[Freeipa-users] attribute "dnaremotebindmethod" not allowed

Anthony Messina amessina at messinet.com
Fri Jul 25 07:46:14 UTC 2014 

On Thursday, July 24, 2014 08:44:34 AM Martin Kosek wrote:
> On 07/23/2014 06:38 PM, Anthony Messina wrote:
> > On Monday, July 21, 2014 01:09:43 PM Ludwig Krispenz wrote:
> >> Looks like the schema file was changed, but not added to the list of 
> >> files to be replaced at upgrade, I will open a 389 ticket and have it in
> >>
> >>  the next release.
> >> 
> >>
> >> Could you try t copy file manually for now ?
> >
> > 
> >
> > Manually copying the file from /etc/dirsrv/schema/10dna-plugin.ldif to 
> > /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif on both of my IPA 
> > masters and restarting seems to have eliminated the error.
> >
> > 
> >
> > Is there anything else that needs to be done?
> >
> > 
> 
> That should be all. BTW, the schema upgrade error is now fixed in
> https://admin.fedoraproject.org/updates/389-ds-base-1.3.2.20-1.fc20


With that update, my dirsrv error logs on both of my masters are flooded with 
the following errors.  Issuing 'ipactl restart' several times seems to reduce 
the incidence:

 - Connection is NULL and hence cannot access SLAPI_CONN_ID

Also, I'm not sure if it's related to the above error, but the following are 
what I find related to the originally reported dnaremotebindmethod issue after 
upgrading both of my masters.

Should the dnaRemoteBindMethod and dnaRemoteConnProtocol have something other 
than (null) as a value?  Should they be the same on each master?

~]# ldapsearch -Y GSSAPI -LLL -s sub -b cn=posix-
ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
SASL/GSSAPI authentication started
SASL username: admin at EXAMPLE.COM
SASL SSF: 56
SASL data security layer installed.
dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
objectClass: nsContainer
objectClass: top
cn: posix-ids

dn: dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
 =etc,dc=example,dc=com
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: ipa1.example.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 199972
dnaRemoteBindMethod: (null)
dnaRemoteConnProtocol: (null)

dn: dnaHostname=ipa2.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
 =etc,dc=example,dc=com
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: ipa2.example.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 0

-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140725/87ddec00/attachment.sig>

More information about the Freeipa-users mailing list