search

abbra / freeipa

Mirror of FreeIPA, an integrated security information management solution
http://www.freeipa.org
GNU General Public License v3.0
2 stars 1 forks source link

gc-wip: failure during replica GC installation #71

Closed flo-renaud closed 3 years ago

flo-renaud commented 3 years ago

When trying to install GC on a replica (master already a GC instance), the installation fails due to a non-unique kerberos alias: during GC creation, the installer creates kerberos aliases. One of them is E3514235-4B06-11D1-AB04-00C04FC2DCD2/$DOMAINGUID_TEXT/$DOMAIN added to the kerberos principal ldap/$FQDN (see https://github.com/abbra/freeipa/blob/gc-wip/ipaserver/install/gcinstance.py#L76). When this step is executed on a replica, the alias E3514235-4B06-11D1-AB04-00C04FC2DCD2/$DOMAINGUID_TEXT/$DOMAIN is already defined on the master and the attribute uniqueness plugin ensures that a given alias is unique, thus refuses the alias creation.

abbra commented 3 years ago

Moved to FreeIPA pagure issue https://pagure.io/freeipa/issue/8734