#811 Failure in pkispawn when anonymous access is off in the DS server
Closed: Fixed None Opened 9 years ago by kaskahn.

The ds_connect method in pkiparser.py called at line 187 in pkispawn throws an "Inappropriate Authentication" error when nsslapd-allow-anonymous-access: off is set for cn=config entry of the DS. This error does not stop the installation but continues asking for the DS details.

Error details:

Install a DS instance.

$ ldapmodify -D cn="Directory Manager" -w Secret123
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: off

$ pkispawn
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:

Instance [pki-tomcat]:
HTTP port [8080]:
Secure HTTP port [8443]:
AJP port [8009]:
Management port [8005]:

Username [caadmin]:
Verify password:
Import certificate (Yes/No) [N]?
Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]:

Directory Server:
Hostname [vm-128.idm.lab.bos.redhat.com]:
Port [389]:
ERROR: Inappropriate authentication
Hostname [vm-128.idm.lab.bos.redhat.com]:
Port [389]:
ERROR: Inappropriate authentication
Hostname [vm-128.idm.lab.bos.redhat.com]:
Port [389]:

Fixed and pushed to master in 68819722a5d08e6e6eea29846e879cc7ab65eb44

Metadata Update from @kaskahn:
- Issue assigned to kaskahn
- Issue set to the milestone: 10.2 - 12/13 (December)

6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.