On 07/22/2014 05:01 PM, Martin Kosek wrote:

I was thinking more about the solution to fix migration in FreeIPA 4.0 as
proposed in
and I realized it will be more complicated.

Conditionally enabling nsslapd-allow-hashed-passwords in cn=config when
migration mode is enabled is tricky as this setting is not replicated, compared
to ipamigrationenabled.

So enabling the migration on one server would still leave it broken on other
servers. The same applies for disabling it again.

Any ideas how to solve the issue? I am thinking we may need to unconditionally
enable this cn=config setting for now to unblock migration (thus effectively
revert https://fedorahosted.org/389/ticket/47389). Any other solution I can
think of would be too complicated.
if you alwayys enable it, you would have the same behaviour as before #47389 (which you see as a regression), so it should be ok.



Freeipa-devel mailing list

Reply via email to