Public bug reported:
freeipa fails to configure on s390x. (Configuration being handled by
the freeipa-server-install script)This script has two failure
points. The first is below:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1600634 describes
a known bug but it was only resolved for x86_64.
In the falling scenario the install log will have entries like the
following:
2018-04-10T18:53:01Z DEBUG nsslapd-pluginenabled:
2018-04-10T18:53:01Z DEBUG on
2018-04-10T18:53:01Z DEBUG nsslapd-pluginpath:
2018-04-10T18:53:01Z DEBUG
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so
2018-04-10T18:53:01Z DEBUG nsslapd-pluginversion:
2018-04-10T18:53:01Z DEBUG 0.8
Obviously on s390x
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so will never be
found.
Now if I create a symbolic link with the above name that is linked to
the same location but with s390x where x86_64 is located, the install
will proceed past this failing location.
The second failure point in the freeipa-server-install script is near
the end, after the script has completed the freeipa-server-install and
where it attempts to install the freeipa-client. The client install
appears to fail because of a problem with certificates related to the
server install.
2018-04-17T12:14:59Z ERROR Cannot connect to the server due to generic
error: Insufficient access: SASL(-4): no mechanism available: No worthy
mechs found (Unknown authentication method)
The above appears to be related to an issue with the key database
# certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.
# ipa cert-show 1
ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupported format.
# ipa user-add
First name: Richard
>>> First name: Leading and trailing spaces are not allowed
First name: Richard
Last name: Young
User login [ryoung]: ryoung1
ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupported format.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-166796 severity-high
targetmilestone-inin1604
** Tags added: architecture-s39064 bugnameltc-166796 severity-high
targetmilestone-inin1604
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1764744
Title:
Support of freeipa-server for s390x
Status in linux package in Ubuntu:
New
Bug description:
freeipa fails to configure on s390x. (Configuration being handled by
the freeipa-server-install script)This script has two failure
points. The first is below:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1600634
describes a known bug but it was only resolved for x86_64.
In the falling scenario the install log will have entries like the
following:
2018-04-10T18:53:01Z DEBUG nsslapd-pluginenabled:
2018-04-10T18:53:01Z DEBUG on
2018-04-10T18:53:01Z DEBUG nsslapd-pluginpath:
2018-04-10T18:53:01Z DEBUG
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so
2018-04-10T18:53:01Z DEBUG nsslapd-pluginversion:
2018-04-10T18:53:01Z DEBUG 0.8
Obviously on s390x
/usr/lib/x86_64-linux-gnu/dirsrv/plugins/schemacompat-plugin.so will never be
found.
Now if I create a symbolic link with the above name that is linked to
the same location but with s390x where x86_64 is located, the install
will proceed past this failing location.
The second failure point in the freeipa-server-install script is near
the end, after the script has completed the freeipa-server-install and
where it attempts to install the freeipa-client. The client install
appears to fail because of a problem with certificates related to the
server install.
2018-04-17T12:14:59Z ERROR Cannot connect to the server due to generic
error: Insufficient access: SASL(-4): no mechanism available: No
worthy mechs found (Unknown authentication method)
The above appears to be related to an issue with the key database
# certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key
database is in an old, unsupported format.
# ipa cert-show 1
ipa: ERROR: cannot connect to 'https://fipas1.pdl.pok.ibm.com/ipa/json':
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupported format.
# ipa user-add
First name: Richard
>>> First name: Leading and trailing spaces are not allowed
First name: Richard
Last name: Young
User login
