https://bugzilla.redhat.com/show_bug.cgi?id=893187 (Red Hat Enterprise Linux 6)
Description of problem: Installing IPA with a single component for the realm sometimes fails. It fails because dc=<component> has updates applied before cn=schema so there are objectclass violations. The one realm I've confirmed it fails with is TESTRELM. I've tried others, alphabetically before and after and it installs fine, so I'm not sure what is different about this. Normally update entries are sorted by DN such that parents are applied before children (we sort by length). And cn=schema should be a special case so it is always applied first. Version-Release number of selected component (if applicable): ipa-server-3.0.0-20.el6.x86_64 Steps to Reproduce: 1. ipa-server-install --realm=TESTRELM Actual results: Seen in ipa-server-install output near end: Applying LDAP updates ipa.ipaserver.install.ldapupdate.LDAPUpdate: ERROR Update failed: Object class violation: unknown object class "nisDomainObject"
attachment freeipa-mkosek-348-sort-ldap-updates-properly.patch
Patch freeipa-mkosek-348-sort-ldap-updates-properly.patch sent for review
master: 1d2d1e1
ipa-3-1: 41b2feb
ipa-3-0: ad2a200
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.0.2
Login to comment on this ticket.