bugfix update in Fedora 25 for 389-ds-base

Status: obsolete

Bump version to

Bump version to

Comments 11

This update has been submitted for testing by mreynolds.

This update has obsoleted 389-ds-base-, and has inherited its bugs and notes.

This update has been pushed to testing.

This update breaks development versions of FreeIPA since it now relies on RPM installs to create system users like dirsrv. The new update no longer adds this user, however:

[root@replica1 ~]# getent passwd dirsrv
[root@replica1 ~]# rpm -q 389-ds-base

Subsequent installation of 4.5 FreeIPA server/replica from git fails on missing user:

Checking DNS forwarders, please wait ...
Run connection check to master
Connection check OK
Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv). Estimated time: 30 seconds
  [1/40]: creating directory server instance
  [error] KeyError: 'getpwnam(): name not found: dirsrv'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    'getpwnam(): name not found: dirsrv'
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR    The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

After downgrading to latest stable version I can see the dirsrv user appearing again:

[root@replica1 ~]# getent passwd dirsrv 
[root@replica1 ~]# rpm -q 389-ds-base
karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

Just for info from a f25 (where freeipa was configured) before 389-ds upgrade, I am seeing 'dirsrv' user

[root@vm1 ~]# rpm -q 389-ds-base
[root@vm1 ~]# getent passwd dirsrv

What FreeIPA version did you install? FreeIPA 4.4 and earlier added the required system users dynamically during server/replica install. Commit https://github.com/freeipa/freeipa/commit/e8a429d9e170955919f2e53e66b580be95e908d9 removed this behavior and we now rely on system users provided by RPM installation. That's why FreeIPA 4.4 will work but 4.5 development version would not.

So basically older IPA covered the packaging errors/bugs of its dependencies, newer versions will not.

Does IPA not see any problem with 389-ds-base-1.3.6 though? That version also has the same specfile changes as 1.3.5.

That is correct, I was running FreeIPA 4.4, that explains existence of 'dirsrv' user

I found the issue, a specfile change was not properly backported. I need to respin 1.3.5 and 1.3.6

This update has been obsoleted by 389-ds-base-

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 1
unstable threshold: -1
submitted 2 years ago
in testing 2 years ago

Related Bugs 1

00 #1391728 %post enumerates groups many times, refers to undefined macros

Automated Test Results