On 15.04.2015 16:00, Holger Levsen wrote: > Hi Timo, > > On Dienstag, 14. April 2015, Timo Aaltonen wrote: >>>> Server backport isn't too useful before replicas work, and that needs >>>> libldap built against nss. Until that you're limited to single-server >>>> setups. > > uhm. > >> No, dogtag, bind-dyndb-ldap and freeipa itself should be all that's >> needed, if you're ok with the single-server limitation. > > we that working here... > >> Patching openldap to build libldap-nss-2.4-2 (or such) isn't trivial, as >> the nss build would need patches of it's own (or lots of ifdefs) > > which component needs openlda? freeipa uses the 389ds ldap service so I'm a > bit surprised by this... ldaps:// access uses libldap + gnutls on Debian, but libldap + moznss on Fedora world, and the latter is what Freeipa expects when setting up replicas. >> I think a CentOS install would be the best bet for now. > > I'd be glad to work on overcoming this... http://www.freeipa.org/page/V4/Replica_Promotion Simo Sorce on #freeipa is glad to help you get going ;) The GSSAPI part could be finished earlier than the rest of the replica install rewrite. but this all has an "optimistic" release goal of 4.2, so later this year maybe. -- t
Attachment:
signature.asc
Description: OpenPGP digital signature