[Freeipa-users] attribute "dnaremotebindmethod" not allowed

Ludwig Krispenz lkrispen at redhat.com
Mon Jul 21 11:09:43 UTC 2014 

Looks like the schema file was changed, but not added to the list of 
files to be replaced at upgrade, I will open a 389 ticket and have it in 
the next release.

Could you try t copy file manually for now ?

Ludwig
On 07/18/2014 08:18 PM, Anthony Messina wrote:
> On Friday, July 18, 2014 10:29:07 AM Ludwig Krispenz wrote:
>> On 07/18/2014 09:50 AM, Martin Kosek wrote:
>>> On 07/17/2014 04:56 PM, Anthony Messina wrote:
>>>> After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
>>>> I noticed the following errors during the restart cycle.  I have a simple
>>>> 2 host MMR setup.  Should I be concerned about these?  If so, I'd be open
>>>> to recommendations.  Thanks.  -A
>>>>
>>>> [17/Jul/2014:07:51:50 -0500] - Entry
>>>> "dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
>>>> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com" -- attribute
>>>> "dnaremotebindmethod" not allowed
>>>>
>>>> [17/Jul/2014:07:51:50 -0500] dna-plugin - dna_update_shared_config:
>>>> Unable
>>>> to update shared config entry:
>>>> dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
>>>> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com [error 65]
>>> CC-ing Ludwig and Thierry. Is it possible that 389 DS schema was not
>>> updated during it's upgrade? (Maybe related to
>>> https://fedorahosted.org/389/ticket/47779?) FreeIPA itself does not touch
>>> these attributes (yet).
>> the dnaremotebindmethod was added in June2013 to
>> ....schema/10dna-plugin.ldif and the dnaSharedConfig objectclass - so it
>> should be there. And in my 1.3.219 installation it is.
>> Are you sure the entry you want to add has dnaSharedConfig and not
>> (only) dnaPluginConfig ?
> When I diff between the newly installed 10dns-plugin.ldif and the one that was
> created for my FreeIPA instance, I can see the difference.  However, i'm not
> sure how to reconcile the two such that both FreeIPA & 389 DS are happy.
>
>
> ~]# diff -u /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif
> /etc/dirsrv/schema/10dna-plugin.ldif
> --- /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif     2013-08-06
> 04:14:33.726000000 -0500
> +++ /etc/dirsrv/schema/10dna-plugin.ldif        2014-07-03 13:31:44.000000000
> -0500
> @@ -170,6 +170,38 @@
>   #
>   ################################################################################
>   #
> +attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred'
> +  DESC 'Remote bind credentials'
> +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> +  SINGLE-VALUE
> +  X-ORIGIN '389 Directory Server' )
> +#
> +################################################################################
> +#
> +attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN'
> +  DESC 'Remote bind DN'
> +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
> +  SINGLE-VALUE
> +  X-ORIGIN '389 Directory Server' )
> +#
> +################################################################################
> +#
> +attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol'
> +  DESC 'Connection protocol: LDAP, TLS, or SSL'
> +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> +  SINGLE-VALUE
> +  X-ORIGIN '389 Directory Server' )
> +#
> +################################################################################
> +#
> +attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod'
> +  DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI'
> +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> +  SINGLE-VALUE
> +  X-ORIGIN '389 Directory Server' )
> +#
> +################################################################################
> +#
>   objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig'
>     DESC 'DNA plugin configuration'
>     SUP top
> @@ -185,7 +217,9 @@
>           dnaSharedCfgDN $
>           dnaThreshold $
>           dnaNextRange $
> -        dnaRangeRequestTimeout $
> +        dnaRangeRequestTimeout $
> +        dnaRemoteBindDN $
> +        dnaRemoteBindCred $
>           cn
>    )
>     X-ORIGIN '389 Directory Server' )
> @@ -199,6 +233,8 @@
>     MAY ( dnaHostname $
>           dnaPortNum $
>           dnaSecurePortNum $
> +        dnaRemoteBindMethod $
> +        dnaRemoteConnProtocol $
>           dnaRemainingValues
>    )
>     X-ORIGIN '389 Directory Server' )
>
>

More information about the Freeipa-users mailing list