On Wed, 2014-06-11 at 19:08 +0200, Petr Viktorin wrote: > On 06/11/2014 06:58 PM, Simo Sorce wrote: > > On Wed, 2014-06-11 at 18:48 +0200, Petr Viktorin wrote: > >> On 06/11/2014 06:45 PM, Simo Sorce wrote: > >>> On Wed, 2014-06-11 at 12:36 -0400, Nathaniel McCallum wrote: > >>>> On Wed, 2014-06-11 at 08:47 -0400, Simo Sorce wrote: > >> > >>>> > >>>> Do the installed schema files have ipatokenHOTP? Did you dump the schema > >>>> from 389DS to see if this object class is present? > >>> > >>> They are not. The schema files in /usr/share/ipa do have the > >>> objectclasses, but the server schema has not been updated (or the update > >>> failed). > >> > >> Can you check /var/log/ipaupgrade.log to see why the upgrade failed? Or > >> send it and I can check. > > > > Uhmm it failed because I previously had one of the getkeytab attributes > > in the server but we later changed its OID when the feature was > > deferred... sigh ... > > Yeah, that would be a problem. > > > I now have removed the offending attributes by turning off dirsrv and > > manually removing them from 99user.ldif, but running ipa-ldap-updater > > does not seem to do try to add the missing schema ... > > Are you saying there's nothing about schema in the log?
Not for following ipa-ldap-update runs ... they seem to actually fail with a timeout ... investigating. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel