In current F34 and Rawhide, FreeIPA server deployment is failing in the same way as it is on F32 and F33 with the pending 389-ds-base updates:
See this comment from ab with some details:
I'm filing a bug to track this from openQA and also to propose it as a 34 Beta blocker, because it is one, per "It must be possible to configure a Fedora Server system installed according to the above criteria as a FreeIPA domain controller, using the official deployment tools provided in the distribution FreeIPA packages" - https://fedoraproject.org/wiki/Basic_Release_Criteria#FreeIPA_server_requirements
Created attachment 1757673 [details]
log tarball from a failure on F34
Discussed during the 2021-02-22 blocker review meeting: 
The decision to classify this bug as an "AcceptedBlocker (Beta)" was made as it violates the following Basic criterion:
"It must be possible to configure a Fedora Server system installed according to the above criteria as a FreeIPA domain controller, using the official deployment tools provided in the distribution FreeIPA packages"
Any word on a fix for this? It's been broken for some time.
This has been rebuilt into a side-tag for Fedora on Thursday:
Side tag 'f35-build-side-37912' (id 37912) created.
Side tag 'f34-build-side-37914' (id 37914) created.
Side tag 'f33-build-side-37916' (id 37916) created.
Side tag 'f32-build-side-37918' (id 37918) created.
It includes a rebuilt 389ds package where applicable and I believe a IPA update as well.
I'll let Bokovoy communicate overall state of side tag and when it will be merged.
I believe there's still some discussion as to whether or not we should rebuild f34 and rawhide pki-core inside the side tag to pick up an ELN fix.
I think I actually saw an update where the tests passed. Now I have to find it again. :D
FEDORA-2021-263244c071 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-263244c071
There are four Bodhi updates which include dogtag, 389-ds, and freeipa, all rebuilt with dependencies enforced in such a way that 389-ds CVE fix will not break them.
FEDORA-2021-263244c071 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Setting to ON_QA since this is an accepted blocker and we want to make sure the openQA tests pass with these updates.
They did, it's fixed.