I've managed to integrate my katello configuration with freeipa.
Now I not only use freeipa authentication in katello but also when a host
is defined in katello it automagically gets created in the freeipa realm ,
certs, otp,dns all working great.
however, to obtain all this integration greatness I had to downgrade my
freeipa to 3.3.5 again (revert snapshot) because the katello realm
integration tool (foreman-prepare-realm) is not capable of dealing with 4.X
versions of freeipa.
And now the named-pkcs11 again does not see my internal zones.
I should contact the freeipa-users list
The command 'ipa-ldap-updater
/usr/share/ipa/updates/55-pbacmemberof.update' didn't fix it.
and the command 'ipa-ldap-updater' didn't fix it either.
So I am now stuck at freeipa 3.3.5 again (with a working katello
integration, so I got some mixed emotions about it)
Any ideas anyone ?
2014-10-29 22:14 GMT+01:00 Rob Verduijn <rob.verdu...@gmail.com>:
> I've tested the update again.
> The bind-utils conflict is still there when I issue "yum update
> freeipa-server" ( as indicated on the freeipa 4.1 download page
> http://www.freeipa.org/page/Downloads#Upgrading )
> 'yum update' works fine
> My internal zones didn't resolv after the update
> ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update didn't fix
> ipa-ldap-updater did fix the 'access control instructions' and my internal
> dns zones started to resolv again :-)
> 2014-10-29 18:14 GMT+01:00 Petr Spacek <pspa...@redhat.com>:
>> On 29.10.2014 16:46, Rob Verduijn wrote:
>>> # ipa-ldap-updater /usr/share/ipa/updates/55-pbacmemberof.update
>>> fixes the problem.
>>> I can resolv my internal dns zones again:-)
>>> Many thanx.
>>> Since this problem happened every time I tried to update the freeipa
>>> I could re-run the update with some debug options if you like so you can
>>> pinpoint what goes wrong with the update script if you like.
>> I have re-build some packages in mkosek's CORP so now you should not see
>> encounter dependency problems. Simple 'yum upgrade' should give you all the
>> required packages.
>> We are looking at other problems in upgrade process right now so there is
>> not much to test except package dependencies.
>> Petr^2 Spacek
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project