Hi, On Fri, Dec 17, 2010 at 13:25, Simo Sorce <sso...@redhat.com> wrote: >> I have recently upgraded one of our server from Fedora 13 to 14. >> Recently, I noticed that I cannot reset user passwords any more: >> >> A database error occurred: Operations error: Failed to update password >> >> The log file contains the following entries: >> [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - encoding asn1 >> EncryptionKey failed [16/Dec/2010:10:47:08 -0500] ipa_pwd_extop - >> encoding asn1 KrbSalt failed [16/Dec/2010:10:47:08 -0500] >> ipa_pwd_extop - key encryption/encoding failed >> >> Packages: >> 389-ds-base-1.2.7.4-1.fc14.x86_64 >> ipa-server-1.2.2-5.fc14.x86_64 >> >> This appears similar to a bug reported a couple of weeks ago: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=658832 >> >> Although the above report is related to ipa-getkeytab rather than >> ipa-passwd. If they are the same issue, then this bug is more serious >> since I can't create new users or allow password changes. > > Yes it is almost certainly the same issue, as the ipa-pwd-exop plugin > handles all password changes and keytab issuance. > >> Does anyone have a status on this? > > We have a patch for the v2 version of the plugins but haven't yet found > the time to backport to 1.2.2. > > A workaround is to downgrade DS to a version not compiled with openldap > libs (or recompile it with mozldap). > > If you look in this list archives you will also find that Thomas Sailer > has created a backport of the patch and posted a srpm on his fedora > people page. > > We hope to address the issue as soon as possible, but we are short on > time in this period.
No problem, thanks for the response. For reference, the archived post with link to the SRPM is here: https://www.redhat.com/archives/freeipa-users/2010-December/msg00011.html Thanks, Dan _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users