[Freeipa-devel] installation issues

Rob Crittenden rcritten at redhat.com
Thu May 15 13:25:58 UTC 2008 

Mark Christiansen wrote:
> Hello everyone,
> 
> I joined the developer list to attempt to work out basic issues with 
> installation both in a Virtual Machine running FC7 (VMware) and on 
> RHEL5.1.  I am unable to install on either platform.  Please help me 
> work it out, as I would love to help make freeipa a better tool.
> 
> First of all, on the RHEL5.1 machine, issuing a "yum install 
> --enablerepo=updates-testing ipa-server" doesn't work.  What now?  Could 
> this be added to the installation or troubleshooting page somehow?  (Is 
> this something I can help maintain?)

RHEL 5.1 is missing a slew of packages that one would need to get IPA 
working. and some of the packages it ships aren't current enough including:

Requires:
  TurboGears (and about 20 dependencies)
  a newer krb5 server
  krb5-server-ldap built
  python-kerberos
  a newer mod_nss
  python-tgexpandingformwidget
  and maybe python-krbV

freeIPA has focused development on Fedora systems for now because that 
is what Simo and I develop on (I'm still on F-7).

> Secondly, on the FC7 VM, whenever I issue a ldap* command, I get an 
> error from ldap_sasl_interactive_bind_s.  I am a noob, but the web page 
> suggests I should update fedora-ds.  I thought doing the yum install 
> command should take care of installing that package.  If I do a yum 
> list, I can clearly see I have a sufficient level of fedora-ds.  If I 
> continue to modify the installation for a VM as the instructions state, 
> I eventually lose the ability to communicate to freeipa through the html 
> page.  So really, there are two issues here.

I'm assuing you've already set up your IPA server using 
ipa-server-install. Do the ipa-* commands work? e.g. ipa-finduser admin?

To do an authenticated ldap* command you'll want to do something like:

ldapsearch -Y GSSAPI -b "dc=freeipa,dc=org" uid=admin

This of course assumes you have a kerberos ticket.

Otherwise, to do simple auth instead of SASL, use the -x option instead 
of -Y:

ldapsearch -x -b "dc=freeipa,dc=org" uid=admin

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080515/6676e793/attachment.bin>

More information about the Freeipa-devel mailing list