[Freeipa-users] Upgrading to 6.4
Rob Crittenden
rcritten at redhat.com
Thu Feb 21 16:34:11 UTC 2013
Erinn Looney-Triggs wrote:
> On 02/21/2013 09:07 AM, Rob Crittenden wrote:
>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember'
>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch
>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>> X-ORIGIN 'IPA v3' )
>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup'
>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$
>> description $$ owner) X-ORIGIN 'IPA v3' )
>
> Well that fails as well, though in sort of a self inflicted way:
>
> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed,
> exception: DatabaseError: Server is unwilling to perform: Minimum SSF
> not met. arguments: base="cn=config,cn=ldbm
> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)"
> 2013-02-21T16:24:30Z ERROR Unexpected error - see
> /var/log/ipaupgrade.log for details:
> DatabaseError: Server is unwilling to perform: Minimum SSF not met.
> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config",
> scope=0, filterstr="(objectclass=*)"
>
>
> Now this probably comes about because I set:
> nsslapd-minssf: 56
> For security.
>
> I can cange that back to the default and probably move past this, but is
> that a known issue? Is there another way around?
As root try the --ldapi flag:
# ipa-ldap-updater --ldapi /path/to/scheme.update
rob
More information about the Freeipa-users
mailing list