11.2-65.el7.x86_64.rpm sssd-krb5-1.11.2-65.el7.x86_64.rpm sssd-krb5-common-1.11.2-65.el7.x86_64.rpm sssd-ldap-1.11.2-65.el7.x86_64.rpm sssd-proxy-1.11.2-65.el7.x86_64.rpm --- I any case, I think I've 'overwritten' the problem by upgrading to FreeIPA 4.1.0 ... This seems to have fixed that particular problem. > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] .LDAPUpdate: ERROR Add failure missing required attribute "objectclass"
On 04/11/2015 03:51 PM, Traiano Welcome wrote: Hi I got this error while installing an IPA replica of my primary master IDM server: ".LDAPUpdate: ERRORAdd failure missing required attribute "objectclass" Replica add command: ipa-replica-install --setup-ca --setup-dns --no-forwarders /var/lib/ipa/replica-info-siteX-idm-slve.lol.local.gpg A little more context: --- . . . Done configuring ipa-otpd. Applying LDAP updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure missing required attribute "objectclass" ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure missing required attribute "objectclass" ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERRORAdd failure missing required attribute "objectclass" ipa : ERRORAnonymous ACI not found, cannot update it Restarting the directory server Restarting the KDC Restarting the certificate server Using reverse zone xxx.16.172.in-addr.arpa. --- What does this error mean? If it's suggesting that somehow a key ldap attribute was not created, how can I fix this? Thanks in advance, Traiano You are probably installing a replica on a server that has different version than the server that created the initial replica file. What are the versions you are working with? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
