Looks like the schema file was changed, but not added to the list of
files to be replaced at upgrade, I will open a 389 ticket and have it in
the next release.
Could you try t copy file manually for now ?
Ludwig
On 07/18/2014 08:18 PM, Anthony Messina wrote:
On Friday, July 18, 2014 10:29:07 AM Ludwig Krispenz wrote:
On 07/18/2014 09:50 AM, Martin Kosek wrote:
On 07/17/2014 04:56 PM, Anthony Messina wrote:
After upgrading to Fedora 20's stable 389-ds-base-1.3.2.19-1.fc20.x86_64,
I noticed the following errors during the restart cycle. I have a simple
2 host MMR setup. Should I be concerned about these? If so, I'd be open
to recommendations. Thanks. -A
[17/Jul/2014:07:51:50 -0500] - Entry
"dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com" -- attribute
"dnaremotebindmethod" not allowed
[17/Jul/2014:07:51:50 -0500] dna-plugin - dna_update_shared_config:
Unable
to update shared config entry:
dnaHostname=ipa1.example.com+dnaPortNum=389,cn=posix-
ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com [error 65]
CC-ing Ludwig and Thierry. Is it possible that 389 DS schema was not
updated during it's upgrade? (Maybe related to
https://fedorahosted.org/389/ticket/47779?) FreeIPA itself does not touch
these attributes (yet).
the dnaremotebindmethod was added in June2013 to
....schema/10dna-plugin.ldif and the dnaSharedConfig objectclass - so it
should be there. And in my 1.3.219 installation it is.
Are you sure the entry you want to add has dnaSharedConfig and not
(only) dnaPluginConfig ?
When I diff between the newly installed 10dns-plugin.ldif and the one that was
created for my FreeIPA instance, I can see the difference. However, i'm not
sure how to reconcile the two such that both FreeIPA & 389 DS are happy.
~]# diff -u /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif
/etc/dirsrv/schema/10dna-plugin.ldif
--- /etc/dirsrv/slapd-EXAMPLE-COM/schema/10dna-plugin.ldif 2013-08-06
04:14:33.726000000 -0500
+++ /etc/dirsrv/schema/10dna-plugin.ldif 2014-07-03 13:31:44.000000000
-0500
@@ -170,6 +170,38 @@
#
################################################################################
#
+attributeTypes: ( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred'
+ DESC 'Remote bind credentials'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN'
+ DESC 'Remote bind DN'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol'
+ DESC 'Connection protocol: LDAP, TLS, or SSL'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
+attributeTypes: ( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod'
+ DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI'
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ SINGLE-VALUE
+ X-ORIGIN '389 Directory Server' )
+#
+################################################################################
+#
objectClasses: ( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig'
DESC 'DNA plugin configuration'
SUP top
@@ -185,7 +217,9 @@
dnaSharedCfgDN $
dnaThreshold $
dnaNextRange $
- dnaRangeRequestTimeout $
+ dnaRangeRequestTimeout $
+ dnaRemoteBindDN $
+ dnaRemoteBindCred $
cn
)
X-ORIGIN '389 Directory Server' )
@@ -199,6 +233,8 @@
MAY ( dnaHostname $
dnaPortNum $
dnaSecurePortNum $
+ dnaRemoteBindMethod $
+ dnaRemoteConnProtocol $
dnaRemainingValues
)
X-ORIGIN '389 Directory Server' )
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
