Bug 1203024
Summary: | authconfig will not create /etc/openldap/cacerts | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> | ||||
Component: | authconfig | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | jlieskov, lnie, spoore, tmraz | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | authconfig-6.2.10-6.fc22 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-04-21 19:31:31 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Orion Poplawski
2015-03-17 22:56:34 UTC
authconfig-6.2.10-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/authconfig-6.2.10-4.fc22 Tested with authconfig-6.2.10-4.fc22,and got the following output: '' must be a directory. '' must be a directory. Please try authconfig-6.2.10-5.fc22. Still the same: # /usr/sbin/authconfig --update --nostart --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl authconfig: Error downloading CA certificate '/etc/openldap/cacerts' must be a directory. # rpm -q authconfig authconfig-6.2.10-5.fc22.x86_64 Is there /etc/openldap directory? Which of the configuration files: /etc/ldap.conf, /etc/nss_ldap.conf, /etc/pam_ldap.conf, /etc/nslcd.conf, /etc/openldap/ldap.conf do you have on your system and what is the tls_cacertdir option value in the files? Can you attach authconfig --test output? Created attachment 1009688 [details]
authconfig --test output
# ls -l /etc/openldap
total 4
drwxr-xr-x. 2 root root 6 Feb 20 06:13 certs
-rw-r--r--. 1 root root 445 Mar 31 16:19 ldap.conf
ls: cannot access /etc/ldap.conf: No such file or directory
ls: cannot access /etc/nss_ldap.conf: No such file or directory
ls: cannot access /etc/nslcd.conf: No such file or directory
-rw-r--r--. 1 root root 445 Mar 31 16:19 /etc/openldap/ldap.conf
-rw-r--r--. 1 root root 8897 Mar 31 16:19 /etc/pam_ldap.conf
/etc/pam_ldap.conf:#tls_cacertdir /etc/ssl/certs
/etc/pam_ldap.conf:tls_cacertdir /etc/openldap/cacerts
Package authconfig-6.2.10-5.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing authconfig-6.2.10-5.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-5.fc22 then log in and leave karma (feedback). So I've finally found the regression cause - there was a mistake in the Python 3 compatibility patch. Package authconfig-6.2.10-6.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing authconfig-6.2.10-6.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-6.fc22 then log in and leave karma (feedback). looks good from what I can tell. note 192.168.122.30 is an IPA master. Before upgrade: [root@fedora1 ~]# /usr/sbin/authconfig --update --nostart --ldaploadcacert=http://192.168.122.30/ipa/config/ca.crt authconfig: Error downloading CA certificate After upgrading authconfig: [root@fedora1 ~]# dnf update authconfig ...truncated for brevity... Upgraded: authconfig.x86_64 6.2.10-6.fc22 Complete! [root@fedora1 ~]# /usr/sbin/authconfig --update --nostart --ldaploadcacert=http://192.168.122.30/ipa/config/ca.crt [root@fedora1 ~]# Looking better for me on an installed system: # ls /etc/openldap/ certs ldap.conf # /usr/sbin/authconfig --update --nostart --ldaploadcacert=http://www.cora.nwra.com/cgi-bin/getca.pl # ls /etc/openldap/cacerts/ 157753a5.0 authconfig_downloaded.pem My concern now is that this directory wasn't created despite running this command in my kickstart %post section. The default for the directory is now /etc/openldap/certs. You probably install the /etc/pam_ldap.conf only after the authconfig is run in kickstart with the /etc/openldap/cacerts directory set. I think your setup is quite different from normal Fedora install. Ah, I see that now, thanks. authconfig-6.2.10-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |