Holger Levsen wrote:
Hi,

first of all: thanks for FreeIPA, I think it's pretty usefull, well done and
was missing for a long time. IOW: I really like it, thank you for your work!

That, I'm having a serious problem with it: replication on Debian doesnt work
at all. Which is partly expected (as Debian uses openldap build against
gnutls, while Fedora builds openldap against libNSS), so I have rebuild my
Debian packages against libNSS too. It still doesnt work.

This I have documented extensivly in https://bugs.debian.org/786411 - please
have a look at the full story there. I'd be really thankful for any hints
resolving this - it could simple be a configuration problem, I think the
software should do it.

Also, I've heard that 4.2 will be using GSSAPI for replication so this issue
should become mood, but we would really like to deploy a (Debian based)
FreeIPA server now and not in a few months. (And while FreeIPA is really
really cool, without working replication I don't think I can recommend it.)

If there is anything I could help with, eg more logs or trying some options or
building a patch, I'd be glad to.

You can comment directly to https://bugs.debian.org/786411 by sending an email
to 786...@bugs.debian.org - or just reply to this mail / me and I'll append to
the bug if its useful.

You need to resolve this error:

TLS: could not initialize moznss PEM module - error -5977:Failure to load dynamic library.

Without this you have no SSL in openldap, so lots of things won't work.

This is probably also causing the ldappasswd to fail at the end of ipa-server-install.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to