On Tue, 2011-12-06 at 14:03 -0500, Rob Crittenden wrote: > Some privileges were being created after the permissions that were > pointing to it causing the memberof to not be generated. > > This patch reorders things for new installs and creates a PBAC memberof > task that will correct an upgrade. > > rob
I found few issues with this patch: 1) It needs a rebase, Makefile.am chunk does not apply. 2) The patch won't fix "Modify Group membership" privilege issue. The problem here is that this privilege does not have any permissions assigned at all. 3) The update has failed in my case (on F16): # ipa-ldap-updater --upgrade Upgrading IPA: [1/8]: stopping directory server [2/8]: saving configuration [3/8]: disabling listeners [4/8]: starting directory server [5/8]: upgrading server ipa : ERROR Upgrade failed with Unable to connect to LDAP server ldapi://%2fvar%2frun%2fslapd-IDM-LAB-BOS-REDHAT-COM.socket [6/8]: stopping directory server [7/8]: restoring configuration [8/8]: starting directory server done configuring dirsrv. ipa : INFO IPA upgrade failed. IPA upgrade failed. The socker is there though, no AVC in audit.log either. # ls /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket Did the update work for you? Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
