Martin Basti wrote: > Hi list, > > maybe I missed something, but I expected, there are no modifications > with this option. > > With --test option the LDAP schema is not updated, but update plugins > don't care about --test option ('live_run' in code). > > Update plugins use and IPA api directly to modify LDAP instead of return > a required changes > (DNS, update_idranges, update_managed_permissions, update_pacs, > update_services plugins). > > Am wrong, or it is bad behavior and plugin should be fixed to not > execute any modifications in test mode?
I seem to recall that Petr^3 saw this as well and filed a ticket though I can't find it. IMHO yes, plugins should honor the test mode. > Next Q: I have method which prepares IPA to support DNSSEC. The method > requires both updating LDAP and creating directories/keytabs/etc. > Should I separate the LDAP part of update method, or can I use it all in > ldap-updater? The updater is intended for LDAP updates only. Probably best to split it with the ipa-upgradeconfig script. rob _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel