On Fri, 2011-03-18 at 11:21 -0400, Rob Crittenden wrote: > Rob Crittenden wrote: > > Martin Kosek wrote: > >> On Thu, 2011-03-17 at 17:10 -0400, Rob Crittenden wrote: > >>> Re-enable ldapi code in ipa-ldap-updater and remove the searchbase > >>> restriction when run in --upgrade mode. This allows us to autobind > >>> giving root Directory Manager powers. > >>> > >>> This also: > >>> * corrects the ipa-ldap-updater man page > >>> * remove automatic --realm, --server, --domain options > >>> * handle upgrade errors properly > >>> * saves a copy of dse.ldif before we change it so it can be recovered > >>> * fixes an error discovered by pylint > >>> > >>> ticket 1087 > >>> > >>> rob > >> > >> NACK. > >> > >> Patch is promising, ipa-ldap-updater --upgrade works just fine. The > >> upgrade was also correctly executed after I did the RPM upgrade. > >> > >> But I have hit two issues: > >> > >> 1) When ipa-ldap-updater is run as a regular user on a configured IPA > >> server I get the following error: > >> > >> $ ipa-ldap-updater > >> IPA is not configured on this system. > >> > >> This is because regular user cannot access /var/lib/ipa/sysrestore/. I > >> guess we should either use another method of detecting installed IPA or > >> make the script root-only (as we do with other scripts taking advantage > >> of fstore). > >> > >> > >> 2) I get stacktrace when I run ipa-ldap-updater with --ldapi: > >> > >> $ sudo ipa-ldap-updater --ldapi > >> Traceback (most recent call last): > >> File "/usr/sbin/ipa-ldap-updater", line 125, in<module> > >> sys.exit(main()) > >> File "/usr/sbin/ipa-ldap-updater", line 111, in main > >> ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, live_run=not > >> options.test, ldapi=options.ldapi) > >> File > >> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", > >> line 125, in __init__ > >> conn.do_external_bind(self.pw_name) > >> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line > >> 360, in do_external_bind > >> self.__lateinit() > >> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line > >> 260, in __lateinit > >> [ 'nsslapd-directory' ]) > >> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line > >> 378, in getEntry > >> raise errors.NotFound(reason=notfound(args)) > >> ipalib.errors.NotFound: * not found > >> > >> I know that --ldapi did not work before the patch either, it just > >> crashed with another stacktrace. But it would be nice to fix this one. > >> > >> Martin > > > > Issues addressed. > > > > I'm going to do a best-possible check for IPA Installation when non-root > > but stick with the fstore when doing it as root. This is because it is > > more important because it may be done automatically in rpm. > > > > rob > > fixed a couple more issues Martin discovered: > > - catch errors if the GSSAPI connection fails > - do console logging when doing a password-based update as root > > rob
ACK. Good job, everything works fine. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel