[Freeipa-users] freeIPA replication

James Roman james.roman at ssaihq.com
Fri Dec 11 20:05:21 UTC 2009 

If I remember correctly, I had to comment out the following entries in 
the /etc/dirsrv/slapd-XXXX/schema/99user.ldif file:

# objectClasses: ( 2.16.840.1.113730.3.2.300 NAME 'nsAIMpresence' DESC 
'Netscape
  defined objectclass' SUP top AUXILIARY MAY (nsaimid $ nsaimstatusgraphic $
  nsaimstatustext ) X-ORIGIN ( 'Netscape Directory Server' 'user 
defined' ) )
# objectClasses: ( 2.16.840.1.113730.3.2.301 NAME 'nsICQpresence' DESC 
'Netscape
  defined objectclass' SUP top AUXILIARY MAY ( nsicqid $ 
nsicqstatusgraphic $
  nsICQStatusText ) X-ORIGIN ( 'Netscape Directory Server' 'user 
defined' ) )
# objectClasses: ( 2.16.840.1.113730.3.2.302 NAME 'nsYIMpresence' DESC 
'Netscape
  defined objectclass' SUP top AUXILIARY MAY ( nsyimid $ 
nsyimstatusgraphic $
  nsYIMStatusText ) X-ORIGIN ( 'Netscape Directory Server' 'user 
defined' ) )
# objectClasses: ( 2.16.840.1.113730.3.2.303 NAME 'nsMSNpresence' DESC 
'Netscape
  defined objectclass' SUP top AUXILIARY MAY nsmsnid X-ORIGIN ( 
'Netscape Dir
 ectory Server' 'user defined' ) )



Rich Megginson wrote:
> Rob Crittenden wrote:
>> Виктор Сергеевич wrote:
>>> On fedora 11:
>>>
>>> Name        : 389-ds-base                  Relocations: (not
>>> relocatable)
>>> Version     : 1.2.2                             Vendor: Fedora Project
>>> Release     : 1.fc11                        Build Date: Wed 26 Aug 2009
>>> 12:07:44 AM MSD
>>> Install Date: Fri 11 Dec 2009 10:46:32 AM MSK      Build Host:
>>> x86-1.fedora.phx.redhat.com
>>> Group       : System Environment/Daemons    Source RPM:
>>> 389-ds-base-1.2.2-1.fc11.src.rpm
>>> Size        : 5080205                          License: GPLv2 with
>>> exceptions
>>> Signature   : RSA/SHA1, Wed 26 Aug 2009 04:34:33 PM MSD, Key ID
>>> 1dc5c758d22e77f2
>>> Packager    : Fedora Project
>>> URL         : http://port389.org/
>>> Summary     : 389 Directory Server (base)
>>>
>>
>> IIRC in 389-ds 1.2.2 some schema was dropped/modified. If you try to 
>> replicate between < 1.2.2 and >= 1.2.2 you can get this error because 
>> the schema isn't defined on one side.
>>
>> I'm not sure the best way to work around this. Options include:
>>
>> - sync up the 389-ds versions between your servers. This would likely 
>> require building your own set of rpms on one or the other.
>> - add the missing schema to the F-11 server in /etc/dirsrv/schema. 
>> This has the downside that you'll probably end up broken in other 
>> very odd some time way into the future.
>> - modify 99user.ldif on the replicated system and remove the 
>> offending attributes. At the point in the replica installation where 
>> this fails the installer is almost done. The only missing steps are 
>> the DNS configuration and configuring the client.
>>
>> There may be other options, and again I'm not sure which is the best 
>> at this point. Rich, what do you think?
> With 389-ds-base 1.2.3 and later (1.2.5.rc2 is currently available 
> from the testing repos) 99user.ldif is fixed to remove the offending 
> schema upon upgrade (yum or rpm), or by doing setup-ds.pl -u.
>>
>> rob
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list