For the record, the FreeIPA version is freeipa-server-4.1.4-5.fc23.x86_64

Proposed as a Blocker for 23-beta by Fedora user sgallagh using the blocker tracking app because:

 "The core functional requirements for all Featured Server Roles must be met, but it is acceptable if moderate workarounds are necessary to achieve this."

Due to this bug, it is impossible to deploy the Domain Controller Role (a Featured Server Role in Fedora 23)

Meant to block Alpha...

+1 Alpha blocker

This is caused by a new method added in a recent version of Tomcat which will be fixed with a new TomcatJSS build (bug #1245786).

This is fixed by installing tomcatjss-7.1.3-1.fc23 package. The pki-core dependency will be updated soon.

I'm -1 blocker. Let me explain: sgallagh doesn't think this needs to go on the DVD, as roles usually come from the network and it's fairly unusual for someone to install the deps from the DVD. We have a 'reasonable workarounds allowed' caveat in the criteria to allow for this.

This doesn't even really need to be pushed stable, as network role deployments should pull from updates-testing in any case (as it's enabled by default).

To be clear, this fix still needed to be there. It's just that we happen to have a little wiggle-room on how we deliver it (we don't need to force a respin of the install media *just* for this). For the purposes of bookkeeping, I agree with the -1 blocker (as that would be defined as requiring it on the DVD). That said, if the release slipped for other reasons, I'd be +1 FE to putting this fix on subsequent respins.

That said, thank you for the fast turnaround on this. It's much appreciated.

This was discussed in the 2015-08-06 Go/No-Go meeting. It was denied as a blocker due to the wiggle room provided in the criterion. Accepted as an FE if we slip and have to respin.

This was fixed in the following ticket:
https://fedorahosted.org/pki/ticket/1542