Trying to pass in a CA cert for startTLS connection to the remote server fails
# ipa-migrate stage-mode remote.testrelm.test -D 'cn=Directory Manager' -w Secret123 -n -x -Z ca.crt Initializing ... Connecting to local server ... IPA to IPA migration starting ... Traceback (most recent call last): File "/usr/sbin/ipa-migrate", line 10, in <module> ipa_migrate.run() File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 2053, in run self.do_migration() File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 1879, in do_migration self.connect_to_remote_ds() File "/usr/lib/python3.12/site-packages/ipaserver/install/ipa_migrate.py", line 769, in connect_to_remote_ds ds_conn = LDAPClient(ldapuri, cacert=cacert, start_tls=True) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 811, in {}init{} self._conn = self._connect() ^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 1224, in _connect conn = ldap_initialize(self.ldap_uri, cacertfile=self._cacert) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/ipapython/ipaldap.py", line 138, in ldap_initialize conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 698, in set_option return self._ldap_call(self._l.set_option,option,invalue) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/site-packages/ldap/ldapobject.py", line 128, in _ldap_call result = func(args,*kwargs) ^^^^^^^^^^^^^^^^^^^^ ValueError: option error
https://github.com/freeipa/freeipa/pull/7426
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7426 - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-46009
master:
ipa-4-12:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-46009, https://issues.redhat.com/browse/RHEL-49413 (was: https://issues.redhat.com/browse/RHEL-46009)
Log in to comment on this ticket.