[Freeipa] [Bug 1764744] Re: Support of freeipa-server for s390x

Tue, 17 Apr 2018 08:21:07 -0700 

** Changed in: freeipa (Ubuntu)
       Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1764744

Title:
  Support of freeipa-server for s390x

Status in Ubuntu on IBM z Systems:
  Triaged
Status in freeipa package in Ubuntu:
  Triaged

Bug description:
  freeipa fails to configure on s390x.   (Configuration being handled by
  the freeipa-server-install script)    This script has two failure
  points.   The first is below:

  https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1600634
  describes a known bug but it was only resolved for x86_64.

  In the falling scenario the install log will have entries like the
  following:

  2018-04-10T18:53:01Z DEBUG nsslapd-pluginenabled:
  2018-04-10T18:53:01Z DEBUG      on
  2018-04-10T18:53:01Z DEBUG nsslapd-pluginpath:
  2018-04-10T18:53:01Z DEBUG      
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so
  2018-04-10T18:53:01Z DEBUG nsslapd-pluginversion:
  2018-04-10T18:53:01Z DEBUG      0.8

  
  Obviously on s390x 
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so will never be 
found.

  Now if I create a symbolic link with the above name that is linked to
  the same location but with s390x where x86_64 is located, the install
  will proceed past this failing location.

  The second failure point in the freeipa-server-install script is near
  the end, after the script has completed the freeipa-server-install and
  where it attempts to install the freeipa-client.  The client install
  appears to fail because of a problem with certificates related to the
  server install.

  2018-04-17T12:14:59Z ERROR Cannot connect to the server due to generic
  error: Insufficient access: SASL(-4): no mechanism available: No
  worthy mechs found (Unknown authentication method)

  The above appears to be related to an issue with the key database

  # certutil -L
  certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key 
database is in an old, unsupported format.

  # ipa cert-show 1
  ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': 
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, 
unsupported format.

  # ipa user-add 
  First name: Richard 
  >>> First name: Leading and trailing spaces are not allowed
  First name: Richard
  Last name: Young
  User login [ryoung]: ryoung1
  ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json': 
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, 
unsupported format.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1764744/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~freeipa
Post to     : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

Reply via email to