freeipa team mailing list archive

[Timo Aaltonen <tjaalton@xxxxxxxxxx>]

it's masked for a reason, the service you should be using is
bind9-pkcs11 but it's currently buggy, see:

https://bugs.launchpad.net/bugs/1769440

** Changed in: freeipa (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1790379

Title:
  freeipa-server-dns bind9 masked and bind9-dyndb-ldap failure

Status in freeipa package in Ubuntu:
  Invalid

Bug description:
  fresh freeipa install on bionic with --setup-dns installs bind9 but
  the service is masked and does not run. when manually unmasking, the
  following error is reported:

  Sep 02 17:38:04 named[811]: loading DynDB instance 'ipa' driver '/usr/lib/bind/ldap.so'
  Sep 02 17:38:04 named[811]: failed to dynamically load instance 'ipa' driver '/usr/lib/bind/ldap.so': /usr/lib/bind/ldap.so: failed to map segment from shared object (failure)
  Sep 02 17:38:04 named[811]: dynamic database 'ipa' configuration failed: failure
  Sep 02 17:38:04 named[811]: loading configuration: failure
  Sep 02 17:38:04 named[811]: exiting (due to fatal error)

  The file is present and I don't believe there are permission errors.
  The version of bind9-dyndb-ldap distributed with bionic
  (11.1-3ubuntu1) appears to be built against bind 9.11.3, so I don't
  believe its a version mismatch issue either.

  Tried both with in lxc and virtualbox, so I don't believe its a
  privileged/unprivileged container issue.

  I believe bind9 should start and serve from IPA ldap.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1790379/+subscriptions