[Freeipa-users] Upgrading to 6.4

Dmitri Pal dpal at redhat.com
Thu Feb 21 17:31:22 UTC 2013 

On 02/21/2013 11:44 AM, Erinn Looney-Triggs wrote:
> On 02/21/2013 09:40 AM, Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> On 02/21/2013 09:34 AM, Rob Crittenden wrote:
>>>> Erinn Looney-Triggs wrote:
>>>>> On 02/21/2013 09:07 AM, Rob Crittenden wrote:
>>>>>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME
>>>>>> 'ipaExternalMember'
>>>>>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch
>>>>>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
>>>>>> X-ORIGIN 'IPA v3' )
>>>>>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup'
>>>>>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$
>>>>>> description $$ owner) X-ORIGIN 'IPA v3' )
>>>>> Well that fails as well, though in sort of a self inflicted way:
>>>>>
>>>>> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed,
>>>>> exception: DatabaseError: Server is unwilling to perform: Minimum SSF
>>>>> not met. arguments: base="cn=config,cn=ldbm
>>>>> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)"
>>>>> 2013-02-21T16:24:30Z ERROR Unexpected error - see
>>>>> /var/log/ipaupgrade.log for details:
>>>>> DatabaseError: Server is unwilling to perform: Minimum SSF not met.
>>>>> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config",
>>>>> scope=0, filterstr="(objectclass=*)"
>>>>>
>>>>>
>>>>> Now this probably comes about because I set:
>>>>> nsslapd-minssf: 56
>>>>> For security.
>>>>>
>>>>> I can cange that back to the default and probably move past this,
>>>>> but is
>>>>> that a known issue? Is there another way around?
>>>> As root try the --ldapi flag:
>>>>
>>>> # ipa-ldap-updater --ldapi /path/to/scheme.update
>>>>
>>>> rob
>>>>
>>> ERROR: LDAPUpdate: syntax error:
>>>    dn is not defined in the update, data source=schema.update
>>>
>>> -Erinn
>>>
>> Sorry, add this to the top of your update file:
>>
>> dn: cn=schema
>>
>> rob
> No worries! Thanks for the help, after a restart of IPA the web UI is
> working again. I reckon this is something that needs to be fixed, does
> opening a support case and pointing them to that bug help you folks out
> with this in any way?

This is a know defect. We just did not realize it would have such a bad
impact on upgrade.
Sorry, the errata is on the way.

I would recommend everyone to not upgrade to 6.4 until the errata is
shipped.
We will notify you as soon as it goes out.

Sorry again.

>
> -Erinn
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130221/e3b90c3f/attachment.htm>

More information about the Freeipa-users mailing list