ipa-replica-install is failing when using the copr repo https://copr.fedorainfracloud.org/coprs/g/389ds/389-ds-base-nightly/ See PR #1152 with for instance the test 389ds-fedora/simple_replication (logs, report.
ipa-replica-install
389ds-fedora/simple_replication
Package Version and Platform: - Platform: Fedora 34 - Package and version: 389-ds-base-2.1.0-20210906gitd54862122.fc34.x86_64
Steps to Reproduce Steps to reproduce the behavior: 1. enable the copr repo with dnf copr enable @389ds/389-ds-base-nightly 2. update the packages: dnf update -y 3. install freeipa packages: dnf install -y freeipa-server 4. install the replica with ipa client-install --domain ipa.test --realm IPA.TEST --principal admin --password Secret123; kinit admin; ipa-replica-install -U
dnf copr enable @389ds/389-ds-base-nightly
dnf update -y
dnf install -y freeipa-server
ipa client-install --domain ipa.test --realm IPA.TEST --principal admin --password Secret123; kinit admin; ipa-replica-install -U
Expected results replica installation should succeed
ipa-replica-install fails with the following output:
[...] Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] NetworkError: cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. cannot connect to 'ldapi://%2Frun%2Fslapd-IPA-TEST.socket': Connection refused The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
replica's dirsrv error log contains:
[06/Sep/2021:11:42:55.948181876 -0400] - ERR - dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-IPA-TEST/schema/99user.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PKCS 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) ): Failed to parse attribute, error(2 - Unexpected token) at ( v4.1' 'user defined' ) )) [06/Sep/2021:11:42:55.953446331 -0400] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server.
Extract of 99user.ldif:
attributeTypes: ( 2.16.840.1.113730.3.8.11.61 NAME 'ipaWrappingKey' DESC 'PKCS #11 URI of the wrapping key' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466. 115.121.1.15 SINGLE-VALUE X-ORIGIN ( 'IPA v4.1' 'user defined' ) )
It looks like the # is considered as a comment and part of the definition is not taken into account. See the error log which is missing "#11 ...".
Companion issue on 389ds side: https://github.com/389ds/389-ds-base/issues/4903
Fixed on 389-ds-side with commit 9a6a0c3, tests are now green: test_simple_replication: report.
test_simple_replication
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.