On Tue, 2012-11-13 at 17:46 +0100, Martin Kosek wrote: > Index task need to be run for both index updates and new indexes, > otherwise some current values may not be indexed and could cause > issues when searching LDAP (like fqdn did). > > https://fedorahosted.org/freeipa/ticket/3253 > > --- > > This patch should be the only patch in the upcoming FreeIPA 2.2.2 bug fix > release (unless we want to backport more patches to 2.2 line). It should fix a > severe issue when SSSD was no longer able to authenticate users against the > update 2.2.1 FreeIPA server. > > I specifically updated all index updates (even when the index definition is > already in LDAP) to make sure we fix any index that where the upgrade failed > previously due to this bug. FreeIPA 3.0+ packages already contains a patch > (2ecfe571faf9291eab7ffacea2a1e94d5be0d689) to run index task for really > new/updated indexes only, but I would not backport that patch due to messed > fqdn index in 2.2.1. > > After the patch, 2.2.0 (2.2.1) -> 2.2.2 upgrade procedure should create all > required indexes, including fqdn index: > > # rpm -Uvh --force ~/freeipa-2-2-0/dist/rpms/freeipa-* > Preparing... ########################################### [100%] > 1:freeipa-python ########################################### [ 17%] > 2:freeipa-client ########################################### [ 33%] > 3:freeipa-admintools ########################################### [ 50%] > 4:freeipa-server ########################################### [ 67%] > ipa: INFO: /usr/share/ipa/html/krb.js exists, skipping install of Firefox > extension > 5:freeipa-server-selinux ########################################### [ 83%] > 6:freeipa-debuginfo ########################################### [100%] > > # grep "Creating task to index" /var/log/ipaupgrade.log > 2012-11-13T16:06:35Z INFO Creating task to index attribute: memberuid > 2012-11-13T16:06:41Z INFO Creating task to index attribute: memberOf > 2012-11-13T16:06:47Z INFO Creating task to index attribute: memberHost > 2012-11-13T16:06:53Z INFO Creating task to index attribute: memberUser > 2012-11-13T16:06:59Z INFO Creating task to index attribute: fqdn <<<<<< > 2012-11-13T16:07:05Z INFO Creating task to index attribute: ntUniqueId > 2012-11-13T16:07:11Z INFO Creating task to index attribute: ntUserDomainId >
Martin, does this means we run these task for every rpm upgrade regardless ? Or do we mark indexes as regenerated and do not repeat on the following rpm upgrade ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel