[Freeipa-devel] [PATCH] 152 Enable automember for upgraded servers
Rob Crittenden
rcritten at redhat.com
Mon Nov 28 23:16:09 UTC 2011
Nathan Kinder wrote:
> On 11/04/2011 02:35 PM, Nathan Kinder wrote:
>> On 11/04/2011 02:26 PM, Martin Kosek wrote:
>>> On Fri, 2011-11-04 at 14:04 -0700, Nathan Kinder wrote:
>>>> On 11/04/2011 02:02 PM, Rob Crittenden wrote:
>>>>> Martin Kosek wrote:
>>>>>> automember functionality is depends on predefined data is in LDAP.
>>>>>> Since we add it for fresh installs only, automember cannot be used
>>>>>> for upgraded servers. Make sure that automember LDAP data is added
>>>>>> during upgrade too.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/1992
>>>>> I think you need that automember schema as well. Can you check with
>>>>> the 389-ds team to see if their upgrade script automatically adds new
>>>>> schema or if we have to handle that ourselves?
>>>> The new automember schema should be added by 'setup-ds.pl -u', so I
>>>> don't expect you need to do anything around schema in FreeIPA.
>>> Nathan, when is the "setup-ds.pl -u" executed? When the dirsrv rpm is
>>> updated, just like FreeIPA runs ipa-ldap-updater in rpm update %post? Or
>>> does it have to be run manually?
>> It is run in the the %posttrans stage for 389-ds-base.
>>> I am asking because the schema problem seems like the root cause that
>>> one user has here (the last post):
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=746589
>> There should be a
>> '/etc/dirsrv/slapd-<instance>/schema/10automember-plugin.ldif' file if
>> the proper version
>> of 389-ds-base is being used and if 'setup-ds.pl -u' successfully
>> updated the schema. There should also be
>> a '/etc/dirsrv/schema/10automember-plugin.ldif' file present
>> regardless of 'setup-ds.pl -u' having run
>> successfully.
> I just tested running 'setup-ds.pl -u' manually with a master build of
> 389-ds-base, and there is a bug that is preventing the updates from
> being applied. I logged the following bug for this:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=751495
>
> The fix is a one-liner, and I believe Rich is working on getting a fixed
> build out ASAP.
ACK, works for me.
rob
More information about the Freeipa-devel
mailing list