[Freeipa-users] attribute "dnaremotebindmethod" not allowed

Rich Megginson rmeggins at redhat.com
Fri Jul 25 16:26:55 UTC 2014 

On 07/25/2014 01:46 AM, Anthony Messina wrote:
> On Thursday, July 24, 2014 08:44:34 AM Martin Kosek wrote:
>> On 07/23/2014 06:38 PM, Anthony Messina wrote:
>>> On Monday, July 21, 2014 01:09:43 PM Ludwig Krispenz wrote:
>>>> Looks like the schema file was changed, but not added to the list of
>>>> files to be replaced at upgrade, I will open a 389 ticket and have it in
>>>>
>>>>   the next release.
>>>>
>>>>
>>>> Could you try t copy file manually for now ?
>>>
>>>
>>> Manually copying the file from /etc/dirsrv/schema/10dna-plugin.ldif to
>>> /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif on both of my IPA
>>> masters and restarting seems to have eliminated the error.
>>>
>>>
>>>
>>> Is there anything else that needs to be done?
>>>
>>>
>> That should be all. BTW, the schema upgrade error is now fixed in
>> https://admin.fedoraproject.org/updates/389-ds-base-1.3.2.20-1.fc20
>
> With that update, my dirsrv error logs on both of my masters are flooded with
> the following errors.  Issuing 'ipactl restart' several times seems to reduce
> the incidence:
>
>   - Connection is NULL and hence cannot access SLAPI_CONN_ID

Sorry about that - this will be fixed in 1.3.2.21.

>
> Also, I'm not sure if it's related to the above error, but the following are
> what I find related to the originally reported dnaremotebindmethod issue after
> upgrading both of my masters.
>
> Should the dnaRemoteBindMethod and dnaRemoteConnProtocol have something other
> than (null) as a value?  Should they be the same on each master?
>
> ~]# ldapsearch -Y GSSAPI -LLL -s sub -b cn=posix-
> ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
> SASL/GSSAPI authentication started
> SASL username: admin at EXAMPLE.COM
> SASL SSF: 56
> SASL data security layer installed.
> dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
> objectClass: nsContainer
> objectClass: top
> cn: posix-ids
>
> dn: dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
>   =etc,dc=example,dc=com
> objectClass: dnaSharedConfig
> objectClass: top
> dnaHostname: ipa1.example.com
> dnaPortNum: 389
> dnaSecurePortNum: 636
> dnaRemainingValues: 199972
> dnaRemoteBindMethod: (null)
> dnaRemoteConnProtocol: (null)

This looks wrong.  Please file a ticket.

>
> dn: dnaHostname=ipa2.example.com+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ipa,cn
>   =etc,dc=example,dc=com
> objectClass: dnaSharedConfig
> objectClass: top
> dnaHostname: ipa2.example.com
> dnaPortNum: 389
> dnaSecurePortNum: 636
> dnaRemainingValues: 0
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140725/a9ee8fd1/attachment.htm>

More information about the Freeipa-users mailing list