[Freeipa-devel] Woes updating and oldish devel server to latest master
Simo Sorce
simo at redhat.com
Wed Jun 11 17:32:46 UTC 2014
On Wed, 2014-06-11 at 13:30 -0400, Simo Sorce wrote:
> On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote:
> > On 06/11/2014 06:58 PM, Simo Sorce wrote:
> > > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
> > >> On 06/11/2014 06:45 PM, Simo Sorce wrote:
> > >>> On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
> > >>>> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
> > >>
> > >>>>
> > >>>> Do the installed schema files have ipatokenHOTP? Did you dump the schema
> > >>>> from 389DS to see if this object class is present?
> > >>>
> > >>> They are not. The schema files in /usr/share/ipa do have the
> > >>> objectclasses, but the server schema has not been updated (or the update
> > >>> failed).
> > >>
> > >> Can you check /var/log/ipaupgrade.log to see why the upgrade failed? Or
> > >> send it and I can check.
> > >
> > > Uhmm it failed because I previously had one of the getkeytab attributes
> > > in the server but we later changed its OID when the feature was
> > > deferred... sigh ...
> >
> > Yeah, that would be a problem.
> >
> > > I now have removed the offending attributes by turning off dirsrv and
> > > manually removing them from 99user.ldif, but running ipa-ldap-updater
> > > does not seem to do try to add the missing schema ...
> >
> > Are you saying there's nothing about schema in the log?
>
> Not for following ipa-ldap-update runs ... they seem to actually fail
> with a timeout ... investigating.
Nevermind, I re-run ipa-ldap-updater and this time it is trying (but it
found another of the old attributes I hadn't deleted. I don't know why
previous attempts at running ipa-ldap-updater failed, but I did reboot
the machine since ... so maybe there was something wonky about DS.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list