[Freeipa-users] ipa-server-install problem

Rob Crittenden rcritten at redhat.com
Mon Dec 15 16:39:06 UTC 2008 

Thomas Sailer wrote:
> Hi,
> 
> I'm trying to install ipa-server using the ipa-server-install script on
> a freshly installed and uptodate Fedora 10 x86_64 machine (on bare
> metal). The script terminates with the following error:
> 
> The following operations may take some minutes to complete.
> Please wait until the prompt is returned.                  
> Configuring ntpd                                           
>   [1/4]: stopping ntpd                                     
>   [2/4]: writing configuration                             
>   [3/4]: configuring ntpd to start on boot                 
>   [4/4]: starting ntpd                                     
> done configuring ntpd.                                     
> Configuring directory server:                              
>   [1/17]: creating directory server user
>   [2/17]: creating directory server instance
>   [3/17]: adding default schema
>   [4/17]: enabling memberof plugin
>   [5/17]: enabling referential integrity plugin
>   [6/17]: enabling distributed numeric assignment plugin
>   [7/17]: enabling winsync plugin
>   [8/17]: configuring uniqueness plugin
>   [9/17]: creating indices
>   [10/17]: configuring ssl for ds instance
>   [11/17]: configuring certmap.conf
>   [12/17]: restarting directory server
>   [13/17]: adding default layout
>   [14/17]: configuring Posix uid/gid generation as first master
>   [15/17]: adding master entry as first master
>   [16/17]: initializing group membership
>   [17/17]: configuring directory to start on boot
> done configuring dirsrv.
> Configuring Kerberos KDC
>   [1/13]: setting KDC account password
>   [2/13]: adding sasl mappings to the directory
> root        : CRITICAL failed to add Full Principal Sasl mapping
> Unexpected error - see ipaserver-install.log for details:
>  local variable 'e' referenced before assignment

The root problem is the inability to add the SASL mapping because it 
already exists. The local variable is a bug in the exception handling.

We are trying to add this entry:

cn=Full Principal,cn=mapping,cn=sasl,cn=config
objectclass: top
objectclass: nsSaslMapping
cn: Full Principal
nsSaslMapRegexString: \(.*\)@\(.*\)
nsSaslMapBaseDNTemplate: SUFFIX
nsSaslMapFilterTemplate: (krbPrincipalName=\1@\2)

Can you see if this entry already exists in your DS? I'm not sure how it 
could.

% ldapsearch -x -D "cn=directory manager" -W -b "cn=Full 
Principal,cn=mapping,cn=sasl,cn=config"

thanks

rob

> I also tried to upgrade to ipa 1.2.1-0 available in updates-testing, but
> I get the same error.
> 
> DNS works. What's wrong?
> 
> ipa-python-1.2.1-0.fc10.x86_64
> fedora-ds-base-1.1.3-6.fc10.x86_64
> ipa-admintools-1.2.1-0.fc10.x86_64
> ipa-server-selinux-1.2.1-0.fc10.x86_64
> ipa-server-1.2.1-0.fc10.x86_64
> ipa-client-1.2.1-0.fc10.x86_64
> 
> Thanks,
> Tom
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list