[Freeipa-devel] non-unique name for memberPrincipal in master (s4u2proxy)
Rob Crittenden
rcritten at redhat.com
Wed Feb 22 23:03:10 UTC 2012
Alexander Bokovoy wrote:
> On Wed, 22 Feb 2012, Alexander Bokovoy wrote:
>> when trying to get FreeIPA master running on F17, after applying
>> python-ldap upstream fix for FreeIPA ticket #2383, I'm still getting
>> issues with non-uniqueness of memberPrincipal attribute.
>>
>> Unexpected error - see ipaserver-install.log for details:
>> NAME not unique for ( 2.16.840.1.113730.3.8.11.20 NAME
>> 'memberPrincipal' DESC 'Principal names member of a groupOfPrincipals
>> group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA-v3')
>>
>> The attribute comes as part of s4u2proxy.
>>
>> Rob, any idea what is wrong here?
> Short followup after discussing with Rob:
>
> python-ldap since 2.4.3 has changed a way to detect schema issues.
> There is no clear description of what has changed and how to properly
> handle the schema comparisons now. We have ticket 2383 in March bucket
> to get this worked on.
>
> Without the fix you can't install FreeIPA master on F17. If you need
> to do that, please downgrade python-ldap for time being. :(
>
My patch 958 should fix. You should be able to update to latest
python-ldap again too if you downgraded.
rob
More information about the Freeipa-devel
mailing list