[Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts.
Rob Crittenden
rcritten at redhat.com
Mon Apr 19 15:27:58 UTC 2010
Pavel Zůna wrote:
> On 4/15/2010 8:18 PM, Rob Crittenden wrote:
>> Pavel Zůna wrote:
>>> On 4/14/2010 4:35 PM, Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> On 03/30/2010 10:27 PM, Rob Crittenden wrote:
>>>>>> Pavel Zuna wrote:
>>>>>>> On 03/23/2010 09:40 PM, Rob Crittenden wrote:
>>>>>>>> Pavel Zuna wrote:
>>>>>>>>> This is the first in a series of patches, that replace all the
>>>>>>>>> legacy
>>>>>>>>> code from v1 related to LDAP. I did some limited testing of the
>>>>>>>>> installer after this patch and nothing seems to break, but I
>>>>>>>>> didn't do
>>>>>>>>> replicas etc...
>>>>>>>>>
>>>>>>>>> Pavel
>>>>>>>>
>>>>>>>> nack. This breaks at least ipa-replica-manage, ipa-replica-prepare,
>>>>>>>> ipa-server-certinstall and ipa-replica-install.
>>>>>>>>
>>>>>>>> rob
>>>>>>> Fixed patch attached.
>>>>>>>
>>>>>>> Pavel
>>>>>>
>>>>>> I'm not sure if you attached the wrong patch or not (it's dated 3/24)
>>>>>> but things are still not working:
>>>>>>
>>>>>> # ipa-replica-install replica-info-tiger.example.com.gpg
>>>>>> Directory Manager (existing master) password:
>>>>>>
>>>>>> creation of replica failed: 'Env' object has no attribute 'basedn'
>>>>>>
>>>>>> Your system may be partly configured.
>>>>>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>>>>>
>>>>>> rob
>>>>> Sorry for a late reply. Here's a patch that should finally work. I did
>>>>> a lot more testing and setting up a replica went smoothly every time.
>>>>>
>>>>> Pavel
>>>>
>>>> Lots better. I was able to create and manage replicas but
>>>> ipa-dns-install isn't working:
>>>>
>>>> # ipa-dns-install
>>>>
>>>> The log file for this installation can be found in
>>>> /var/log/ipaserver-install.log
>>>> ==============================================================================
>>>>
>>>>
>>>>
>>>> This program will setup DNS for the FreeIPA Server.
>>>>
>>>> This includes:
>>>> * Configure DNS (bind)
>>>>
>>>> To accept the default shown in brackets, press the Enter key.
>>>>
>>>> Existing BIND configuration detected, overwrite? [no]: y
>>>> Do you wish to configure DNS forwarders? [no]:
>>>> No DNS forwarders configured
>>>> Directory Manager password:
>>>>
>>>> Unexpected error - see ipaserver-install.log for details:
>>>> 'API' object has no attribute 'env_host'
>>> Ouch, sorry about that. New patch attached.
>>>
>>> Pavel
>>>
>>
>> Still not working:
>>
>> root : CRITICAL Could not modify principal's
>> krbprincipalname=DNS/lion.greyoak.com at GREYOAK.COM,cn=services,cn=accounts,dc=greyoak,dc=com
>>
>> entry
>> Unexpected error - see ipaserver-install.log for details:
>>
>> The backtrace is:
>> File "/usr/sbin/ipa-dns-install", line 172, in <module>
>> sys.exit(main())
>> File "/usr/sbin/ipa-dns-install", line 158, in main
>> bind.create_instance()
>> File
>> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
>> line 195, in create_instance
>> self.start_creation("Configuring named:")
>> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py",
>> line 237, in start_creation
>> method()
>> File
>> "/usr/lib/python2.6/site-packages/ipaserver/install/bindinstance.py",
>> line 293, in __setup_principal
>> raise e
>> ('expected a string in the list', u'k')
>>
>> rob
> This is fixed in the ipa-dns-install patch I posted yesterday. I thought
> this wasn't caused by the changes made by the "Use ldap2..." patch.
>
> The problem here is that we call python-ldap with a unicode string. The
> string is generated from api.env constants that have become unicode a
> month or two ago.
>
> Anyway, I can always move the fix to this problem from the
> ipa-dns-install patch into this one. However I need to talk to Martin
> about the bindinstance.py file - I'll make sure to resolve this by the
> end of today.
>
> Pavel
With the DNS patches also applied this seems to be working ok.
pushed to master
More information about the Freeipa-devel
mailing list