On May 8, 2024 12:34:01 PM EDT, Timo Aaltonen
<tjaalton(a)ubuntu.com> wrote:
> Rob Crittenden kirjoitti 8.5.2024 klo 17.29:
>> Mauricio Tavares via FreeIPA-devel wrote:
>>>> Veera K via FreeIPA-devel wrote:
>>>>
>>>>
>>>> You didn't include an attachment.
>>>>
>>>> I don't know the current status of Ubuntu as an IPA server but in
the
>>>> past it has not worked well. There are a lot of moving parts in IPA and
>>>> there is basically one maintainer in Debian trying to herd all the cats.
>>>>
>>>> rob
>>>
>>> Given that I also use Debian (and Ubuntu at times), how can I help?
>>
>>
>> Oh cool, thanks. I've cc'd Timo. He is the Debian/Ubuntu maintainer.
>>
>> rob
>
> Ah, sadly my favourite topic :)
>
> The blockers right now are:
>
> * bind-dyndb-ldap doesn't support bind9 9.19.x [1]
>
> * bind-dyndb-ldap also needs to be rebuilt for every bind9 upload, and it might also
break when bind9 is updated, which makes it unreleaseable on Debian. The solution to this
would be to release it with a license which is compatible with upstream, which should
allow merging it upstream (and fix the first issue) [2]
>
> * tomcat9 is basically gone from Debian/Ubuntu, but jss (which merged tomcatjss) or
dogtag itself don't support 10.x yet [3]. I was told 10.1 should be in rawhide by
now-ish, but it's still not there, so porting is blocked AIUI.
>
>
> In the past I've run the azure test suite on an older Debian/Ubuntu release with
select backports (bypassing the above issues), and the pass rate of all the tests was >
90%, so it's not perfect. To get to full 100% there are still things to skip or rework
to pass on a .deb distro. But it's rather pointless to work on a frankendistro, I
don't have time for that. So it's client only for now, and 389 and others are
available waiting for a brighter (unrealistic?) future to arrive...
>
> HTH
>
> [1]
https://pagure.io/bind-dyndb-ldap/issue/222
> [2]
https://pagure.io/bind-dyndb-ldap/issue/225
> [3]
https://github.com/dogtagpki/pki/issues/4551
>
What have I got involved into?! Well, I am here for the entertainment (even if I
learn something(!) in the process); let me build a test environment so I can understand
it better; it does seem this will require helping other stuff to work the way we need
before actually building it.
Yeah, I realized that I didn't actually answer your question. It could
be useful to have an environment where dogtag & bind-dyndb-ldap are able
to work, and then sort out any integration issues there might still be.
--
t