[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] attribute "dnaremotebindmethod" not allowed



On 07/25/2014 01:46 AM, Anthony Messina wrote:
On Thursday, July 24, 2014 08:44:34 AM Martin Kosek wrote:
On 07/23/2014 06:38 PM, Anthony Messina wrote:
On Monday, July 21, 2014 01:09:43 PM Ludwig Krispenz wrote:
Looks like the schema file was changed, but not added to the list of 
files to be replaced at upgrade, I will open a 389 ticket and have it in

 the next release.


Could you try t copy file manually for now ?


Manually copying the file from /etc/dirsrv/schema/10dna-plugin.ldif to 
/etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif on both of my IPA 
masters and restarting seems to have eliminated the error.



Is there anything else that needs to be done?


That should be all. BTW, the schema upgrade error is now fixed in
https://admin.fedoraproject.org/updates/389-ds-base-1.3.2.20-1.fc20

With that update, my dirsrv error logs on both of my masters are flooded with 
the following errors.  Issuing 'ipactl restart' several times seems to reduce 
the incidence:

 - Connection is NULL and hence cannot access SLAPI_CONN_ID

Sorry about that - this will be fixed in 1.3.2.21.


Also, I'm not sure if it's related to the above error, but the following are 
what I find related to the originally reported dnaremotebindmethod issue after 
upgrading both of my masters.

Should the dnaRemoteBindMethod and dnaRemoteConnProtocol have something other 
than (null) as a value?  Should they be the same on each master?

~]# ldapsearch -Y GSSAPI -LLL -s sub -b cn=posix-
ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
SASL/GSSAPI authentication started
SASL username: admin EXAMPLE COM
SASL SSF: 56
SASL data security layer installed.
dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
objectClass: nsContainer
objectClass: top
cn: posix-ids

dn: dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
 =etc,dc=example,dc=com
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: ipa1.example.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 199972
dnaRemoteBindMethod: (null)
dnaRemoteConnProtocol: (null)

This looks wrong.  Please file a ticket.


dn: dnaHostname=ipa2.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
 =etc,dc=example,dc=com
objectClass: dnaSharedConfig
objectClass: top
dnaHostname: ipa2.example.com
dnaPortNum: 389
dnaSecurePortNum: 636
dnaRemainingValues: 0





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]