[Freeipa-devel] [PATCH 0399] Upgrade: fix upgrading of NIS Server configuration

Martin Basti mbasti at redhat.com
Mon Jan 11 08:51:32 UTC 2016 


On 11.01.2016 08:34, Alexander Bokovoy wrote:
> On Fri, 08 Jan 2016, Martin Basti wrote:
>>
>>
>> On 08.01.2016 16:22, Martin Basti wrote:
>>>
>>>
>>> On 08.01.2016 16:19, Petr Vobornik wrote:
>>>> On 01/08/2016 02:54 PM, Alexander Bokovoy wrote:
>>>>> On Wed, 06 Jan 2016, Martin Basti wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/5507
>>>>>>
>>>>>> Patch attached.
>>>>>>
>>>>>> Is proposed workaround in ticket enough or should I also prepare a
>>>>>> update that will fix missing maps?
>>>>> The update you have is good but we need to recover missing maps.
>>>>> Given that we know which maps exist in the broken setup (those from
>>>>> 50-nis.update), it would make sense to check if only those CNs 
>>>>> exist and
>>>>> then remove them and fire recovery.
>>>>>
>>>>
>>>> Could there be a situation where such state would be desired and 
>>>> the update would actually break user's setup?
>>> Only if user removed all these maps:
>>>
>>> "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
>>> "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
>>> "nis-domain={domain}+nis-map=group.byname,{suffix}",
>>> "nis-domain={domain}+nis-map=group.bygid,{suffix}",
>>> "nis-domain={domain}+nis-map=netid.byname,{suffix}",
>>> "nis-domain={domain}+nis-map=netgroup,{suffix}",
>>>
>>>
>>>
>> Updated patch attached.
> ACK: I did upgrade of an install were NIS was enabled last December and
> it had broken records as can be seen by CreateTimestamp. During upgrade
> new entries were added, restoring the proper configuration:
>
> # ldapsearch  -LLL -H ldapi://%2fvar%2frun%2fslapd-RH-VDA-LI.socket -b 
> cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> dn: nis-domain=rh.vda.li+nis-map=ethers.byaddr,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20151202162357Z
> ModifyTimestamp: 20151202162357Z
>
> dn: nis-domain=rh.vda.li+nis-map=ethers.byname,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20151202162357Z
> ModifyTimestamp: 20151202162357Z
>
> dn: nis-domain=rh.vda.li+nis-map=group.bygid,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071241Z
> ModifyTimestamp: 20160111071241Z
>
> dn: nis-domain=rh.vda.li+nis-map=group.byname,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071241Z
> ModifyTimestamp: 20160111071241Z
>
> dn: nis-domain=rh.vda.li+nis-map=netgroup,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071242Z
> ModifyTimestamp: 20160111071242Z
>
> dn: nis-domain=rh.vda.li+nis-map=netid.byname,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071242Z
> ModifyTimestamp: 20160111071242Z
>
> dn: nis-domain=rh.vda.li+nis-map=passwd.byname,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071240Z
> ModifyTimestamp: 20160111071240Z
>
> dn: nis-domain=rh.vda.li+nis-map=passwd.byuid,cn=NIS 
> Server,cn=plugins,cn=config
> CreateTimestamp: 20160111071240Z
> ModifyTimestamp: 20160111071240Z
>
>
>
Pushed to:
master: 1d56665fd2ed7025131793bb4b0cda35b12bba9f
ipa-4-3: aeafae40084798725b7ea99c86497c13567e10e8
ipa-4-2: 98a86d0efb5e3ecdc38eb51bf0e64dda52365a6d

More information about the Freeipa-devel mailing list