Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
The second patch removes the /ipatest section that has been commented
out in ipa.conf anyway..plus, we don't ship /usr/share/ipatest anymore :-)
Migration doesn't seem to be working. The migration page itself comes up
fine and prompts for data but when I enter the password of a migrated
user I don't seem to be getting valid kerberos keys. kinit doesn't work
in any case. It could also be that I'm tired. Does a migrated account
work for you?
This could be related to redoing the 389-ds password plugin as I did all
previous testing before we did the file split.
I also have two questions:
1) how should exceptions be handled? In the patch, I only explicitly
handle exceptions that could happen very easily (like, password being
wrong, or the LDAP server down..). Anything else would just trigger 500
I think that's ok as long as we provide enough logging to point the
admin in the right direction.
2) When playing with the migration command line plugin, I noticed that
it can only handle RFC2307bis groups (member: dn) and has the
objectclass for groups hardcoded to
"(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))". I think
it would be worthwile (and easy, too!) to modify the plugin to accept
also RFC2307 schema and allow specifying a different objectclass
(posixGroup might come handy..). Thoughts?
Yes, that sounds like a good enhancement. Great idea.
Freeipa-devel mailing list