[Freeipa-users] IPA Error 4205 attribute "idnsAllowTransfer" not allowed
Martin Kosek
mkosek at redhat.com
Mon Jul 30 15:26:13 UTC 2012
On 07/30/2012 03:21 PM, John Blaut wrote:
> Hi
>
> I am following the same issue with Robert.
>
> In /etc/dirsrv/slapd-<DOMAIN>/schema/99user.ldif we can see that these new
> attributes have been added.
Hello John,
I assume that the new attributes were not added to the MAY list in idnsZone
objectclass due to an issue with IPA upgrade which is already described in the
following ticket:
https://fedorahosted.org/freeipa/ticket/2440
The ticket should contain more information about the issue and also an LDIF
that should workaround it until a fix is released.
>
> Unfortunately I couldn't verify using ldapsearch on 'cn=schema' to see if this
> is indeed the case as well within the LDAP data.
>
> However if I browse other pre-existing DNS zones using ldapsearch I see that
> these already have the two attributes in place, so I guess the update procedure
> managed to insert them somehow:
>
> idnsAllowQuery: any;
> idnsAllowTransfer: none;
If I understand it correctly, you have existing DNS zones with there attributes
defined? I assume this would mean that idnsZone objectclass has the attribute
list updated. But then it is quite strange that you get the
'"idnsAllowTransfer" not allowed' error.
Martin
>
> So we are a bit confused that when trying to add a new zone, we get errors due
> to these attributes. This is also preventing us to add new replicas (which
> require new reverse zones).
>
> Regards
>
> John
>
>
> On Mon, Jul 30, 2012 at 2:57 PM, Simo Sorce <simo at redhat.com
> <mailto:simo at redhat.com>> wrote:
>
> On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote:
> > Hi Simo,
> >
> > Thanks for your reply.
> >
> > Yes the IPA server has been updated from 2.1 to 2.2. Prior to the
> > update, DNS zones could be created without any issues.
> >
> > I have also noticed that the command 'ipa ping' is displaying the
> > incorrect IPA server version (IPA server version 2.1.90.rc1. API
> > version 2.34) when infact the IPA server version 2.2.x should be
> > displayed.
>
> This is odd, have you restarted httpd since the update ?
>
> The symptom below seem to suggest somethinhg went wrong in updating the
> DNS schema where we added a few attributes to allow zone transfers.
>
> Can you check the ipaserver-upgrade.log file and see if there are any
> errors in there ?
>
> Simo.
>
> > Regards,
> >
> > Robert..
> >
> >
> > On 27 July 2012 17:29, Simo Sorce <simo at redhat.com
> <mailto:simo at redhat.com>> wrote:
> > On Thu, 2012-07-26 at 09:47 +0200, Robert Bowell wrote:
> > > Hi,
> > >
> > >
> > > I'm encountering a strange problem.. upon trying to add a
> > new DNS zone
> > > the following message is being displayed "attribute
> > > "idnsAllowTransfer" not allowed" and the DNS entry is not
> > created. Has
> > > any one ever encountered such a problem if so what needs to
> > be done to
> > > resolve it ?
> > >
> > >
> > > IPA server version 2.1.3. API version 2.13
> > >
> >
> >
> > Was this server upgraded from a 2.0.x one ?
> >
> > Simo.
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
> >
> >
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list