[Freeipa-devel] rawhide's ipa-server-install fails to configure directory server

Perry N. Myers pmyers at redhat.com
Sat Mar 29 10:08:20 UTC 2008 

Jim Meyering wrote:
> Please wait until the prompt is returned.
> Configuring ntpd
>   [1/4]: stopping ntpd
>   [2/4]: writing configuration
>   [3/4]: configuring ntpd to start on boot
>   [4/4]: starting ntpd
> done configuring ntpd.
> Configuring directory server:
>   [1/16]: creating directory server user
>   [2/16]: creating directory server instance
>   [3/16]: adding default schema
>   [4/16]: enabling memberof plugin
> root        : CRITICAL Failed to load memberof-conf.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/memberof-conf.ldif' returned non-zero exit status 49
>   [5/16]: enabling referential integrity plugin
> root        : CRITICAL Failed to load referint-conf.ldif: Command
> '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/referint-conf.ldif' returned non-zero exit status 49
>   [6/16]: enabling distributed numeric assignment plugin
> root        : CRITICAL Failed to load dna-conf.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/dna-conf.ldif' returned non-zero exit status 49
>   [7/16]: configuring uniqueness plugin
> root        : CRITICAL Failed to load unique-attributes.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /dev/shm/tmp4dWkvF' returned non-zero exit status 49
>   [8/16]: creating indices
> root        : CRITICAL Failed to load indices.ldif: Command '/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w xxx -f /usr/share/ipa/indices.ldif' returned non-zero exit status 49
>   [9/16]: configuring ssl for ds instance
> Unexpected error - see ipaserver-install.log for details:
>  {'desc': 'Invalid credentials'}
> 
> --------------------------
> When I ran that ldapmodify command manually, it did this:
> 
>   root at iota# ldapmodify -h 127.0.0.1 -xv -D 'cn=Directory Manager' \
>     -w xxx -f /usr/share/ipa/memberof-conf.ldif
>   ldap_initialize( ldap://127.0.0.1 )
>   ldap_bind: Invalid credentials (49)
>   [Exit 49]

This problem still exists in rawhide and as far as I can tell it is not 
ipa related.  The problem is actually with the fedora directory server.

What I've discovered is that if you run ns-slapd with the -d flag (runs 
the server in the foreground) things work fine.  If you run the server 
without the -d flag, you get the Invalid credentials messages even with 
the correct CN and password.

I've been able to reproduce this in fedora-ds-base-1.1.0.1-3.fc9.x86_64.

If anyone has any ideas let me know...  I did some searching to see if 
there is an existing bug for this and I didn't see one.

Perry

More information about the Freeipa-devel mailing list