Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1551677
In current Fedora Rawhide (and, I expect, F28, as soon as we have a compose with bind-dyndb-ldap-11.1-10.fc28 in it), FreeIPA server deployment fails with an error from ipapython/ipaldap.py : "This entry already exists" I'm not sure yet what 'entry' it means or why it already exists, but this looks like a clear Beta blocker, per Basic criterion "Release-blocking roles and the supported role configuration interfaces must meet the core functional Role Definition Requirements to the extent that supported roles can be successfully deployed, started, stopped, brought to a working configuration, and queried", as domain controller is one of the release-blocking roles. Will attach all logs soon.
Metadata Update from @fbarreto: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1551677
This is a duplicate of ticket #7393 fixed in master and ipa-4-6.
Metadata Update from @frenaud: - Issue close_status updated to: duplicate
[04/Mar/2018:19:38:12.931685123 -0500] conn=8 op=3 ADD dn="cn=RSA,cn=encryption,cn=config" [04/Mar/2018:19:38:12.932916255 -0500] conn=8 op=3 RESULT err=68 tag=105 nentries=0 etime=0.0001420462 File "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line 358, in enable_ss File "/usr/lib/python3.6/site-packages/ipapython/ipaldap.py", line 1523, in add_entry self.conn.add_s(str(entry.dn), list(attrs.items())) 2018-03-05T00:38:12Z DEBUG The ipa-server-install command failed, exception: DuplicateEntry: This entry already exists
In 389-ds master branch the following entry exists by default
dn: cn=RSA,cn=encryption,cn=config objectClass: top objectClass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: Server-Cert nsSSLActivation: on nsSSLToken: internal (software)
Could be a recent change in 389-ds that adds it by default or in ipa-server-install that now adds it without checking.
An easy fix, would be to test "cn=RSA,cn=encryption,cn=config" exists before adding it.
Metadata Update from @tbordaz: - Issue status updated to: Open (was: Closed)
Metadata Update from @fbarreto: - Issue priority set to: critical
Closed as duplicate of #7393
Metadata Update from @rcritten: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.