[Freeipa-devel] [PATCH] 786 Configure Managed Entries on replicas.

Rob Crittenden rcritten at redhat.com
Wed May 25 20:42:00 UTC 2011 

Martin Kosek wrote:
> On Wed, 2011-05-25 at 19:50 +0200, Martin Kosek wrote:
>> On Wed, 2011-05-25 at 17:22 +0000, JR Aquino wrote:
>>> On May 20, 2011, at 7:14 AM, Rob Crittenden wrote:
>>>
>>>> JR Aquino wrote:
>>>>> On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
>>>>>
>>>>>> Rob Crittenden wrote:
>>>>>>> The Managed Entries plugin configurations weren't being created on
>>>>>>> replica installs. The templates were there but the cn=config portions
>>>>>>> were not.
>>>>>>>
>>>>>>> This patch adds them as updates. The template portion will be added in
>>>>>>> the initial replication.
>>>>>>>
>>>>>>> ticket 1222
>>>>>>>
>>>>>>> To test:
>>>>>>>
>>>>>>> Install a master
>>>>>>> Install a replica
>>>>>>> On replica: kinit
>>>>>>> On replica: ipa user-add --first=timmy --last=test ttest
>>>>>>> On replica: ipa group-show ttest
>>>>>>> On master: ipa group-show ttest
>>>>>>>
>>>>>>> rob
>>>>>>
>>>>>> Updated patch attached. This requires jraquino patch 28 to work as expected.
>>>>>>
>>>>>> rob
>>>>>> <freeipa-rcrit-786-2-replica.patch>
>>>>>
>>>>> NACK
>>>>>
>>>>> This patch is not applying to Master?
>>>>>
>>>>> error: patch failed: install/updates/Makefile.am:8
>>>>> error: install/updates/Makefile.am: patch does not apply
>>>>>
>>>>
>>>> Rebased, it depended on my patch 769.
>>>
>>> ACK
>>
>> Please keep in mind that the configuration for UPG plugin needs to be
>> updated. My patch 67 with new --noprivate option for suppressing UPG
>> creation for new user changed the originFilter configuration:
>>
>> originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__)))
>>
>> This patch is not in ipa-2-0 branch, so the originFilter for this branch
>> is the same as in this patch.
>>
>> Martin
>>
>
> Second ACK from me. I tested upgrading replica and it worked. Still, my
> statement above is valid - this should be fixed before pushing.
>
> As we spoke with Rob today, I wonder if we would want --noprivate option
> also for ipa-2-0 branch. It may be useful.
>
> Martin

pushed to ipa-2-0 and master

For master I updated the update file to include the new originFilter. 
For the ipa-2-0 branch I left the patch as-is.

rob

More information about the Freeipa-devel mailing list