On Tue, 2013-11-26 at 14:11 +0100, Jan Cholasta wrote: > On 17.9.2013 17:26, Jan Cholasta wrote: > > On 10.9.2013 21:12, Simo Sorce wrote: > >> I think the attached (untested) patch should solve the issue. > >> > >> Is it sufficient or do we want to change framework code somehow ? > >> > >> Simo. > >> > > > > I think no changes to the framework are necessary. It already adds > > krbTicketPolicyAux when krbTicketFlags is touched in host-add and host-mod. > > > > Honza > > > > kadmin.local still returns an error for me with this patch applied: > > kadmin.local: modprinc +ok_as_delegate > host/[email protected] > modify_principal: Kerberos database internal error while modifying > "host/[email protected]".
I think I made a mistake using mod_op in ipadb_get_ldap_mod_str(), and should have used LDAP_MOD_ADD because we do not want to replace the objectclass object, we want to add to it. Any chance you can check quickly changing that ? I've blown the setup I was using when I created the patch Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
