[Freeipa-users] IPA Error 4205 attribute "idnsAllowTransfer" not allowed

John Blaut john.blaut at gmail.com
Mon Jul 30 13:21:52 UTC 2012 

Hi

I am following the same issue with Robert.

In /etc/dirsrv/slapd-<DOMAIN>/schema/99user.ldif we can see that these new
attributes have been added.

Unfortunately I couldn't verify using ldapsearch on 'cn=schema' to see if
this is indeed the case as well within the LDAP data.

However if I browse other pre-existing DNS zones using ldapsearch I see
that these already have the two attributes in place, so I guess the update
procedure managed to insert them somehow:

idnsAllowQuery: any;
idnsAllowTransfer: none;

So we are a bit confused that when trying to add a new zone, we get errors
due to these attributes. This is also preventing us to add new replicas
(which require new reverse zones).

Regards

John


On Mon, Jul 30, 2012 at 2:57 PM, Simo Sorce <simo at redhat.com> wrote:

> On Mon, 2012-07-30 at 12:11 +0200, Robert Bowell wrote:
> > Hi Simo,
> >
> > Thanks for your reply.
> >
> > Yes the IPA server has been updated from 2.1 to 2.2. Prior to the
> > update, DNS zones could be created  without any issues.
> >
> > I have also noticed that the command  'ipa ping' is displaying the
> > incorrect IPA server version (IPA server version 2.1.90.rc1. API
> > version 2.34) when infact the IPA server version 2.2.x should be
> > displayed.
>
> This is odd, have you restarted httpd since the update ?
>
> The symptom below seem to suggest somethinhg went wrong in updating the
> DNS schema where we added a few attributes to allow zone transfers.
>
> Can you check the ipaserver-upgrade.log file and see if there are any
> errors in there ?
>
> Simo.
>
> > Regards,
> >
> > Robert..
> >
> >
> > On 27 July 2012 17:29, Simo Sorce <simo at redhat.com> wrote:
> >         On Thu, 2012-07-26 at 09:47 +0200, Robert Bowell wrote:
> >         > Hi,
> >         >
> >         >
> >         > I'm encountering a strange problem.. upon trying to add a
> >         new DNS zone
> >         > the following message is being displayed "attribute
> >         > "idnsAllowTransfer" not allowed" and the DNS entry is not
> >         created. Has
> >         > any one ever encountered such a problem if so what needs to
> >         be done to
> >         > resolve it ?
> >         >
> >         >
> >         > IPA server version 2.1.3. API version 2.13
> >         >
> >
> >
> >         Was this server upgraded from a 2.0.x one ?
> >
> >         Simo.
> >
> >         --
> >         Simo Sorce * Red Hat, Inc * New York
> >
> >
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120730/d3776f27/attachment.htm>

More information about the Freeipa-users mailing list