On Fri, 2014-06-20 at 16:45 +0200, Martin Kosek wrote: > There is no impact on clients connected to the "fixed DS". This is the > scenario > I am concerned about: > > User has RHEL/CentOS 6.x IPA server and wants to try the new nice and > shiny FreeIPA 4.0. He installs the FreeIPA 4.0 replica (with fixed > DS), the replica upgrades the ACIs to the new model. SSSD connected to > FreeIPA 4.0 replica will work, SSSD connected to the old RHEL-6.x > replica will not.
This is the only "issue", and I do not think we can/should jump through many hoops here. The best way IMO, is to fix DS in RHEL6, and make a release note that before migrating to FreeIPA 4.0, you must make sure all replicas have an updated DS version (list versions for all major distros we know about). I do not think we should add any special detection code in 4.0, if the admin fails to update DS on an older replica he has 2 choices: 1. update DS 2. decommission the old replica Simo. _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
