Giovanni Bechis via FreeIPA-users wrote: > > Hi, > running latest FreeIPA upgrade I encountered an error and the freeipa upgrade > failed. > > The upgrade script tries to add [ipa_server_mode] to my sssd.conf domain > section but it fails even if /etc/sssd.conf > has those options set. > Atm I am running ipa-server-4.6.8-5.el7.centos.5.x86_64 and my sssd.conf file > is the following: > > ------------------------------------------------------------------------------------------------------------------------- > [sssd] > domains = domain.tld > config_file_version = 2 > services = nss, ifp, pam, ssh > > [domain/domain.tld] > id_provider = ldap > auth_provider = ldap > chpass_provider = ldap > ldap_uri = ldaps://srv.domain.tld > ldap_user_search_base = cn=users,cn=accounts,dc=domain,dc=tld > ldap_group_search_base = cn=groups,cn=compat,dc=domain,dc=tld > ldap_default_bind_dn = uid=ldapdn,cn=users,cn=compat,dc=domain,dc=tld > ldap_default_authtok = XXX > ldap_id_use_start_tls = True > ldap_tls_cacertdir = /etc/openldap/cacerts > ldap_tls_cacert = /etc/openldap/cacerts/ca.crt > ldap_tls_reqcert = allow > ldap_user_ssh_public_key = ipaSshPubKey > cache_credentials = True > enumerate = True > > [ifp] > allowed_uids = ipaapi, root > ------------------------------------------------------------------------------------------------------------------------- > > I am using FreeIPA only as an ldap web gui, all my services are using ldaps > protocol. > By commenting the relevant lines in > "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py" > the upgrade proceeds and all works fine. > > Is there any way to prevent the upgrade script from crashing every time ?
We need more specific information on what you mean by crash. Seeing the upgrade log would help. It looks like you are using IPA in a pretty radical way that is completely untested. This _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
