[Pkg-freeipa-devel] [Freeipa-users] replication on Debian and Ubuntu
Rob Crittenden
rcritten at redhat.com
Wed May 27 13:33:56 UTC 2015
Holger Levsen wrote:
> Hi,
>
> first of all: thanks for FreeIPA, I think it's pretty usefull, well done and
> was missing for a long time. IOW: I really like it, thank you for your work!
>
> That, I'm having a serious problem with it: replication on Debian doesnt work
> at all. Which is partly expected (as Debian uses openldap build against
> gnutls, while Fedora builds openldap against libNSS), so I have rebuild my
> Debian packages against libNSS too. It still doesnt work.
>
> This I have documented extensivly in https://bugs.debian.org/786411 - please
> have a look at the full story there. I'd be really thankful for any hints
> resolving this - it could simple be a configuration problem, I think the
> software should do it.
>
> Also, I've heard that 4.2 will be using GSSAPI for replication so this issue
> should become mood, but we would really like to deploy a (Debian based)
> FreeIPA server now and not in a few months. (And while FreeIPA is really
> really cool, without working replication I don't think I can recommend it.)
>
> If there is anything I could help with, eg more logs or trying some options or
> building a patch, I'd be glad to.
>
> You can comment directly to https://bugs.debian.org/786411 by sending an email
> to 786411 at bugs.debian.org - or just reply to this mail / me and I'll append to
> the bug if its useful.
You need to resolve this error:
TLS: could not initialize moznss PEM module - error -5977:Failure to
load dynamic library.
Without this you have no SSL in openldap, so lots of things won't work.
This is probably also causing the ldappasswd to fail at the end of
ipa-server-install.
rob
More information about the Pkg-freeipa-devel
mailing list