Jakub Hrozek wrote: > On Thu, Nov 11, 2010 at 08:10:33AM -0500, Simo Sorce wrote: > >> On Wed, 10 Nov 2010 19:11:46 +0100 >> Jakub Hrozek <[email protected]> wrote: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 11/10/2010 06:47 PM, Jakub Hrozek wrote: >>> >>>> Please see attachment. The right fix would be to fix this in >>>> openldap, but I think we should have a workaround, at least for the >>>> time being. Much of the credit goes to Jan who helped me debug the >>>> issue. >>>> >>> Sorry, the first patch had a small bug. New one attached. >>> >> Jakub, I am surprised, I have the current code working on F14 w/o >> issues, why do you need to set also the CACERTDIR ? >> >> Simo. >> > > How does your /etc/openldap/ldap.conf look like? On both of my test machines > (one of them F13, the other one F14) it contains: > > --- > URI ldap://127.0.0.1/ > BASE dc=example,dc=com > TLS_CACERTDIR /etc/openldap/cacerts > --- > > I don't recall setting it manually, though..I suspect some package > scriptlet or authconfig..dunno yet. > > With the above setting, installation on F14 fails for me during the very > last step: > > --- > Unable to set admin password Command '/usr/bin/ldappasswd -h > vm-061.idm.lab.bos.redhat.com -ZZ -x -D cn=Directory Manager -y > /var/lib/ipa/tmpWn1lsN -T /var/lib/ipa/tmp_7938z > uid=admin,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com' > returned non-zero exit status 1 > --- > > When I ran ldappasswd with "-d -1", I could see TLS errors and > ldappasswd opened only /etc/openldap/cacerts. > > Seeing the ldappasswd invocation working on F13 and not F14, I suspect that > CACERTDIR errorneously takes precedence over CACERT (maybe something to > do with the switch to NSS?). Putting CACERTDIR into the environment > fixed the issue for me.. > > > Jakub > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > Can it be that Jakub has it because of the Fedora test date for the openLDAP?
-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
