Upgrade from 3.3.5 to 4.0 failed with schema error:
# rpm -Uvh --force ~/freeipa-master/dist/rpms/freeipa-* Preparing... ################################# [100%] Updating / installing... 1:freeipa-python-3.3.90GIT008c780-0################################# [ 7%] 2:freeipa-client-3.3.90GIT008c780-0################################# [ 13%] Could not load host key: /etc/ssh/ssh_host_dsa_key 3:freeipa-admintools-3.3.90GIT008c7################################# [ 20%] 4:freeipa-server-3.3.90GIT008c780-0################################# [ 27%] 5:freeipa-server-trust-ad-3.3.90GIT################################# [ 33%] 6:freeipa-server-foreman-smartproxy################################# [ 40%] 7:freeipa-tests-3.3.90GIT008c780-0.################################# [ 47%] 8:freeipa-debuginfo-3.3.90GIT008c78################################# [ 53%] Cleaning up / removing... 9:freeipa-tests-3.3.5-1.fc20 ################################# [ 60%] 10:freeipa-debuginfo-3.3.5-1.fc20 ################################# [ 67%] 11:freeipa-server-trust-ad-3.3.5-1.f################################# [ 73%] 12:freeipa-server-3.3.5-1.fc20 ################################# [ 80%] 13:freeipa-admintools-3.3.5-1.fc20 ################################# [ 87%] 14:freeipa-client-3.3.5-1.fc20 ################################# [ 93%] 15:freeipa-python-3.3.5-1.fc20 ################################# [100%] Upgrade failed with unknown object class "ipapermissionv2" IPA upgrade failed.
Moving to 4.0 June as we need to fix this before release.
ipaupgrade.log ipaupgrade.log-ipapermissionv2-fail.gz
Suprisingly, this looks related to #3859 as upgrade was fixed when I changed
objectclasses: (2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' SUP top AUXILIARY DESC 'Class to apply access controls to arbitrary operations' MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X- ORIGIN 'IPA v3')
to
objectClasses: (2.16.840.1.113730.3.8.12.22 NAME 'ipaAllowedOperations' SUP top AUXILIARY DESC 'Class to apply access controls to arbitrary operations' MAY ( ipaAllowedToPerform $ ipaProtectedOperation ) X- ORIGIN 'IPA v3')
I.e. when I fixed the casing of the ipaAllowedOperations to the same as with the other records.
ipaAllowedOperations
I will send a patch for that to start a discussion.
attachment freeipa-mkosek-471-fix-objectclass-casing-in-ldif-to-prevent-schema-upd.patch
Patch freeipa-mkosek-471-fix-objectclass-casing-in-ldif-to-prevent-schema-upd.patch sent for review
Adding to list of tickets required for 4.0 release.
master:
python-ldap bug causing it is tracked in https://bugzilla.redhat.com/show_bug.cgi?id=1007820.
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 4.0 GA
Login to comment on this ticket.