Support DAL version 5 and version 6

[simo5]

Should fix bz#1389866
(untested)

[frozencemetery]

Thank you for fixing this, and futureproofing the next version bump. Unless freeipa has a policy against it, I would prefer the use of designated initializers here for additional protection against breakage in the future, as you mention in the past this has occasionally been changed by accident without bumping the number.

[simo5]

Updated

[frozencemetery]

Looks good, thanks!

[tkrizek]

NACK

ipa-server-install will fail at:

Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA did not start in 300.0s
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed

From /var/log/pki/pki-tomcat/ca/debug, it seems PKI can't authenticate towards LDAP:

[07/Nov/2016:16:42:11][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host vm-059.abc.idm.lab.eng.brq.redhat.com port 636 Error netscape.ldap.LDAPException: Authentication failed (48)

[simo5]

On Mon, 2016-11-07 at 08:11 -0800, Tomas Krizek wrote:

NACK

ipa-server-install will fail at:

Configuring kadmin
  [1/2]: starting kadmin 
  [2/2]: configuring kadmin to start on boot
Done configuring kadmin.
ipa.ipapython.install.cli.install_tool(Server): ERROR    CA did not start in 300.0s
ipa.ipapython.install.cli.install_tool(Server): ERROR    The ipa-server-install command failed

From /var/log/pki/pki-tomcat/ca/debug, it seems PKI can't authenticate towards LDAP:

[07/Nov/2016:16:42:11][localhost-startStop-1]: SSL handshake happened
Could not connect to LDAP server host vm-059.abc.idm.lab.eng.brq.redhat.com port 636 Error netscape.ldap.LDAPException: Authentication failed (48)

I've seen this error recently too, but it is unrelated, re-installed on
F25 and it went away.
I think there is some issue with dogtag in some conditions when you
re-install, although I could not figure what it is.

Simo.

Simo Sorce * Red Hat, Inc * New York

[tkrizek]

It is not caused by re-installing. I've created a new VM when I was testing it.

[simo5]

Sure, but I do not see how a change in the KDC DAL, can affect PKI connecting to LDAP.
Does this problem go away if you remove the patch and re-build/install on the same machine ?

[tkrizek]

The issue above is indeed unrelated to this patch. Since KDC installation passed, I think it's safe to assume the patch works.

[simo5]

I just verified I reproduce your error in my tree without the patch.

[MartinBasti]

https://fedorahosted.org/freeipa/ticket/6466

Commit should have upstream ticket inside

[simo5]

There was no upstream ticket when I created the commit :-)
I'll add.

[MartinBasti]

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/2775042787be4ea236c0b99dd75337414e24b89d