On Thu, 2014-09-11 at 16:21 +0200, Ludwig Krispenz wrote:
> On 09/11/2014 04:17 PM, Nathaniel McCallum wrote:
> > On Thu, 2014-09-11 at 16:09 +0200, Ludwig Krispenz wrote:
> >> On 09/11/2014 04:04 PM, Martin Kosek wrote:
> >>> On 09/11/2014 03:47 PM, Nathaniel McCallum wrote:
> >>>> On Thu, 2014-09-11 at 15:46 +0200, Petr Viktorin wrote:
> >>>>> On 09/11/2014 01:37 PM, Martin Kosek wrote:
> >>>>>> Hi team,
> >>>>>>
> >>>>>> It seems we have pretty serious bug in our FreeIPA 4.0.2 release, 
> >>>>>> breaking
> >>>>>> upgrade from older releases:
> >>>>>>
> >>>>>> https://fedorahosted.org/freeipa/ticket/4529
> >>>>>>
> >>>>>> We also have packaging fix requested by Fedora Server roles group:
> >>>>>>
> >>>>>> https://fedorahosted.org/freeipa/ticket/4430
> >>>>>>
> >>>>>> It seems just these 2 bugs are enough for a quick FreeIPA 4.0.3 
> >>>>>> release...
> >>>>>> Makes sense? Any other tickets or patches we would like to get in?
> >>>>> Looks like it's just those two. I'll start releasing shortly.
> >>>> I'd like to get a fix in for the missing ciphers in the new NSS. I can
> >>>> have a patch on the list shortly.
> >>>>
> >>>> Nathaniel
> >>> Isn't this related to
> >>> https://fedorahosted.org/freeipa/ticket/4395
> >>> ? I think we do not work with the newest DS which fixed the default 
> >>> ciphers.
> >> yes
> >>> Don't we need to set our SSL ciphers setting to
> >>>
> >>> https://fedorahosted.org/389/ticket/47838#comment:29
> >> yes
> >> tjhe attached patch tries this, but at the moment I failed to build and
> >> also to upgrade to F21
> > NACKallowweakcipher
> >
> >
> > LDAP error: OBJECT_CLASS_VIOLATION
> > attribute "allowweakcipher" not allowed
> >
> > I suspect we are missing a spec file requirement on a newer version of 
> > 389...
> yes, you need the latest build of DS, Noriko added the allowweakcipher 
> only yesterday.
> That's the problem, I wanted to wait with the ipa side patch until 
> allowweakcipher was implemented and then on F21 ipa and 389 no longer 
> played well and now there is a rush

What is the status on the new 389 patch/build?

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to