On 02/21/2013 09:34 AM, Rob Crittenden wrote: > Erinn Looney-Triggs wrote: >> On 02/21/2013 09:07 AM, Rob Crittenden wrote: >>> add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' >>> DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch >>> ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 >>> X-ORIGIN 'IPA v3' ) >>> add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' >>> SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ >>> description $$ owner) X-ORIGIN 'IPA v3' ) >> >> Well that fails as well, though in sort of a self inflicted way: >> >> 2013-02-21T16:24:30Z INFO The ipa-ldap-updater command failed, >> exception: DatabaseError: Server is unwilling to perform: Minimum SSF >> not met. arguments: base="cn=config,cn=ldbm >> database,cn=plugins,cn=config", scope=0, filterstr="(objectclass=*)" >> 2013-02-21T16:24:30Z ERROR Unexpected error - see >> /var/log/ipaupgrade.log for details: >> DatabaseError: Server is unwilling to perform: Minimum SSF not met. >> arguments: base="cn=config,cn=ldbm database,cn=plugins,cn=config", >> scope=0, filterstr="(objectclass=*)" >> >> >> Now this probably comes about because I set: >> nsslapd-minssf: 56 >> For security. >> >> I can cange that back to the default and probably move past this, but is >> that a known issue? Is there another way around? > > As root try the --ldapi flag: > > # ipa-ldap-updater --ldapi /path/to/scheme.update > > rob >
ERROR: LDAPUpdate: syntax error: dn is not defined in the update, data source=schema.update -Erinn
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
