[Freeipa-users] freeIPA replication

Fri Dec 11 18:55:33 UTC 2009

Виктор Сергеевич wrote:
> On fedora 11:
> 
> Name        : 389-ds-base                  Relocations: (not
> relocatable)
> Version     : 1.2.2                             Vendor: Fedora Project
> Release     : 1.fc11                        Build Date: Wed 26 Aug 2009
> 12:07:44 AM MSD
> Install Date: Fri 11 Dec 2009 10:46:32 AM MSK      Build Host:
> x86-1.fedora.phx.redhat.com
> Group       : System Environment/Daemons    Source RPM:
> 389-ds-base-1.2.2-1.fc11.src.rpm
> Size        : 5080205                          License: GPLv2 with
> exceptions
> Signature   : RSA/SHA1, Wed 26 Aug 2009 04:34:33 PM MSD, Key ID
> 1dc5c758d22e77f2
> Packager    : Fedora Project
> URL         : http://port389.org/
> Summary     : 389 Directory Server (base)
> 

IIRC in 389-ds 1.2.2 some schema was dropped/modified. If you try to 
replicate between < 1.2.2 and >= 1.2.2 you can get this error because 
the schema isn't defined on one side.

I'm not sure the best way to work around this. Options include:

- sync up the 389-ds versions between your servers. This would likely 
require building your own set of rpms on one or the other.
- add the missing schema to the F-11 server in /etc/dirsrv/schema. This 
has the downside that you'll probably end up broken in other very odd 
some time way into the future.
- modify 99user.ldif on the replicated system and remove the offending 
attributes. At the point in the replica installation where this fails 
the installer is almost done. The only missing steps are the DNS 
configuration and configuring the client.

There may be other options, and again I'm not sure which is the best at 
this point. Rich, what do you think?

rob