Description of problem: named.run shows the following errors: 04-May-2015 13:56:29.131 connection to the LDAP server was lost 04-May-2015 13:56:29.196 successfully reconnected to LDAP server 04-May-2015 13:56:29.196 LDAP instance 'ipa' is being synchronized, please ignore message 'all zones loaded' 04-May-2015 13:56:29.196 LDAP error: Critical extension is unavailable: unable to start SyncRepl session: is RFC 4533 supported by LDAP server? 04-May-2015 13:56:29.197 ldap_syncrepl will reconnect in 60 seconds As a result, no IPA dns zones are being loaded / presented. From 389 I can see: [04/May/2015:13:59:28 +091800] conn=30 op=3 SRCH base="(null)" scope=2 filter=" (|(objectClass=idnsConfigObject)(objectClass=idnsZone)(objectClass=idnsForwardZ one)(objectClass=idnsRecord))", failed to decode LDAP controls [04/May/2015:13:59:28 +091800] conn=30 op=3 RESULT err=12 tag=101 nentries=0 etime=0 Here are the relevant versions of packages. Reinstalling: 389-ds-base x86_64 1.3.3.1-16.el7_1 updates 1.6 M 389-ds-base-libs x86_64 1.3.3.1-16.el7_1 updates 599 k bind x86_64 32:9.9.4-18.el7_1.1 updates 1.8 M bind-dyndb-ldap x86_64 6.0-2.el7 base 100 k bind-libs x86_64 32:9.9.4-18.el7_1.1 updates 1.0 M bind-libs-lite x86_64 32:9.9.4-18.el7_1.1 updates 712 k bind-license noarch 32:9.9.4-18.el7_1.1 updates 80 k bind-utils x86_64 32:9.9.4-18.el7_1.1 updates 199 k Happy to provide any other info needed. This only occurs after update from rhel 7.0 to 7.1.
I don't think that this will occur in the wild. It may be as a result of my specific environment setup.
First, my IPA domain started on Fedora. I believe it was on F20 / F21 at the time. I then moved it to EL7.0 when it came out, but this was a "minor version" downgrade of ipa version. I believe 3.3 to 3.1. Given my F21 likely had newer schema, this is probably how I ended up with nsEncryptionConfig in 99user.ldif.
Then, I have gone to upgrade 7.0 -> 7.1, and that's when I hit the issue.
So, I think it's a low likely hood people will hit this in the wild, but maybe we need some way of handling when system schema is put into 99user.ldif, and is then changed during an upgrade.
Metadata Update from @firstyear: - Issue set to the milestone: 1.3.6.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1651
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: invalid)
Login to comment on this ticket.