[Freeipa-users] attribute "dnaremotebindmethod" not allowed
Anthony Messina
amessina at messinet.com
Fri Jul 18 18:18:44 UTC 2014
On Friday, July 18, 2014 10:29:07 AM Ludwig Krispenz wrote:
> On 07/18/2014 09:50 AM, Martin Kosek wrote:
> > On 07/17/2014 04:56 PM, Anthony Messina wrote:
> >> After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
> >> I noticed the following errors during the restart cycle. I have a simple
> >> 2 host MMR setup. Should I be concerned about these? If so, I'd be open
> >> to recommendations. Thanks. -A
> >>
> >> [17/Jul/2014:07:51:50 -0500] - Entry
> >> "dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
> >> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com" -- attribute
> >> "dnaremotebindmethod" not allowed
> >>
> >> [17/Jul/2014:07:51:50 -0500] dna-plugin - dna_update_shared_config:
> >> Unable
> >> to update shared config entry:
> >> dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
> >> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com [error 65]
> >
> > CC-ing Ludwig and Thierry. Is it possible that 389 DS schema was not
> > updated during it's upgrade? (Maybe related to
> > https://fedorahosted.org/389/ticket/47779?) FreeIPA itself does not touch
> > these attributes (yet).
>
> the dnaremotebindmethod was added in June2013 to
> ....schema/10dna-plugin.ldif and the dnaSharedConfig objectclass - so it
> should be there. And in my 1.3.219 installation it is.
> Are you sure the entry you want to add has dnaSharedConfig and not
> (only) dnaPluginConfig ?
When I diff between the newly installed 10dns-plugin.ldif and the one that was
created for my FreeIPA instance, I can see the difference. However, i'm not
sure how to reconcile the two such that both FreeIPA & 389 DS are happy.
~]# diff -u /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif
/etc/dirsrv/schema/10dna-plugin.ldif
--- /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif 2013-08-06
04:14:33.726000000 -0500
+++ /etc/dirsrv/schema/10dna-plugin.ldif 2014-07-03 13:31:44.000000000
-0500
@@ -170,6 +170,38 @@
#
################################################################################
#
+attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred'
+ DESC 'Remote bind credentials'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN'
+ DESC 'Remote bind DN'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol'
+ DESC 'Connection protocol: LDAP, TLS, or SSL'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod'
+ DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig'
DESC 'DNA plugin configuration'
SUP top
@@ -185,7 +217,9 @@
dnaSharedCfgDN $
dnaThreshold $
dnaNextRange $
- dnaRangeRequestTimeout $
+ dnaRangeRequestTimeout $
+ dnaRemoteBindDN $
+ dnaRemoteBindCred $
cn
)
X-ORIGIN '389 Directory Server' )
@@ -199,6 +233,8 @@
MAY ( dnaHostname $
dnaPortNum $
dnaSecurePortNum $
+ dnaRemoteBindMethod $
+ dnaRemoteConnProtocol $
dnaRemainingValues
)
X-ORIGIN '389 Directory Server' )
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140718/fa9d9bea/attachment.sig>
More information about the Freeipa-users
mailing list