On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote: > On Mon, 05 Aug 2013, Ana Krivokapic wrote: > >>>+ except errors.NotFound: > >>>+ return dict(result=False) > >>>+ > >>>+ attr = groups_entry.get('schema-compat-lookup-sssd') > >>same here. > >> > >>It needs my patch 0112 too -- it changes ipa-adtrust-install to write > >>proper configuration options to slapi-nis configs. > > > >Done. > > > >Also, references to both relevant tickets > >https://fedorahosted.org/freeipa/ticket/3671 and > >https://fedorahosted.org/freeipa/ticket/3672 added to commit messages. > > > >Updated patches attached. > Thanks. Few more comments now that I've ran the ipa-advise with the > plugins: > > 1. We need to put downloading the certificate to both plugins.
Right, this is something that was documented on the wiki during the test day and I agree with Alexander it makes sense to be present in the advise tool as well. > 2. The certificate needs to be specified in sssd.conf as well as ldap.conf Wouldn't it be better to just say that you need to make sure that the certicicates are present on openldap's configured directories? That would cover not only the SSSD but also all the tool like ldapsearch the admin might want to run for troubleshooting. Maybe a hint to run cacertdir_rehash would be nice. _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel