[Freeipa-users] FreeIPA 2.1.4 replication
Alexander Bokovoy
abokovoy at redhat.com
Thu Jan 5 09:10:42 UTC 2012
On Wed, 04 Jan 2012, Alexander Bokovoy wrote:
> On Wed, 04 Jan 2012, Rich Megginson wrote:
> > >Your system may be partly configured.
> > >Run /usr/sbin/ipa-server-install --uninstall to clean up.
> > >[root at fileserver4 ~]#
> > >
> > >I'm running 389-ds-base-1.2.10-0.5.a5.fc16.x86_64, if that helps
> > try
> >
> > 389-ds-base-1.2.10-0.6.a6.fc16.x86_64
> > from updates-testing
> That would mean taking in also nss packages (they are in stable
> already for F16) which will break FreeIPA.
>
> If no those breaks from nss (FEDORA-2011-17400 update), we could have
> 2.1.4 in stable already.
>
> Look at http://bugzilla.redhat.com/show_bug.cgi?id=771357 for details.
> Unfortunately, workarounds are kludgy and require modification deep in
> Dogtag templates.
>
> Backstory for nss part is here
> https://bugzilla.redhat.com/show_bug.cgi?id=737506
As a workaround temporarily one can add following line to
/usr/share/pki/ca/tomcat6.conf before running ipa-server-install:
NSS_SSL_CBC_RANDOM_IV=0
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list