Ticket: https://fedorahosted.org/freeipa/ticket/4680

Entry
dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX

must be updated before
dn: cn=ADTrust Agents,cn=privileges,cn=pbac,$SUFFIX

Patch attached
Martin^2
From 0d2e383e080943be82b7edfd9396caef699ab8ee Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 10 Nov 2014 14:13:07 +0100
Subject: [PATCH] Upgrade: fix trusts objectclass violationi

Execute updates in proper ordering.
Curently ldap-updater implementation doesnt allow better fix.

Ticket: https://fedorahosted.org/freeipa/ticket/4680
---
 install/updates/59-trusts-sysacount.update | 8 ++++++++
 install/updates/60-trusts.update           | 6 ------
 install/updates/Makefile.am                | 1 +
 3 files changed, 9 insertions(+), 6 deletions(-)
 create mode 100644 install/updates/59-trusts-sysacount.update

diff --git a/install/updates/59-trusts-sysacount.update b/install/updates/59-trusts-sysacount.update
new file mode 100644
index 0000000000000000000000000000000000000000..b90de80d27b36c9a7bfd3b358338a0a79d969813
--- /dev/null
+++ b/install/updates/59-trusts-sysacount.update
@@ -0,0 +1,8 @@
+# this update must be applied before 60-trusts.update, because current
+# implementation of ipa-ldap-updater doesn't keep the order of updates in
+# filesets
+dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
+add: objectClass: nestedgroup
+default: objectClass: GroupOfNames
+default: objectClass: top
+default: cn: adtrust agents
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index 9dabc806e2f747c47ab809cd2ed2150b2a13c2a6..79caa837a55eae0e05e1a94f3eabdda7b2b9cc38 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -10,12 +10,6 @@ default: member: uid=admin,cn=users,cn=accounts,$SUFFIX
 default: nsAccountLock: FALSE
 default: ipaUniqueID: autogenerate
 
-dn: cn=adtrust agents,cn=sysaccounts,cn=etc,$SUFFIX
-add: objectClass: nestedgroup
-default: objectClass: GroupOfNames
-default: objectClass: top
-default: cn: adtrust agents
-
 dn: cn=ADTrust Agents,cn=privileges,cn=pbac,$SUFFIX
 default: objectClass: top
 default: objectClass: groupofnames
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index e62a64cea925aaeae9d013ab01a89371c727a6fd..255586c6de1cab52a526c1ca82b4720adf998eee 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -41,6 +41,7 @@ app_DATA =				\
 	50-nis.update			\
 	50-ipaconfig.update		\
 	55-pbacmemberof.update		\
+	59-trusts-sysacount.update	\
 	60-trusts.update		\
 	61-trusts-s4u2proxy.update	\
 	62-ranges.update		\
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to