On Wed, Apr 08, 2015 at 11:07:25AM +0000, Alexander Frolushkin wrote: > -----Original Message----- > From: Martin Kosek [mailto:mko...@redhat.com] > Sent: Wednesday, April 08, 2015 4:47 PM > To: Alexander Frolushkin (SIB); freeipa-users@redhat.com; Ludwig Krispenz; > Thierry Bordaz; Jakub Hrozek > Subject: Re: [Freeipa-users] Accident upgrade 3.3 to 4.1 > > >> In any case, upgrade from 3.3 to 4.1 should just work, you just need to > >> have a recent enough RHEL-6 servers - at least RHEL-6.6+z-streams. > >> > >> Please note, we currently have a three servers with IPA 4.1.0, and 13 > >> servers with IPA 3.3.3 working simultaneously. > >> Also about hbac: > >> > >> [hbac_eval_user_element] (0x0080): Parse error on [cn=system: read > >> replication > >> agreements+nsuniqueid=..........,cn=permissions,cn=pbac,dc=unix,dc=ad, > >> dc=com] > > >CCing Jakub, but this looks like > > >https://bugzilla.redhat.com/show_bug.cgi?id=1135433
This is actually https://fedorahosted.org/sssd/ticket/2603 According to the RDN: "agreements+nsuniqueid=" there is a replication conflict on the servers. Latest SSSD builds are able to handle those, but you should fix the server anyway. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project