On 06/11/2014 06:58 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote:
On 06/11/2014 06:45 PM, Simo Sorce wrote:
On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote:
On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote:
Do the installed schema files have ipatokenHOTP? Did you dump the schema
from 389DS to see if this object class is present?
They are not. The schema files in /usr/share/ipa do have the
objectclasses, but the server schema has not been updated (or the update
failed).
Can you check /var/log/ipaupgrade.log to see why the upgrade failed? Or
send it and I can check.
Uhmm it failed because I previously had one of the getkeytab attributes
in the server but we later changed its OID when the feature was
deferred... sigh ...
Yeah, that would be a problem.
I now have removed the offending attributes by turning off dirsrv and
manually removing them from 99user.ldif, but running ipa-ldap-updater
does not seem to do try to add the missing schema ...
Are you saying there's nothing about schema in the log?
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel