Re: [Freeipa-users] replication on Debian and Ubuntu
Hi Rob, On Mittwoch, 27. Mai 2015, Rob Crittenden wrote: > You need to resolve this error: > > TLS: could not initialize moznss PEM module - error -5977:Failure to > load dynamic library. thanks! I suspected that but it's great to have that confirmed. > Without this you have no SSL in openldap, so lots of things won't work. I'm currently rebuilding krb5 against the openldap build against libnss, to then rebuild libapache-mod-auth-kerb against that same openldap, to then rebuild freeipa against all those. Hoping that this will fix it. > This is probably also causing the ldappasswd to fail at the end of > ipa-server-install. ah! Thanks again, will keep you posted about my progress or failure! :-) cheers, Holger signature.asc Description: This is a digitally signed message part. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] replication on Debian and Ubuntu
Holger Levsen wrote: Hi, first of all: thanks for FreeIPA, I think it's pretty usefull, well done and was missing for a long time. IOW: I really like it, thank you for your work! That, I'm having a serious problem with it: replication on Debian doesnt work at all. Which is partly expected (as Debian uses openldap build against gnutls, while Fedora builds openldap against libNSS), so I have rebuild my Debian packages against libNSS too. It still doesnt work. This I have documented extensivly in https://bugs.debian.org/786411 - please have a look at the full story there. I'd be really thankful for any hints resolving this - it could simple be a configuration problem, I think the software should do it. Also, I've heard that 4.2 will be using GSSAPI for replication so this issue should become mood, but we would really like to deploy a (Debian based) FreeIPA server now and not in a few months. (And while FreeIPA is really really cool, without working replication I don't think I can recommend it.) If there is anything I could help with, eg more logs or trying some options or building a patch, I'd be glad to. You can comment directly to https://bugs.debian.org/786411 by sending an email to 786...@bugs.debian.org - or just reply to this mail / me and I'll append to the bug if its useful. You need to resolve this error: TLS: could not initialize moznss PEM module - error -5977:Failure to load dynamic library. Without this you have no SSL in openldap, so lots of things won't work. This is probably also causing the ldappasswd to fail at the end of ipa-server-install. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] replication on Debian and Ubuntu
Hi, first of all: thanks for FreeIPA, I think it's pretty usefull, well done and was missing for a long time. IOW: I really like it, thank you for your work! That, I'm having a serious problem with it: replication on Debian doesnt work at all. Which is partly expected (as Debian uses openldap build against gnutls, while Fedora builds openldap against libNSS), so I have rebuild my Debian packages against libNSS too. It still doesnt work. This I have documented extensivly in https://bugs.debian.org/786411 - please have a look at the full story there. I'd be really thankful for any hints resolving this - it could simple be a configuration problem, I think the software should do it. Also, I've heard that 4.2 will be using GSSAPI for replication so this issue should become mood, but we would really like to deploy a (Debian based) FreeIPA server now and not in a few months. (And while FreeIPA is really really cool, without working replication I don't think I can recommend it.) If there is anything I could help with, eg more logs or trying some options or building a patch, I'd be glad to. You can comment directly to https://bugs.debian.org/786411 by sending an email to 786...@bugs.debian.org - or just reply to this mail / me and I'll append to the bug if its useful. Thanks! cheers, Holger signature.asc Description: This is a digitally signed message part. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project