On Tue, 2011-12-06 at 14:03 -0500, Rob Crittenden wrote:
> Some privileges were being created after the permissions that were
> pointing to it causing the memberof to not be generated.
> This patch reorders things for new installs and creates a PBAC memberof
> task that will correct an upgrade.
I found few issues with this patch:
1) It needs a rebase, Makefile.am chunk does not apply.
2) The patch won't fix "Modify Group membership" privilege issue. The
problem here is that this privilege does not have any permissions
assigned at all.
3) The update has failed in my case (on F16):
# ipa-ldap-updater --upgrade
[1/8]: stopping directory server
[2/8]: saving configuration
[3/8]: disabling listeners
[4/8]: starting directory server
[5/8]: upgrading server
ipa : ERROR Upgrade failed with Unable to connect to LDAP server
[6/8]: stopping directory server
[7/8]: restoring configuration
[8/8]: starting directory server
done configuring dirsrv.
ipa : INFO IPA upgrade failed.
IPA upgrade failed.
The socker is there though, no AVC in audit.log either.
# ls /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket
Did the update work for you?
Freeipa-devel mailing list