On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
> On Mon, 05 Aug 2013, Ana Krivokapic wrote:
> >>>+        except errors.NotFound:
> >>>+            return dict(result=False)
> >>>+
> >>>+        attr = groups_entry.get('schema-compat-lookup-sssd')
> >>same here.
> >>
> >>It needs my patch 0112 too -- it changes ipa-adtrust-install to write
> >>proper configuration options to slapi-nis configs.
> >
> >Done.
> >
> >Also, references to both relevant tickets
> >https://fedorahosted.org/freeipa/ticket/3671 and
> >https://fedorahosted.org/freeipa/ticket/3672 added to commit messages.
> >
> >Updated patches attached.
> Thanks. Few more comments now that I've ran the ipa-advise with the
> plugins:
> 1. We need to put downloading the certificate to both plugins.

Right, this is something that was documented on the wiki during the test
day and I agree with Alexander it makes sense to be present in the
advise tool as well.

> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf

Wouldn't it be better to just say that you need to make sure that the
certicicates are present on openldap's configured directories? That
would cover not only the SSSD but also all the tool like ldapsearch the
admin might want to run for troubleshooting. Maybe a hint to run
cacertdir_rehash would be nice.

Freeipa-devel mailing list

Reply via email to