The ds_connect method in pkiparser.py called at line 187 in pkispawn throws an "Inappropriate Authentication" error when nsslapd-allow-anonymous-access: off is set for cn=config entry of the DS. This error does not stop the installation but continues asking for the DS details.
Error details:
Install a DS instance.
Run: $ ldapmodify -D cn="Directory Manager" -w Secret123 dn: cn=config changetype: modify replace: nsslapd-allow-anonymous-access nsslapd-allow-anonymous-access: off
$ pkispawn Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:
Tomcat: Instance [pki-tomcat]: HTTP port [8080]: Secure HTTP port [8443]: AJP port [8009]: Management port [8005]:
Administrator: Username [caadmin]: Password: Verify password: Import certificate (Yes/No) [N]? Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]:
Directory Server: Hostname [vm-128.idm.lab.bos.redhat.com]: Port [389]: ERROR: Inappropriate authentication Hostname [vm-128.idm.lab.bos.redhat.com]: Port [389]: ERROR: Inappropriate authentication Hostname [vm-128.idm.lab.bos.redhat.com]: Port [389]: . .
Fixed and pushed to master in 68819722a5d08e6e6eea29846e879cc7ab65eb44
Metadata Update from @kaskahn: - Issue assigned to kaskahn - Issue set to the milestone: 10.2 - 12/13 (December)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1378
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.