Bug 1061839 - FreeIPA does not work with ppc64 machines
Summary: FreeIPA does not work with ppc64 machines
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 20
Hardware: ppc64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-05 17:59 UTC by Vitor de Lima
Modified: 2014-02-10 12:45 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-02-06 13:13:00 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
FreeIPA installation log (54.14 KB, text/plain)
2014-02-05 17:59 UTC, Vitor de Lima 		no flags Details
journalctl output after the failed install (603.98 KB, text/plain)
2014-02-05 18:01 UTC, Vitor de Lima 		no flags Details
View All

Description Vitor de Lima 2014-02-05 17:59:57 UTC 
Created attachment 859771 [details]
FreeIPA installation log

Description of problem:
The installation of FreeIPA fails in a fresh install of Fedora Core 20

Version-Release number of selected component (if applicable):
20

How reproducible:
Always

Steps to Reproduce:
1. Correctly configure the network settings of the machine
2. Run ipa-server-install 

Actual results:
The installation fails.

Expected results:
The IPA server gets properly installed.

Additional info:
See the attached logs.
Comment 1 Vitor de Lima 2014-02-05 18:01:00 UTC 
Created attachment 859772 [details]
journalctl output after the failed install
Comment 2 Martin Kosek 2014-02-06 07:53:13 UTC 
This is the root cause:

Fev 05 15:55:16 dsb005.corp.eldorado.org.br systemd[1]: Starting 389 Directory Server CORP-ELDORADO-ORG-BR....
Fev 05 15:55:17 dsb005.corp.eldorado.org.br ns-slapd[3515]: [05/Feb/2014:15:55:17 -0200] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-CORP-ELDORADO-ORG-BR/schema/60basev3.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type (2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' ): Failed to parse attribute, error(2 - Unexpected token) at ( caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' ))
Fev 05 15:55:17 dsb005.corp.eldorado.org.br ns-slapd[3515]: [05/Feb/2014:15:55:17 -0200] dse - Please edit the file to correct the reported problems and then restart the server.
Fev 05 15:55:17 dsb005.corp.eldorado.org.br systemd[1]: dirsrv: control process exited, code=exited status=1

What version of freeipa-server and 389-ds-base do you have? This issue was fixed in FreeIPA 3.0 year ago:
https://fedorahosted.org/freeipa/ticket/3398
https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8/

Can you run following command?

$ grep OREDRING /usr/share/ipa/60basev3.ldif
Comment 3 Vitor de Lima 2014-02-06 11:35:55 UTC 
freeipa-server version: 3.1.2-3.fc19
389-ds-base version: 1.3.2.9-1.fc20

Output of "grep OREDRING /usr/share/ipa/60basev3.ldif":

 grep OREDRING /usr/share/ipa/60basev3.ldif
attributeTypes: (2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' DESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat/Netbios Name' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch OREDRING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'User Logon Script Name' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'User Profile Path' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'NT Domain GUID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
Comment 4 Martin Kosek 2014-02-06 13:13:00 UTC 
Ok, I see you are using an old version. If you use freeipa-server of version 3.2.0 or higher, the problem will go away. Note that F20 has currently freeipa-3.3.4-2.fc20 in updates-testing:

https://admin.fedoraproject.org/updates/FEDORA-2014-1666/freeipa-3.3.4-2.fc20

Closing the bug as CURRENTRELEASE.
Note You need to log in before you can comment on or make changes to this bug.