Hello, I was thinking more about the solution to fix migration in FreeIPA 4.0 as proposed in https://fedorahosted.org/freeipa/ticket/4450#comment:6 and I realized it will be more complicated.
Conditionally enabling nsslapd-allow-hashed-passwords in cn=config when migration mode is enabled is tricky as this setting is not replicated, compared to ipamigrationenabled. So enabling the migration on one server would still leave it broken on other servers. The same applies for disabling it again. Any ideas how to solve the issue? I am thinking we may need to unconditionally enable this cn=config setting for now to unblock migration (thus effectively revert https://fedorahosted.org/389/ticket/47389). Any other solution I can think of would be too complicated. Thanks. -- Martin Kosek <mko...@redhat.com> Supervisor, Software Engineering - Identity Management Team Red Hat Inc. _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel