[Freeipa-users] Upgrading to 6.4

Erinn Looney-Triggs erinn.looneytriggs at gmail.com
Thu Feb 21 16:44:32 UTC 2013 

On 02/21/2013 09:40 AM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 02/21/2013 09:34 AM, Rob Crittenden wrote:
>>> Erinn Looney-Triggs wrote:
>>>> On 02/21/2013 09:07 AM, Rob Crittenden wrote:
>>>>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME
>>>>> 'ipaExternalMember'
>>>>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch
>>>>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>>>>> X-ORIGIN 'IPA v3' )
>>>>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup'
>>>>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$
>>>>> description $$ owner) X-ORIGIN 'IPA v3' )
>>>>
>>>> Well that fails as well, though in sort of a self inflicted way:
>>>>
>>>> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed,
>>>> exception: DatabaseError: Server is unwilling to perform: Minimum SSF
>>>> not met. arguments: base="cn=config,cn=ldbm
>>>> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)"
>>>> 2013-02-21T16:24:30Z ERROR Unexpected error - see
>>>> /var/log/ipaupgrade.log for details:
>>>> DatabaseError: Server is unwilling to perform: Minimum SSF not met.
>>>> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config",
>>>> scope=0, filterstr="(objectclass=*)"
>>>>
>>>>
>>>> Now this probably comes about because I set:
>>>> nsslapd-minssf: 56
>>>> For security.
>>>>
>>>> I can cange that back to the default and probably move past this,
>>>> but is
>>>> that a known issue? Is there another way around?
>>>
>>> As root try the --ldapi flag:
>>>
>>> # ipa-ldap-updater --ldapi /path/to/scheme.update
>>>
>>> rob
>>>
>>
>> ERROR: LDAPUpdate: syntax error:
>>    dn is not defined in the update, data source=schema.update
>>
>> -Erinn
>>
> 
> Sorry, add this to the top of your update file:
> 
> dn: cn=schema
> 
> rob

No worries! Thanks for the help, after a restart of IPA the web UI is
working again. I reckon this is something that needs to be fixed, does
opening a support case and pointing them to that bug help you folks out
with this in any way?

-Erinn

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130221/06664d1a/attachment.sig>

More information about the Freeipa-users mailing list