Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://fedorahosted.org/freeipa/ticket/154

The second patch removes the /ipatest section that has been commented
out in ipa.conf anyway..plus, we don't ship /usr/share/ipatest anymore :-)

Migration doesn't seem to be working. The migration page itself comes up fine and prompts for data but when I enter the password of a migrated user I don't seem to be getting valid kerberos keys. kinit doesn't work in any case. It could also be that I'm tired. Does a migrated account work for you?

This could be related to redoing the 389-ds password plugin as I did all previous testing before we did the file split.


I also have two questions:
  1) how should exceptions be handled? In the patch, I only explicitly
handle exceptions that could happen very easily (like, password being
wrong, or the LDAP server down..). Anything else would just trigger 500
Server Error..

I think that's ok as long as we provide enough logging to point the admin in the right direction.


  2) When playing with the migration command line plugin, I noticed that
it can only handle RFC2307bis groups (member: dn) and has the
objectclass for groups hardcoded to
"(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))". I think
it would be worthwile (and easy, too!) to modify the plugin to accept
also RFC2307 schema and allow specifying a different objectclass
(posixGroup might come handy..). Thoughts?

Yes, that sounds like a good enhancement. Great idea.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to