Thomas Sailer wrote:
I upgraded a freeipa server from fedora 20 to fedora 22. It mostly
worked ok, but there are a few issues:
- pki-tomcat didn't start after the upgrade, and that in turn made
ipa-upgradeconfig fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
had the wrong owner (root).
- ipa-ldap-updater stumbles over two problems:
- Pre schema upgrade failed
- when trying to modify cn=encryption,cn=config, it stumbles over
allowWeakCipher not allowed
Does anyone know how to fix this? Is the pre schema upgrade failure
spurious? what bits am I missing about the allowWeakCipher issue?
I think the issue was that the upgrade was done in a chroot, so systemd
couldn't start 389-ds. I'm guessing, but I'll bet the "No such file or
directory" is the ldapi socket.
You can safely re-run the upgrade scripts:
# /usr/sbin/ipa-ldap-updater --upgrade
I'd re-run those and see if the errors change, or hopefully, go away
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project