On 26 Feb 2020, at 03:22, Thad <thadbrownsc(a)gmail.com> wrote:
I have single master/replica setup and information is flowing. After the sync I had 2
issues. First issue is within the console. After syncing from the 8.2 master to the 9.1
replica I can no longer access any of the items in the server group on the replica..
Clicking on Administration server or the dirsrv instance gives an error. "Failed to
install a local copy of redhat-ds-8.2.jar or one of its supporting files. Please ensure
that the appropriate console package is installed on the administration server.
redhat-ds-8.2jar not found at http://dir.mycomp.org:9830/"
;. So not sure if I need to
find the redhat-ds-8.2.jar file on the master and install it on the replica, run
setup-ds-admin.pl -u or if this is normal behavior for the replica?
You have an 8.2 supplier and a 9.1 consumer, so probably the best strategy here is to get
everything upgraded to 9.1 as soon as possible to get everything consistent.
The second issue are schema issues. Initially I copied the
/etc/dirsrv/slapd-inst/schema/99user.ldif file over from the master to the replica and it
took care of most of the schema errors. However I am still getting the following error:
[25/Feb/2020:08:38:15 -0500] NSACLPlugin - __aclp__init_targetattr: targetattr
"ssn" does not exist in schema. Please add attributeTypes "ssn" to
schema if necessary.
[25/Feb/2020:08:38:15 -0500] NSACLPlugin - ACL PARSE ERR(rv=-5): (targetattr =
[25/Feb/2020:08:38:15 -0500] NSACLPlugin - Error: This ((targetattr != "ssn ||
userPassword") (version 3.0;acl "Directory Comparator";allow
(read,compare,search)(userdn = "ldap:///uid=comparator,ou=Special
Users,o=dir.mycomp.org");)) ACL will not be considered for evaluation because of
I have looked at the attributes in schema under the instance's configuration tab
(within the master's console) but there isn't an ssn attribute that I can find. I
see userPassword attribute. Not sure how to proceed from here.
99user.ldif is not the only place where custom schema can live. IIRC in DS 10 (?) we have
schema replication, but we may not have it in 8.2/9.1.
It's likely worth checking that the /etc/dirsrv/slapd-instancename/schema/*.ldif files
match on both your instances. for example, someone may have added 90customschema.ldif or
similar which is providing the ssn attribute.
You can also check by searching cn=schema to see what the servers attributes and classes
are supported, and see if there are differences.
ldapsearch -H ldap://<LDAPURL> -b cn=schema -x +
Hope that helps,
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Senior Software Engineer, 389 Directory Server