Removing adding ipa-cifs-delegation-targets in an ldif. If it is needed it will be added by an update file at the end of the install.

>From 250f33b42c1a35ddcef24ba344e8cfa6ac501316 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <>
Date: Tue, 26 Jun 2012 17:33:53 -0400
Subject: [PATCH] Defer adding ipa-cifs-delegation-targets until the Updates

It was likely that this would fail being in an LDIF so let an update
file add this potentially conflicting entry instead.
 install/share/replica-s4u2proxy.ldif |    8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif
index ce58365c55ca0a4da4d3de89b6d1a31683f6db96..98de46fa7760965ea28fe15b29a16e88310e4992 100644
--- a/install/share/replica-s4u2proxy.ldif
+++ b/install/share/replica-s4u2proxy.ldif
@@ -2,9 +2,11 @@ dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
 changetype: modify
 add: memberPrincipal
 memberPrincipal: HTTP/$FQDN@$REALM
-add: ipaAllowedTarget
-ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
+# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP
+# delegation but we don't add it here as an LDIF because this entry may
+# already exist from another replica, or previous install. If it is missing
+# then it will be caught by the update file 61-trusts-s4u2proxy.update
 dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
 changetype: modify

Freeipa-devel mailing list

Reply via email to