On Tue, 2011-12-06 at 14:03 -0500, Rob Crittenden wrote:
> Some privileges were being created after the permissions that were 
> pointing to it causing the memberof to not be generated.
> 
> This patch reorders things for new installs and creates a PBAC memberof 
> task that will correct an upgrade.
> 
> rob

I found few issues with this patch:

1) It needs a rebase, Makefile.am chunk does not apply.

2) The patch won't fix "Modify Group membership" privilege issue. The
problem here is that this privilege does not have any permissions
assigned at all.

3) The update has failed in my case (on F16):

# ipa-ldap-updater --upgrade
Upgrading IPA:
  [1/8]: stopping directory server
  [2/8]: saving configuration
  [3/8]: disabling listeners
  [4/8]: starting directory server
  [5/8]: upgrading server
ipa         : ERROR    Upgrade failed with Unable to connect to LDAP server 
ldapi://%2fvar%2frun%2fslapd-IDM-LAB-BOS-REDHAT-COM.socket
  [6/8]: stopping directory server
  [7/8]: restoring configuration
  [8/8]: starting directory server
done configuring dirsrv.
ipa         : INFO     IPA upgrade failed.
IPA upgrade failed.

The socker is there though, no AVC in audit.log either.
# ls /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket 
/var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket

Did the update work for you?

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to