Re: [Freeipa-devel] [PATCH 0154] Add bind-dyndb-ldap workdir to IPA specfile
On 30.10.2014 15:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657#comment:6 Patch attached. ACK -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0154] Add bind-dyndb-ldap workdir to IPA specfile
On 31.10.2014 09:05, Petr Spacek wrote: On 30.10.2014 15:33, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4657#comment:6 Patch attached. ACK Pushed to: master: 42724a4b22f9c7025254c875e9f8fcba17f8b9bf ipa-4-1: a21443168e6e23e6f0485a2d71861e6e8fead67c -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Question how memberof plugin works
Hello list, I ran upgrade (related steps listed in order): ipa-ldap-updater --upgrade - applying update files (including 55-pbacmemberof.update) - updating ACI (new permissions created, added to existing privilege) ipa-upgradeconfig - setting up new service (which uses privilege with new permission) At the end I was expecting, the privilege will missing the new permission (memberOf attribute), but I tested it in lab, and membership was OK. How the memberof plugin works? We had similar issue with new DNS installation, where meberOf attributes was missing, if DNS was installed later. But I cant reproduce this behavior during upgrade. (Fix was use 55-pbacmemberof.update as last step of bind service installation) PS: we had a case where user had broken DNS privileges and 55-pbacmemberof.update helps. But he had multiple errors and it could be cascade effect. -- Martin Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Question how memberof plugin works
On 31.10.2014 16:54, Martin Basti wrote: Hello list, I ran upgrade (related steps listed in order): ipa-ldap-updater --upgrade - applying update files (including 55-pbacmemberof.update) - updating ACI (new permissions created, added to existing privilege) ipa-upgradeconfig - setting up new service (which uses privilege with new permission) At the end I was expecting, the privilege will missing the new permission (memberOf attribute), but I tested it in lab, and membership was OK. How the memberof plugin works? I know of http://directory.fedoraproject.org/docs/389ds/design/memberof-plugin.html If there is other source, I would like to see it as well. We had similar issue with new DNS installation, where meberOf attributes was missing, if DNS was installed later. But I cant reproduce this behavior during upgrade. (Fix was use 55-pbacmemberof.update as last step of bind service installation) Was fixed by a fixup task call in: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=895f350ebf5f002a8ba5aff3d521640b12aa3cde PS: we had a case where user had broken DNS privileges and 55-pbacmemberof.update helps. But he had multiple errors and it could be cascade effect. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
