On 08/07/2013 08:48 AM, Alexander Bokovoy wrote: > On Tue, 06 Aug 2013, Ana Krivokapic wrote: >> On 08/06/2013 12:15 AM, Jakub Hrozek wrote: >>> On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote: >>>> On Mon, 05 Aug 2013, Ana Krivokapic wrote: >>>>>>> + except errors.NotFound: >>>>>>> + return dict(result=False) >>>>>>> + >>>>>>> + attr = groups_entry.get('schema-compat-lookup-sssd') >>>>>> same here. >>>>>> >>>>>> It needs my patch 0112 too -- it changes ipa-adtrust-install to write >>>>>> proper configuration options to slapi-nis configs. >>>>> Done. >>>>> >>>>> Also, references to both relevant tickets >>>>> https://fedorahosted.org/freeipa/ticket/3671 and >>>>> https://fedorahosted.org/freeipa/ticket/3672 added to commit messages. >>>>> >>>>> Updated patches attached. >>>> Thanks. Few more comments now that I've ran the ipa-advise with the >>>> plugins: >>>> >>>> 1. We need to put downloading the certificate to both plugins. >>> Right, this is something that was documented on the wiki during the test >>> day and I agree with Alexander it makes sense to be present in the >>> advise tool as well. >> >> Fixed. cacertdir_rehash script is also downloaded if necessary. >> >>> >>>> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf >>> Wouldn't it be better to just say that you need to make sure that the >>> certicicates are present on openldap's configured directories? That >>> would cover not only the SSSD but also all the tool like ldapsearch the >>> admin might want to run for troubleshooting. Maybe a hint to run >>> cacertdir_rehash would be nice. >> >> Fixed. We agreed it is best to specify the defaults explicitly in config >> files, >> while including a comment about a possible need for manual modification of >> the >> script. >> >>> >>> _______________________________________________ >>> Freeipa-devel mailing list >>> Freeipa-devel@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> Patch 52 is updated, patch 53 needed a rebase. The whole updated patch set is >> attached. > Thanks, looks more complete now. > > ACK >
Looks good! Pushed to master. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel