-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.4
-
None
-
None
-
Moderate
-
rhel-sst-idm-ipa
-
ssg_idm
-
None
-
False
-
-
None
-
Red Hat Ansible Automation Platform
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
After installation of AAP subsequent calls of ipa-client-install fail with "Cannot obtain CA certificate. ldap://lxipa.mydomain.com doesn't have a certificate."
Please provide the package NVR for which bug is seen:
anssible-automation-platform-setup-2.4.7
Steps to reproduce
- Install RHEL 9.4, dnf update, setup chronyd
- # dnf install ipa-client
- download ansible-automation-platform-setup-2.4.7.tar.gz, unpack
- edit inventory for minimum local configuration
- # ./setup.sh
- # ipa-client-install --domain=ipa.mydomain.com --force-join --no-ntp --no-dns-sshfp
Expected results
The ipa-client-install command was successful.
Actual results
Cannot obtain CA certificate
'ldap://lxipa.mydomain.com' doesn't have a certificate.
...
The ipa-client-install command failed.
Workaround
The culprit is the python3-cryptography package. AAP installs version 42.0.5-1 which is incompatible with ipa-client-install.
- # dnf downgrade python3-cryptography-36.0.1-4
- # ipa-client-install --domain=ipa.mydomain.com --force-join --no-ntp --no-dns-sshfp
"The ipa-client-install command was successful."
