Hello again, I've managed to integrate my katello configuration with freeipa. Now I not only use freeipa authentication in katello but also when a host is defined in katello it automagically gets created in the freeipa realm , certs, otp,dns all working great.
however, to obtain all this integration greatness I had to downgrade my freeipa to 3.3.5 again (revert snapshot) because the katello realm integration tool (foreman-prepare-realm) is not capable of dealing with 4.X versions of freeipa. And now the named-pkcs11 again does not see my internal zones. This page https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart thinks I should contact the freeipa-users list The command 'ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update' didn't fix it. and the command 'ipa-ldap-updater' didn't fix it either. So I am now stuck at freeipa 3.3.5 again (with a working katello integration, so I got some mixed emotions about it) Any ideas anyone ? Rob 2014-10-29 22:14 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>: > Hello, > > I've tested the update again. > > The bind-utils conflict is still there when I issue "yum update > freeipa-server" ( as indicated on the freeipa 4.1 download page > http://www.freeipa.org/page/Downloads#Upgrading ) > > 'yum update' works fine > > My internal zones didn't resolv after the update > ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't fix > it > ipa-ldap-updater did fix the 'access control instructions' and my internal > dns zones started to resolv again :-) > > Cheers > Rob > > > 2014-10-29 18:14 GMT+01:00 Petr Spacek <pspa...@redhat.com>: > >> On 29.10.2014 16:46, Rob Verduijn wrote: >> >>> Hello, >>> >>> # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update >>> fixes the problem. >>> >>> I can resolv my internal dns zones again:-) >>> >>> Many thanx. >>> >>> Since this problem happened every time I tried to update the freeipa >>> server. >>> I could re-run the update with some debug options if you like so you can >>> pinpoint what goes wrong with the update script if you like. >>> >> >> I have re-build some packages in mkosek's CORP so now you should not see >> encounter dependency problems. Simple 'yum upgrade' should give you all the >> required packages. >> >> We are looking at other problems in upgrade process right now so there is >> not much to test except package dependencies. >> >> -- >> Petr^2 Spacek >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
