On 07/28/2014 03:03 PM, Petr Viktorin wrote:
> On 07/15/2014 09:13 AM, Tomas Babej wrote:
>> Hi,
>>
>> With 389 DS 1.3.3 upwards we can leverage the
>> nsslapd-return-default-opattr
>> attribute to enumerate the list of attributes that should be returned
>> even if not specified explicitly. Use the behaviour to get the same
>> attributes
>> returned from searches on rootDSE as in 1.3.1.
>>
>> https://fedorahosted.org/freeipa/ticket/4288
>
> This fails with an older DS version.
>
> Running transaction (shutdown inhibited)
>   Updating   : freeipa-python-4.0.0GITa2b91d7-0.fc20.x86_64           
> 1/14
>   Updating   : freeipa-client-4.0.0GITa2b91d7-0.fc20.x86_64           
> 2/14
> Could not load host key: /etc/ssh/ssh_host_dsa_key
>   Updating   : freeipa-admintools-4.0.0GITa2b91d7-0.fc20.x86_64
>            3/14
>   Updating   : freeipa-server-4.0.0GITa2b91d7-0.fc20.x86_64           
> 4/14
>   Updating   : freeipa-server-trust-ad-4.0.0GITa2b91d7-0.fc20.x86_64
>            5/14
>   Updating   : freeipa-tests-4.0.0GITa2b91d7-0.fc20.x86_64           
> 6/14
>   Updating   : freeipa-debuginfo-4.0.0GITa2b91d7-0.fc20.x86_64
>            7/14
>   Cleanup    : freeipa-tests-4.0.0GIT06aa522-0.fc20.x86_64           
> 8/14
>   Cleanup    : freeipa-debuginfo-4.0.0GIT06aa522-0.fc20.x86_64
>            9/14
>   Cleanup    : freeipa-server-trust-ad-4.0.0GIT06aa522-0.fc20.x86_64
>           10/14
>   Cleanup    : freeipa-server-4.0.0GIT06aa522-0.fc20.x86_64          
> 11/14
>   Cleanup    : freeipa-admintools-4.0.0GIT06aa522-0.fc20.x86_64
>           12/14
>   Cleanup    : freeipa-client-4.0.0GIT06aa522-0.fc20.x86_64          
> 13/14
>   Cleanup    : freeipa-python-4.0.0GIT06aa522-0.fc20.x86_64          
> 14/14
> Upgrade failed with attribute "nsslapd-return-default-opattr" not allowed
> IPA upgrade failed.
>
> You'll need to update the spec file too, at least.
>

Sure, spec file updated.

We might want to wait with pushing this, since 1.3.3 is not available yet.

-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 

>From 8c90173e40468406b69ad9ed57c8cb2bb7d39070 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 2 Jul 2014 02:55:01 +0200
Subject: [PATCH] Set the default attributes for RootDSE

With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same attributes
returned from searches on rootDSE as in 1.3.1.

https://fedorahosted.org/freeipa/ticket/4288
---
 freeipa.spec.in                   | 2 +-
 install/updates/10-rootdse.update | 9 +++++++++
 install/updates/Makefile.am       | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 install/updates/10-rootdse.update

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 24771ac8eea0390d3cc3db201ca9bc986e48dc53..90d4596e7230a877f0cde061db75ffbde9bed9ac 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -87,7 +87,7 @@ Group: System Environment/Base
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.2.20
+Requires: 389-ds-base >= 1.3.3
 Requires: openldap-clients > 2.4.35-4
 Requires: nss >= 3.14.3-12.0
 Requires: nss-tools >= 3.14.3-12.0
diff --git a/install/updates/10-rootdse.update b/install/updates/10-rootdse.update
new file mode 100644
index 0000000000000000000000000000000000000000..f44992a5d9cc0ad58eaed485f9793e1b07f06b6a
--- /dev/null
+++ b/install/updates/10-rootdse.update
@@ -0,0 +1,9 @@
+# Set the default attributes to be returned by RootDSE
+dn:
+add:nsslapd-return-default-opattr:namingContexts
+add:nsslapd-return-default-opattr:supportedControl
+add:nsslapd-return-default-opattr:supportedExtension
+add:nsslapd-return-default-opattr:supportedLDAPVersion
+add:nsslapd-return-default-opattr:supportedSASLMechanisms
+add:nsslapd-return-default-opattr:vendorName
+add:nsslapd-return-default-opattr:vendorVersion
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 1d912a7d29552000d082aca58d345924ab84e11c..82acaca70b0d0712cd074eca97c543d1cfb0bbb8 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -5,6 +5,7 @@ app_DATA =				\
 	10-config.update		\
 	10-enable-betxn.update		\
 	10-selinuxusermap.update	\
+	10-rootdse.update		\
 	10-uniqueness.update		\
 	10-schema_compat.update		\
 	19-managed-entries.update	\
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to