Re: [Freeipa-devel] [PATCHES 0197-0198] Fix uniqueness plugins upgrade

[thierry bordaz]

On 02/25/2015 02:34 PM, Martin Basti wrote:
Modifications:
* All plugins are migrated into new configuration style.
* I left attribute uniqueness plugin disabled, cn=uid 
uniqueness,cn=plugins,cn=config is checking the same attribute.
* POST_UPDATE plugin for uid removed, I moved it to update file. Is it 
okay Alexander? I haven't found reason why we need to do it in update 
plugin.

Thierry, I touched configuration of plugins, which user lifecycle 
requires, can you take look if I it does not break anything?

Patches attached.

Hello Martin,

The fix looks good. I have just one question regarding 
install/updates/10-uniqueness.update.

For example :

# uid uniqueness scopes Active/Delete containers
 dn: cn=attribute uniqueness,cn=plugins,cn=config
-remove:nsslapd-pluginarg1:'$SUFFIX'
-add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
-add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
+remove:uniqueness-subtrees:'$SUFFIX'
+add:uniqueness-subtrees:'cn=accounts,$SUFFIX'
+add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
 remove:nsslapd-pluginenabled:off
 add:nsslapd-pluginenabled:on

If we update the rpm from a version where 'nsslapd-pluginarg1' was used.
It will not remove it and we will have 'nsslapd-pluginarg1' along with 
'uniqueness-subtrees'.
Should not we keep 'remove:nsslapd-pluginarg1:'$SUFFIX'' ?

thanks
thierry
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel