[Freeipa-devel] [PATCH 0087] Fix: missing records in 40-dns.update
Petr Spacek
pspacek at redhat.com
Thu Jul 3 18:57:06 UTC 2014
On 3.7.2014 19:34, Martin Basti wrote:
> On Thu, 2014-07-03 at 14:59 +0200, Petr Spacek wrote:
>> On 2.7.2014 10:32, Petr Spacek wrote:
>>> On 2.7.2014 10:23, Martin Basti wrote:
>>>> On Wed, 2014-07-02 at 09:40 +0200, Petr Spacek wrote:
>>>>> On 1.7.2014 17:28, Martin Basti wrote:
>>>>>> Patch attached
>>>>>
>>>>> I'm not able to apply it on top of current master
>>>>> (21e1e4ac3bd62c20c6331ea3dc09793e3a869c22).
>>>>>
>>>> Sorry I lost myself in ACIs, it depends on the patch mbasti-0084-2 and
>>>> 0085-2
>>>
>>> Okay, I will test it when you send new versions of 0084 and 0085.
>>
>> NACK. It doesn't work for me for some reason, tlsarecord was not added to aci
>> for some reason.
>>
>> The same problem applies to DLVRecord and nSEC3PARAMRecord. DS record seems to
>> be okay.
>>
>
> Updated patch attached
Sorry, NACK! ;-)
Upgrade from 3.3.5 died with error in ipa-ldap-updater:
Parsing update file '/usr/share/ipa/updates/40-dns.update'
Updating existing entry: cn=IPA DNS,cn=plugins,cn=config
Done
Updating existing entry: cn=dns,dc=ipa,dc=example
Unexpected error - see /var/log/ipaupgrade.log for details:
InvalidSyntax: targetattr "idnsforwarders dlvrecord" does not exist in schema.
Please add attributeTypes "idnsforwarders dlvrecord" to schema if necessary.
ACL Syntax Error(-5):(targetattr = \22idnsname || cn || idnsallowdynupdate ||
dnsttl || dnsclass || arecord || aaaarecord || a6record || nsrecord ||
cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord ||
hinforecord || minforecord || afsdbrecord || sigrecord || keyrecord ||
locrecord || nxtrecord || naptrrecord || kxrecord || certrecord || dnamerecord
|| dsrecord || sshfprecord || rrsigrecord || nsecrecord || idnsname ||
idnszoneactive || idnssoamname || idnssoarname || idnssoaserial ||
idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum ||
idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr ||
idnsforwardpolicy || idnsforwarders dlvrecord || idnssecinlinesigning ||
nsec3paramrecord || tlsarecord\22)(target =
\22ldap:///idnsname=\2a,cn=dns,dc=ipa,dc=example\22)(version 3.0;acl \22Update
DNS entries in a zone\22;allow (write) userattr =
\22parent[0,1].managedby#GROUPDN\22;): Invalid syntax.
/var/log/ipaupgrade.log says this:
2014-07-03T18:52:48Z DEBUG Final value after applying updates
2014-07-03T18:52:48Z DEBUG dn: cn=dns,dc=ipa,dc=example
2014-07-03T18:52:48Z DEBUG objectClass:
2014-07-03T18:52:48Z DEBUG nsContainer
2014-07-03T18:52:48Z DEBUG top
2014-07-03T18:52:48Z DEBUG idnsConfigObject
2014-07-03T18:52:48Z DEBUG idnsConfigObject
2014-07-03T18:52:48Z DEBUG aci:
2014-07-03T18:52:48Z DEBUG (target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Add DNS
entries in a zone";allow (add) userattr = "parent[1].manage
dby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG (target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Remove DNS
entries from a zone";allow (delete) userattr = "parent[1
].managedby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG (targetattr = "idnsname || cn ||
idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record
|| nsrecord || cnamerecord ||
ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord ||
minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord
|| naptrrecord |
| kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord ||
rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname ||
idnssoarname || idnssoaseria
l || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum ||
idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr ||
idnsforwardpolicy ||
idnsforwarders")(target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Update DNS
entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROU
PDN";)
2014-07-03T18:52:48Z DEBUG (targetattr = "*")(version 3.0; acl "Allow
read access"; allow (read,search,compare) groupdn = "ldap:///cn=Read DNS
Entries,cn=permissions,cn
=pbac,dc=ipa,dc=example" or userattr = "parent[0,1].managedby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG (target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Add DNS
entries in a zone";allow (add) userattr = "parent[1].manage
dby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG (target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Remove DNS
entries from a zone";allow (delete) userattr = "parent[1
].managedby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG (targetattr = "idnsname || cn ||
idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record
|| nsrecord || cnamerecord ||
ptrrecord || srvrecord || txtrecord || mxrecord || mdrecord || hinforecord ||
minforecord || afsdbrecord || sigrecord || keyrecord || locrecord || nxtrecord
|| naptrrecord |
| kxrecord || certrecord || dnamerecord || dsrecord || sshfprecord ||
rrsigrecord || nsecrecord || idnsname || idnszoneactive || idnssoamname ||
idnssoarname || idnssoaseria
l || idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum ||
idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr ||
idnsforwardpolicy ||
idnsforwarders dlvrecord || idnssecinlinesigning || nsec3paramrecord ||
tlsarecord")(target = "ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version
3.0;acl "Update DNS entries in a zone";allow (write) userattr =
"parent[0,1].managedby#GROUPDN";)
2014-07-03T18:52:48Z DEBUG cn:
2014-07-03T18:52:48Z DEBUG dns
2014-07-03T18:52:48Z DEBUG [(0, u'aci', ['(targetattr = "idnsname || cn ||
idnsallowdynupdate || dnsttl || dnsclass || arecord || aaaarecord || a6record
|| nsrecord || cnamerecord || ptrrecord || srvrecord || txtrecord || mxrecord
|| mdrecord || hinforecord || minforecord || afsdbrecord || sigrecord ||
keyrecord || locrecord || nxtrecord || naptrrecord || kxrecord || certrecord
|| dnamerecord || dsrecord || sshfprecord || rrsigrecord || nsecrecord ||
idnsname || idnszoneactive || idnssoamname || idnssoarname || idnssoaserial ||
idnssoarefresh || idnssoaretry || idnssoaexpire || idnssoaminimum ||
idnsupdatepolicy || idnsallowquery || idnsallowtransfer || idnsallowsyncptr ||
idnsforwardpolicy || idnsforwarders dlvrecord || idnssecinlinesigning ||
nsec3paramrecord || tlsarecord")(target =
"ldap:///idnsname=*,cn=dns,dc=ipa,dc=example")(version 3.0;acl "Update DNS
entries in a zone";allow (write) userattr = "parent[0,1].managedby#GROUPDN";)'])]
2014-07-03T18:52:48Z DEBUG Live 1, updated 1
2014-07-03T18:52:48Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py", line
213, in run
modified = ld.update(self.files, ordered=True) or modified
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 859, in update
self._run_updates(all_updates)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 791, in _run_updates
self._update_record(update)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 712, in _update_record
self.conn.update_entry(entry)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1622, in
update_entry
self.conn.modify_s(entry.dn, modlist)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1183, in
error_handler
raise errors.InvalidSyntax(attr=info)
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list