View Issue Details

IDProjectCategoryView StatusLast Update
0017979CentOS-8ipapublic2021-01-19 21:10
Reportervus94xji4 Assigned To 
Status newResolutionopen 
Summary0017979: Failed to load /usr/share/pki/acme/database/ds/schema.ldif and a temporary solution
DescriptionWhen I installed idm:DL1/server with ipa-server-install command on CentOS 8 Linux 8.3.2011, everything worked fine.

But when I installed the ipa server on CentOS 8 Stream or upgrade the server, form CentOS 8 Linux 8.3.2011 to CentOS 8 Stream, with ipa-server-upgrade command, the script dumped an error message:

Failed to load /usr/share/pki/acme/database/ds/schema.ldif

I tried to add the file with command:

ln -s /usr/share/pki/acme/database/ldap /usr/share/pki/acme/database/ds

and then install (or upgrade) the ipa server, everything worked fine again.
Is there any miswritten srctpt/code?
Can I use the link file permanently?
Tags"freeipa", "ipa"


2020-12-29 09:30

reporter   ~0038142


I have the same problem


2021-01-01 00:15

reporter   ~0038149

Also have this issue. I was tempted to try the symbolic link you show but am wary if that is actually legit. Is the directory service and LDAP schema really the same? However, nothing anymore provides the directory /usr/share/pki/acme/database/ds. The pki-server package currently provides the /usr/share/pki/acme/database/ldap directory.


2021-01-19 21:10

reporter   ~0038184

Also have this issue. The symbolic link allows for the install to complete (new install of IPA) but the IPA ACME server is not functional afterwards.

Running 'ipa-acme-manage status' on centos stream (with symbolic link) IPA VERSION: 4.9.0rc3, API_VERSION: 2.240 returns 'Failed to authenticate to CA REST API The ipa-acme-manage command failed.'. There is no change after running 'kinit admin' to authenticate to IPA.

Running 'ipa-acme-manage status' on Fedora 34 Rawhide with IPA VERSION: 4.9.0, API_VERSION: 2.240 returns 'ACME is disabled The ipa-acme-manage command was successful'. The symbolic link is not present on fedora as it installs without error. 'kinit admin' was not needed before running ipa-acme-manage.

Issue History

Date Modified Username Field Change
2020-12-28 08:27 vus94xji4 New Issue
2020-12-28 08:27 vus94xji4 Tag Attached: "freeipa"
2020-12-28 08:27 vus94xji4 Tag Attached: "ipa"
2020-12-29 09:30 Note Added: 0038142
2021-01-01 00:15 coderforlife Note Added: 0038149
2021-01-19 21:10 whirlpoolram Note Added: 0038184