Bug 818723
Summary: | ipa-server-install after uninstall failing with the latest update for openldap-clients | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> | |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> | |
Status: | CLOSED NOTABUG | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 6.2 | CC: | jvcelak, mkosek, sgallagh | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 818844 (view as bug list) | Environment: | ||
Last Closed: | 2012-05-07 14:35:51 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 818844, 819536 |
Description
Jenny Severance
2012-05-03 19:37:05 UTC
We set TLS_CACERTDIR to /etc/openldap/certs in ldap.conf with default openldap installation. This change was introduced as a fix for bug #742023. This might be the cause. Together with Jan Vcelak I investigated this issue in ipa-client-install. The issue only occurs when the new openldap nss db is set in TLS_CACERTDIR configuration option. When its commented out in /etc/openldap/ldap.conf or ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "") is added to the LDAP connection initialization in ipa-client-install, the installation works OK. The second change can be used as a workaround until the issue in openldap is fixed. |