Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1061839

Summary: FreeIPA does not work with ppc64 machines
Product: [Fedora] Fedora Reporter: Vitor de Lima <vitor.lima>
Component: freeipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: abokovoy, gustavo.pedrosa, leonardo.bianconi, mkosek, pviktori, rcritten, ssorce, vitor.lima
Target Milestone: ---   
Target Release: ---   
Hardware: ppc64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-06 13:13:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
FreeIPA installation log
none
journalctl output after the failed install none

Description Vitor de Lima 2014-02-05 17:59:57 UTC
Created attachment 859771 [details]
FreeIPA installation log

Description of problem:
The installation of FreeIPA fails in a fresh install of Fedora Core 20

Version-Release number of selected component (if applicable):
20

How reproducible:
Always

Steps to Reproduce:
1. Correctly configure the network settings of the machine
2. Run ipa-server-install 

Actual results:
The installation fails.

Expected results:
The IPA server gets properly installed.

Additional info:
See the attached logs.

Comment 1 Vitor de Lima 2014-02-05 18:01:00 UTC
Created attachment 859772 [details]
journalctl output after the failed install

Comment 2 Martin Kosek 2014-02-06 07:53:13 UTC
This is the root cause:

Fev 05 15:55:16 dsb005.corp.eldorado.org.br systemd[1]: Starting 389 Directory Server CORP-ELDORADO-ORG-BR....
Fev 05 15:55:17 dsb005.corp.eldorado.org.br ns-slapd[3515]: [05/Feb/2014:15:55:17 -0200] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-CORP-ELDORADO-ORG-BR/schema/60basev3.ldif (lineno: 1) is invalid, error code 21 (Invalid syntax) - attribute type (2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' ): Failed to parse attribute, error(2 - Unexpected token) at ( caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' ))
Fev 05 15:55:17 dsb005.corp.eldorado.org.br ns-slapd[3515]: [05/Feb/2014:15:55:17 -0200] dse - Please edit the file to correct the reported problems and then restart the server.
Fev 05 15:55:17 dsb005.corp.eldorado.org.br systemd[1]: dirsrv@CORP-ELDORADO-ORG-BR.service: control process exited, code=exited status=1

What version of freeipa-server and 389-ds-base do you have? This issue was fixed in FreeIPA 3.0 year ago:
https://fedorahosted.org/freeipa/ticket/3398
https://fedorahosted.org/freeipa/changeset/49beb8cd3a752322285aa21a94306f7b99bcfae8/

Can you run following command?

$ grep OREDRING /usr/share/ipa/60basev3.ldif

Comment 3 Vitor de Lima 2014-02-06 11:35:55 UTC
freeipa-server version: 3.1.2-3.fc19
389-ds-base version: 1.3.2.9-1.fc20

Output of "grep OREDRING /usr/share/ipa/60basev3.ldif":

 grep OREDRING /usr/share/ipa/60basev3.ldif
attributeTypes: (2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' DESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat/Netbios Name' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch OREDRING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'User Logon Script Name' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'User Profile Path' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch OREDRING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
attributeTypes: (2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'NT Domain GUID' EQUALITY caseIgnoreIA5Match OREDRING caseIgnoreIA5OrderingMatch SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )

Comment 4 Martin Kosek 2014-02-06 13:13:00 UTC
Ok, I see you are using an old version. If you use freeipa-server of version 3.2.0 or higher, the problem will go away. Note that F20 has currently freeipa-3.3.4-2.fc20 in updates-testing:

https://admin.fedoraproject.org/updates/FEDORA-2014-1666/freeipa-3.3.4-2.fc20

Closing the bug as CURRENTRELEASE.