[Freeipa-users] attribute "dnaremotebindmethod" not allowed

Anthony Messina amessina at messinet.com
Fri Jul 18 18:18:44 UTC 2014 

On Friday, July 18, 2014 10:29:07 AM Ludwig Krispenz wrote:
> On 07/18/2014 09:50 AM, Martin Kosek wrote:
> > On 07/17/2014 04:56 PM, Anthony Messina wrote:
> >> After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
> >> I noticed the following errors during the restart cycle.  I have a simple
> >> 2 host MMR setup.  Should I be concerned about these?  If so, I'd be open
> >> to recommendations.  Thanks.  -A
> >> 
> >> [17/Jul/2014:07:51:50 -0500] - Entry
> >> "dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
> >> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com" -- attribute
> >> "dnaremotebindmethod" not allowed
> >> 
> >> [17/Jul/2014:07:51:50 -0500] dna-plugin - dna_update_shared_config:
> >> Unable
> >> to update shared config entry:
> >> dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
> >> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com [error 65]
> > 
> > CC-ing Ludwig and Thierry. Is it possible that 389 DS schema was not
> > updated during it's upgrade? (Maybe related to
> > https://fedorahosted.org/389/ticket/47779?) FreeIPA itself does not touch
> > these attributes (yet).
> 
> the dnaremotebindmethod was added in June2013 to 
> ....schema/10dna-plugin.ldif and the dnaSharedConfig objectclass - so it 
> should be there. And in my 1.3.219 installation it is.
> Are you sure the entry you want to add has dnaSharedConfig and not 
> (only) dnaPluginConfig ?

When I diff between the newly installed 10dns-plugin.ldif and the one that was 
created for my FreeIPA instance, I can see the difference.  However, i'm not 
sure how to reconcile the two such that both FreeIPA & 389 DS are happy.


~]# diff -u /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif 
/etc/dirsrv/schema/10dna-plugin.ldif
--- /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif     2013-08-06 
04:14:33.726000000 -0500
+++ /etc/dirsrv/schema/10dna-plugin.ldif        2014-07-03 13:31:44.000000000 
-0500
@@ -170,6 +170,38 @@
 #
 ################################################################################
 #
+attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred'
+  DESC 'Remote bind credentials'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE
+  X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN'
+  DESC 'Remote bind DN'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  SINGLE-VALUE
+  X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol'
+  DESC 'Connection protocol: LDAP, TLS, or SSL'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE
+  X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod'
+  DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE
+  X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
 objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig'
   DESC 'DNA plugin configuration'
   SUP top
@@ -185,7 +217,9 @@
         dnaSharedCfgDN $
         dnaThreshold $
         dnaNextRange $
-        dnaRangeRequestTimeout $
+        dnaRangeRequestTimeout $        
+        dnaRemoteBindDN $
+        dnaRemoteBindCred $
         cn
  )
   X-ORIGIN '389 Directory Server' )
@@ -199,6 +233,8 @@
   MAY ( dnaHostname $
         dnaPortNum $
         dnaSecurePortNum $
+        dnaRemoteBindMethod $
+        dnaRemoteConnProtocol $
         dnaRemainingValues
  )
   X-ORIGIN '389 Directory Server' )


-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140718/fa9d9bea/attachment.sig>

More information about the Freeipa-users mailing list