Bug 2112243

Summary: dogtag uses deprecated constant ldap.OPT_X_TLS which breaks in rawhide with python-ldap 3.4.1
Product: [Fedora] Fedora Reporter: Alexander Bokovoy <abokovoy>
Component: dogtag-pkiAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, alee, alexander.m.scheel, cdorney, cfu, cheimes, ckelley, edewata, frenaud, jmagne, kwright, mfargett, mharmsen, mkdineshprasanth
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-08 12:15:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Bokovoy 2022-07-29 06:52:12 UTC 
python-ldap 3.4.1 removed a constant OPT_X_TLS which was deprecated in OpenLDAP some time ago. With https://bodhi.fedoraproject.org/updates/FEDORA-2022-fb02fe60bb update FreeIPA is not not installable in Rawhide because dogtag uses it:

 ./base/server/python/pki/server/deployment/__init__.py:            ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)

This line should simply be removed.
Comment 1 Marco Fargetta 2022-07-29 09:22:16 UTC 
This has been fixed upstream.
Comment 2 Florence Blanc-Renaud 2022-08-08 07:32:20 UTC 
Our nightly tests [1] are now passing with dogtag-pki update to dogtag-pki-11.2.0-2.fc37 [2].

I'm not sure of the workflow followed by pki-dogtag component on rawhide, but from IPA standpoint the issue is fixed. Can you update the BZ status accordingly?

[1] http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/793e5828-1573-11ed-ae96-fa163ec89814/report.html
[2] https://bodhi.fedoraproject.org/updates/FEDORA-2022-94eb716c5c
Comment 3 Chris Kelley 2022-08-08 12:15:03 UTC 
If your CI is green again then I will close, thanks!