On Thu, 20 Feb 2014, Nathaniel McCallum wrote:
> >>There is an error in libotp's find() function which assumes that
> >>get_basedn() always returns non-NULL value. This is not true for at
> >>least cn=Directory Manager.
> >>
> >>Patch attached.
> >More fixes required, now that Thierry produced the fix for 389-ds ticket
> >47699 which allows to re-arrange schema-compat and ipa-pwd-extop
> >plugins. I'm getting crash in find() in libotp.c for internal search in
> >some other conditions but at least user dn now is the correct one.
> >
> >Stay tuned.
> OK, finally I've got it working -- my last patch had error which could
> be attributed to the late night time.
>
> New patch is attached to fix libotp to work properly with empty base dn
> (such as cn=Directory Manager).
>
> Also I'm attaching the patch that sets precedence of schema-compat
> plugin to 49 (less than default 50). With this patch and 389-ds with
> patch from ticket 47699 compat tree binds work with OTP.
>
> When updated 389-ds-base will be released, we'll need to add Requires:
> to our RPM spec to depend on it. Without the updated 389-ds-base compat
> tree binds will not work with OTP but the rest will be working fine.
>
> Finally, ACK to all OTP patches.
ACK to both of these patches.
I've merged the first patch here --
https://www.redhat.com/archives/freeipa-devel/2014-February/msg00341.html
I just realized the second patch shouldn't be ACK'd until we have a new
389DS release with the fix. When that happens, reissue this patch with
an update versioned require.
No, it can be safely merged as 389DS will use default precedence (50) unless
the fix is there. So the worst we get is the same as now -- OTP binds
will not work over compat tree. And when 389DS will be upgraded, they
will start working after 389DS restart.
--
/ Alexander Bokovoy
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel