[Freeipa-devel] [PATCH] 786 Configure Managed Entries on replicas.

Martin Kosek mkosek at redhat.com
Wed May 25 19:30:55 UTC 2011 

On Wed, 2011-05-25 at 19:50 +0200, Martin Kosek wrote:
> On Wed, 2011-05-25 at 17:22 +0000, JR Aquino wrote:
> > On May 20, 2011, at 7:14 AM, Rob Crittenden wrote:
> > 
> > > JR Aquino wrote:
> > >> On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
> > >> 
> > >>> Rob Crittenden wrote:
> > >>>> The Managed Entries plugin configurations weren't being created on
> > >>>> replica installs. The templates were there but the cn=config portions
> > >>>> were not.
> > >>>> 
> > >>>> This patch adds them as updates. The template portion will be added in
> > >>>> the initial replication.
> > >>>> 
> > >>>> ticket 1222
> > >>>> 
> > >>>> To test:
> > >>>> 
> > >>>> Install a master
> > >>>> Install a replica
> > >>>> On replica: kinit
> > >>>> On replica: ipa user-add --first=timmy --last=test ttest
> > >>>> On replica: ipa group-show ttest
> > >>>> On master: ipa group-show ttest
> > >>>> 
> > >>>> rob
> > >>> 
> > >>> Updated patch attached. This requires jraquino patch 28 to work as expected.
> > >>> 
> > >>> rob
> > >>> <freeipa-rcrit-786-2-replica.patch>
> > >> 
> > >> NACK
> > >> 
> > >> This patch is not applying to Master?
> > >> 
> > >> error: patch failed: install/updates/Makefile.am:8
> > >> error: install/updates/Makefile.am: patch does not apply
> > >> 
> > > 
> > > Rebased, it depended on my patch 769.
> > 
> > ACK
> 
> Please keep in mind that the configuration for UPG plugin needs to be
> updated. My patch 67 with new --noprivate option for suppressing UPG
> creation for new user changed the originFilter configuration:
> 
> originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__)))
> 
> This patch is not in ipa-2-0 branch, so the originFilter for this branch
> is the same as in this patch.
> 
> Martin
> 

Second ACK from me. I tested upgrading replica and it worked. Still, my
statement above is valid - this should be fixed before pushing.

As we spoke with Rob today, I wonder if we would want --noprivate option
also for ipa-2-0 branch. It may be useful.

Martin

More information about the Freeipa-devel mailing list