On 11/18/2013 04:12 PM, Ana Krivokapic wrote:
On 11/15/2013 05:28 PM, Petr Viktorin wrote:
On 11/15/2013 02:09 PM, Petr Viktorin wrote:
On 11/11/2013 04:18 PM, Ana Krivokapic wrote:
On 11/11/2013 02:53 PM, Ana Krivokapic wrote:
On 11/11/2013 12:32 PM, Petr Viktorin wrote:
On 11/07/2013 02:34 PM, Ana Krivokapic wrote:
On 11/01/2013 03:26 PM, Petr Viktorin wrote:
On 09/13/2013 06:44 PM, Petr Viktorin wrote:
On 08/01/2013 04:52 PM, Petr Viktorin wrote:
With these patches, schema updates will be based on the ldif
use for installation.
This is a RFE, here is the design doc:
I found and filed a bug in python-ldap: it sometimes ignores
schema LDIFs when parsing them.
Patch 0275 works around the bug. Please apply on top of 0258-0265
still apply cleanly).
The recent ipaldap patches resulted in a small conflict. Attaching
I have tested the patches and overall they seem to work fine. Some
questions/comments are below.
You catch `ldap.LOCAL_ERROR` in the `connect()` function, which is
called from `__init__()`, so no need to catch it again in
I've added a comment instead of the try/catch
> # Usually the modlist order does not matter.
> # However, for schema updates, we want 'attributetypes'
> # 'objectclasses'.
> # A simple sort will ensure this.
Since `modlist` is a list of tuples, it is sorted by the first
in the tuples, then by the seconds elements, etc. Which means the
resulting list will be sorted by the modification type first
`MOD_DELETE`, etc), and by `attributetypes`/`objectclasses` second.
this the desired effect?
I've added a sort key; it should be safer now.
Hmm, the key you added still retains the default sorting behavior -
it will sort
by the first elements of the tuples first. Since we need sorting by
elements, I think the key here should be: key=lambda m: m.lower()
Right, I see what you mean.
I've made the change and tested it a bit.
Man page updates look good, but several options in the man page have 3
dashes in the long form instead of 2. I have attached a mini-patch
fixes this along with a couple of typos in the man page. Feel free to
squash it to your patch 261.
Nice catch! Squashed.
I didn't see any with my settings; could you be more specific?
$ git am
Applying: Remove schema modifications from update files
/home/ana/freeipa/.git/rebase-apply/patch:497: new blank line at EOF.
/home/ana/freeipa/.git/rebase-apply/patch:693: new blank line at EOF.
warning: 2 lines add whitespace errors.
I'm also seeing some errors when testing the patches. During
restarting of DS is failing:
[22/38]: restarting directory server
ipa : CRITICAL Failed to restart the directory server (Command
'/bin/systemctl restart dirsrv@IDM-LAB-ENG-BRQ-REDHAT-COM.service'
non-zero exit status 1). See the installation log for details.
The dirsrv log indicates that one of the ldif files is not
[11/Nov/2013:16:10:21 +0100] dse_read_one_file - The entry cn=schema
(lineno: 1) is
invalid, error code 21 (Invalid syntax) - object class
(2.16.840.1.1137188.8.131.52.7 NAME 'ipaKrb5DelegationACL' SUP
STRUCTURAL MAY ( ipaAllowToImpersonate $ ipaAllowedTarget ) EQUALITY
distinguishedNameMatch SYNTAX 184.108.40.206.4.1.14220.127.116.11.12 X-ORIGIN
'IPA v3' ):
Failed to parse objectclass, error(2) at ( distinguishedNameMatch SYNTAX
18.104.22.168.4.1.1422.214.171.124.12 X-ORIGIN 'IPA v3' ))
[11/Nov/2013:16:10:21 +0100] dse - Please edit the file to correct the
problems and then restart the server.
Are you seeing this in your setup?
No, ipa-server-install works for me. Does this happen every time?
I can't find an error in the syntax there.
The bug was only visible on f20 which has a new version of 389.
Thanks to Nathan Kinder for spotting the mistake (matching rule&syntax on an
objectClass) for me, and to 389's new schema parser for being nice and strict.
I'm only attaching the changed patch.
Thanks, it works well now.
ACK for the whole patch set.
Thank you! Pushed to master: 2bc7803b69d15a246486ab5c8a44ead7593e8e90
Freeipa-devel mailing list