<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 12.07.2016 16:45, Christian Heimes wrote: </div> <blockquote cite="mid:cc545862-63ee-9c4a-6a80-d5a44d5ccd89@redhat.com" type="cite"> <pre wrap="">Custodia's server.keys file contain the private RSA keys for encrypting and signing Custodia messages. The file was created with permission 644 and is only secured by permission 700 of the directory /etc/ipa/custodia. The installer and upgrader ensure that the file has 600. The server.keys file and all keys are now removed when during uninstallation of a server, too. <a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=1353936">https://bugzilla.redhat.com/show_bug.cgi?id=1353936</a> <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/6015">https://fedorahosted.org/freeipa/ticket/6015</a> <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/6056">https://fedorahosted.org/freeipa/ticket/6056</a> </pre> <fieldset class="mimeAttachmentHeader"></fieldset> </blockquote> NACK ipa-server-install --uninstall doesn't work 2016-07-19T15:00:34Z INFO Remove Custodia keys 2016-07-19T15:00:34Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 91, in _handle_exception super(Continuous, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner step() File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 71, in _uninstall for nothing in self._uninstaller(self.parent): File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1367, in main uninstall(self) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 265, in decorated func(installer) File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1075, in uninstall custodiainstance.CustodiaInstance().uninstall() File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 88, in uninstall self.__remove_keys() File "/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py", line 74, in __remove_keys keystore.remove_server_keys() File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py", line 224, in remove_server_keys self.remove_keys('host') File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py", line 231, in remove_keys ldapconn.remove_key(KEY_USAGE_SIG, principal) File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py", line 145, in remove_key conn = self.connect() File "/usr/lib/python2.7/site-packages/ipapython/secrets/common.py", line 38, in connect conn.sasl_interactive_bind_s('', auth_tokens) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 244, in sasl_interactive_bind_s return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags) File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) SERVER_DOWN: {'desc': "Can't contact LDAP server"} </body> </html>