[Freeipa-devel] [PATCH] 333 Run index task for new indexes

Martin Kosek mkosek at redhat.com
Tue Nov 13 16:46:00 UTC 2012 

Index task need to be run for both index updates and new indexes,
otherwise some current values may not be indexed and could cause
issues when searching LDAP (like fqdn did).

https://fedorahosted.org/freeipa/ticket/3253

---

This patch should be the only patch in the upcoming FreeIPA 2.2.2 bug fix
release (unless we want to backport more patches to 2.2 line). It should fix a
severe issue when SSSD was no longer able to authenticate users against the
update 2.2.1 FreeIPA server.

I specifically updated all index updates (even when the index definition is
already in LDAP) to make sure we fix any index that where the upgrade failed
previously due to this bug. FreeIPA 3.0+ packages already contains a patch
(2ecfe571faf9291eab7ffacea2a1e94d5be0d689) to run index task for really
new/updated indexes only, but I would not backport that patch due to messed
fqdn index in 2.2.1.

After the patch, 2.2.0 (2.2.1) -> 2.2.2 upgrade procedure should create all
required indexes, including fqdn index:

# rpm -Uvh --force ~/freeipa-2-2-0/dist/rpms/freeipa-*
Preparing...                ########################################### [100%]
   1:freeipa-python         ########################################### [ 17%]
   2:freeipa-client         ########################################### [ 33%]
   3:freeipa-admintools     ########################################### [ 50%]
   4:freeipa-server         ########################################### [ 67%]
ipa: INFO: /usr/share/ipa/html/krb.js exists, skipping install of Firefox extension
   5:freeipa-server-selinux ########################################### [ 83%]
   6:freeipa-debuginfo      ########################################### [100%]

# grep "Creating task to index" /var/log/ipaupgrade.log
2012-11-13T16:06:35Z INFO Creating task to index attribute: memberuid
2012-11-13T16:06:41Z INFO Creating task to index attribute: memberOf
2012-11-13T16:06:47Z INFO Creating task to index attribute: memberHost
2012-11-13T16:06:53Z INFO Creating task to index attribute: memberUser
2012-11-13T16:06:59Z INFO Creating task to index attribute: fqdn    <<<<<<
2012-11-13T16:07:05Z INFO Creating task to index attribute: ntUniqueId
2012-11-13T16:07:11Z INFO Creating task to index attribute: ntUserDomainId

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-333-run-index-task-for-new-indexes.patch
Type: text/x-patch
Size: 1622 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121113/52586879/attachment.bin>

More information about the Freeipa-devel mailing list