Hash: SHA1

On 12/21/2010 08:14 AM, Simo Sorce wrote:
> These commands had a very confusing syntax as well as issues (init was
> running the memberof task on the wrong server).
> The commands has been renamed to make it clearer what they do.
> init -> re-initialize
> synch -> force-sync
> both commands now require a --from <hostname> as the server they get
> their data from and can only be run on the replica that needs to be
> re-initialized or re-synced. This is to make it was confusing to
> understand what server was used so now the server you are operating on
> is the one you are sitting on.
> As a bonus the whole thing now works with just admin credentials (or
> any kerb credentials of a user with the managereplica permission).
> The init command also does not return until the re-initialization is
> done (giving out the status once a second) and properly runs the
> memberof task only once all the entries have been received.
> The only thing that I am a bit unconfortable with is the new aci on the
> cn=tasks,cn=config object. I tried to add the task on the cn=memberof
> task,cn=tasks,cn=config object to restrict pwer only on that task, but
> DS refused to allow me to set an aci on that entry for some reason.
> Fixes: #626
> Simo.

The patch looks good to me, but the hunk in ipaserver/install/service.py
seems to be completely unrelated. Did you run git commit -am by accident?
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/


Freeipa-devel mailing list

Reply via email to