Bug 658832
| Summary: | 389-ds-base 1.2.7 breaks ipa_pwd_extop | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Charles Leclerc <charles> | ||||
| Component: | ipa | Assignee: | Simo Sorce <ssorce> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 14 | CC: | dan, dpal, nagy.martin, pat, rcritten, rmeggins, ssorce, trailtotale | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-1.2.2-6.fc14 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-02-07 19:57:58 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Charles Leclerc
2010-12-01 12:48:52 UTC
What version of IPA is this? Can you please provide more information about the IPA version you are using? Is it 1.2.x? If so then yes there might be some incompatibilities with latest 389. We are actively working on the v2 which is coming out pretty soon that will take advantage of the latest 389 changes. Sorry for the inconvenience. It is last ipa-1.2.2-5 from updates repository. Well, this is unfortunate but expected. Would you mind if I close the bug with WONTFIX? The issue will not be there when IPA v2 lands into Fedora. We are seeing the same problem with IPA v2 code. It may be happening because 1.2.7 switched to use openldap libraries internally. If the investigation on the v2 code yields a simple patch we will respin ipa 1.2.2 packages for F14 too. I'm seeing a similar (identical?) issue with a FreeIPA server upgraded from Fedora 13 to 14 when attempting to reset a user's password: A database error occurred: Operations error: Failed to update password The log file contains the following entries: [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1 EncryptionKey failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1 KrbSalt failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - key encryption/encoding failed Packages: 389-ds-base-1.2.7.4-1.fc14.x86_64 ipa-server-1.2.2-5.fc14.x86_64 I've also run into this issue while installing FreeIPA on Fedora14. Running 'ipa-server-install --debug' confirms the asn1 encoding issue mentioned above. Looking forward to V2. In order to reproduce the error, do I just have to run ipa-getkeytab? Usually that's enough to make the ipa-pwd-extop plugin operate and drag in the mozldap libraries. This in turn should cause issues as there are symbol names that conflict with openldap libs. ipa-1.2.2-6.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/ipa-1.2.2-6.fc14 Created attachment 475857 [details]
Rich's backport patch to fix ldap libs issues
This is the patch Richm kindly provided for ipa 1.2
It is the backport of the patch we did for v 2.0
This should fix all password related issues lately seen on Fedora 14.
Please test the package and give karma, or note here in the bug, if it works for you.
ipa-1.2.2-6.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ipa'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/ipa-1.2.2-6.fc14 ipa-1.2.2-6.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |