On 31.10.2014 16:54, Martin Basti wrote:
Hello list,
I ran upgrade (related steps listed in order):
ipa-ldap-updater --upgrade
- applying update files (including 55-pbacmemberof.update)
- updating ACI (new permissions created, added to existing privilege)
ipa-upgradeconfig
- setting up new service (which uses privilege with new permission)
At the end I was expecting, the privilege will missing the new
permission (memberOf attribute), but I tested it in lab, and membership
was OK.
How the memberof plugin works?
I know of
http://directory.fedoraproject.org/docs/389ds/design/memberof-plugin.html If
there is other source, I would like to see it as well.
We had similar issue with new DNS installation, where meberOf attributes
was missing, if DNS was installed later. But I cant reproduce this
behavior during upgrade. (Fix was use 55-pbacmemberof.update as last
step of bind service installation)
Was fixed by a fixup task call in:
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=895f350ebf5f002a8ba5aff3d521640b12aa3cde
PS: we had a case where user had broken DNS privileges and
55-pbacmemberof.update helps. But he had multiple errors and it could be
cascade effect.
--
Petr Vobornik
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
