[Freeipa-users] Slow ipa performance -- why so many ldap lookups ?
Jan-Frode Myklebust
janfrode at tanso.net
Thu Mar 21 21:44:46 UTC 2013
On Thu, Mar 21, 2013 at 05:25:57PM -0400, Rob Crittenden wrote:
> > ipa : ERROR Update failed: Object class violation: attribute "ipaSELinuxUserMapOrder" not allowed
> >
> >so I suspect there are some problem with our LDAP schema. That might be
> >related to the "No SELinux user maps found" message.. I have a support
> >ticket open on this ipaSELinuxUserMapOrder-schema problem (00800931),
> >but not much progress there yet..
>
> Upgrading to 2.2 from what version?
v2.1.3 on RHEL-6.2. I still have the old disk-image from before the
upgrade, so I verified this using guestfish..
> If there are no maps it may just mean that there are no maps, which
> is fine. SELinux user maps didn't work well in 6.3 anyway.
>
> You might try: ipa-ldap-updater --ldapi
> /usr/share/ipa/updates/10-selinuxusermap.update
Thanks, I'll mention you suggested this in the ticket -- but prefer to
work on this issue trough the normal support channel.
-jf
More information about the Freeipa-users
mailing list