[Freeipa-devel] non-unique name for memberPrincipal in master (s4u2proxy)
Alexander Bokovoy
abokovoy at redhat.com
Wed Feb 22 16:44:52 UTC 2012
On Wed, 22 Feb 2012, Alexander Bokovoy wrote:
> when trying to get FreeIPA master running on F17, after applying
> python-ldap upstream fix for FreeIPA ticket #2383, I'm still getting
> issues with non-uniqueness of memberPrincipal attribute.
>
> Unexpected error - see ipaserver-install.log for details:
> NAME not unique for ( 2.16.840.1.113730.3.8.11.20 NAME
> 'memberPrincipal' DESC 'Principal names member of a groupOfPrincipals
> group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA-v3')
>
> The attribute comes as part of s4u2proxy.
>
> Rob, any idea what is wrong here?
Short followup after discussing with Rob:
python-ldap since 2.4.3 has changed a way to detect schema issues.
There is no clear description of what has changed and how to properly
handle the schema comparisons now. We have ticket 2383 in March bucket
to get this worked on.
Without the fix you can't install FreeIPA master on F17. If you need
to do that, please downgrade python-ldap for time being. :(
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list