[Freeipa-users] Problem in CLI after upgrade to 4.1.0
Nicola Canepa
canepa.n at mmfg.it
Fri Jul 17 03:49:13 UTC 2015
I think the problem is the upgrade from freeipa-* to ipa-*, which does not run the scripts cortectly.
Previously I had to run:
/usr/sbin/ipa-ldap-updater --upgrade --quiet >/dev/null || :/usr/sbin/ipa-upgradeconfig --quiet >/dev/null || :
/bin/systemctl enable ipa.service
Noe I also needed:
python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()'
tempfile=$(mktemp)
if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tempfile" 2>>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tempfile" >>/var/log/ipaupgrade.log 2>&1
elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tempfile" 2>>/var/log/ipaupgrade.log; then
certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tempfile" >>/var/log/ipaupgrade.log 2>&1
fi
rm -f "$tempfile"
And also the ipa commands work correctly.
Nicola
Il 16 Luglio 2015 14:01:47 CEST, Nicola Canepa <canepa.n at mmfg.it> ha scritto:
>I upgraded from freeipa 4.0 to ipa-4.1.0
>Users continue to be authenticated, and web GUI works, but from command
>
>line for every ipa command (after autheiticating with kinit), I get:
>> [root at ldap-01 ~]# ipa config-show
>> ipa: ERROR: cannot connect to 'https://ldap-01.mmfg.it/ipa/json':
>> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an
>old,
>> unsupported format.
>
>Nicola
More information about the Freeipa-users
mailing list