<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">On 07/25/2014 10:43 AM, Anthony Messina wrote: </div> <blockquote cite="mid:40201877.kqOKMbOcGh@linux-ws1.messinet.com" type="cite"> <pre wrap="">On Friday, July 25, 2014 10:26:55 AM Rich Megginson wrote: </pre> <blockquote type="cite"> <pre wrap="">On 07/25/2014 01:46 AM, Anthony Messina wrote: On Thursday, July 24, 2014 08:44:34 AM Martin Kosek wrote: On 07/23/2014 06:38 PM, Anthony Messina wrote: On Monday, July 21, 2014 01:09:43 PM Ludwig Krispenz wrote: Looks like the schema file was changed, but not added to the list of files to be replaced at upgrade, I will open a 389 ticket and have it in the next release. Could you try t copy file manually for now ? Manually copying the file from /etc/dirsrv/schema/10dna-plugin.ldif to /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif on both of my IPA masters and restarting seems to have eliminated the error. Is there anything else that needs to be done? That should be all. BTW, the schema upgrade error is now fixed in <a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/updates/389-ds-base-1.3.2.20-1.fc20">https://admin.fedoraproject.org/updates/389-ds-base-1.3.2.20-1.fc20</a> With that update, my dirsrv error logs on both of my masters are flooded with the following errors. Issuing 'ipactl restart' several times seems to reduce the incidence: - Connection is NULL and hence cannot access SLAPI_CONN_ID Sorry about that - this will be fixed in 1.3.2.21. </pre> </blockquote> <pre wrap=""> Thank you, Rich. </pre> <blockquote type="cite"> <pre wrap="">Also, I'm not sure if it's related to the above error, but the following are what I find related to the originally reported dnaremotebindmethod issue after upgrading both of my masters. Should the dnaRemoteBindMethod and dnaRemoteConnProtocol have something other than (null) as a value? Should they be the same on each master? ~]# ldapsearch -Y GSSAPI -LLL -s sub -b cn=posix- ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com SASL/GSSAPI authentication started SASL username: <a class="moz-txt-link-abbreviated" href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a> SASL SSF: 56 SASL data security layer installed. dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com objectClass: nsContainer objectClass: top cn: posix-ids dn: dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn =etc,dc=example,dc=com objectClass: dnaSharedConfig objectClass: top dnaHostname: ipa1.example.com dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 199972 dnaRemoteBindMethod: (null) dnaRemoteConnProtocol: (null) This looks wrong. Please file a ticket. </pre> </blockquote> <pre wrap=""> I'm having trouble understanding the problem in order to file a ticket... I first upgraded to 389-ds-base-1.3.2.19-1.fc20.x86_64 where I received the schema errors as well as dna-plugin - dna_update_shared_config: Unable to update shared config entry: dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix- ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com [error 65] I then upgraded to 389-ds-base-1.3.2.20-1.fc20. Unfortunately, I cannot be sure what *should* be present for each of dnaRemoteBindMethod and dnaRemoteConnProtocol *or* if any original values were deleted when I first installed 389-ds-base-1.3.2.19-1.fc20.x86_64. If so, how would I know what the values were?</pre> </blockquote> I'm not sure. What I think is that these should not be present at all - I think they are just copied from the replication agreement configuration. <blockquote cite="mid:40201877.kqOKMbOcGh@linux-ws1.messinet.com" type="cite"> <pre wrap=""> Also, should the ticket be filed against 389, or against FreeIPA?</pre> </blockquote> 389 <blockquote cite="mid:40201877.kqOKMbOcGh@linux-ws1.messinet.com" type="cite"> <pre wrap=""> </pre> <blockquote type="cite"> <pre wrap="">dn: dnaHostname=ipa2.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn =etc,dc=example,dc=com objectClass: dnaSharedConfig objectClass: top dnaHostname: ipa2.example.com dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 0 </pre> </blockquote> <pre wrap=""> Shouldn't the "second" master also have values for dnaRemoteBindMethod and dnaRemoteConnProtocol? </pre> <fieldset class="mimeAttachmentHeader"></fieldset> </blockquote> </body> </html>