On 25/02/15 17:23, thierry bordaz wrote:
On 02/25/2015 02:34 PM, Martin Basti wrote:
Modifications:
* All plugins are migrated into new configuration style.
* I left attribute uniqueness plugin disabled, cn=uid
uniqueness,cn=plugins,cn=config is checking the same attribute.
* POST_UPDATE plugin for uid removed, I moved it to update file. Is
it okay Alexander? I haven't found reason why we need to do it in
update plugin.
Thierry, I touched configuration of plugins, which user lifecycle
requires, can you take look if I it does not break anything?
Patches attached.
Hello Martin,
The fix looks good. I have just one question regarding
install/updates/10-uniqueness.update.
For example :
# uid uniqueness scopes Active/Delete containers
dn: cn=attribute uniqueness,cn=plugins,cn=config
-remove:nsslapd-pluginarg1:'$SUFFIX'
-add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
-add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
+remove:uniqueness-subtrees:'$SUFFIX'
+add:uniqueness-subtrees:'cn=accounts,$SUFFIX'
+add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
remove:nsslapd-pluginenabled:off
add:nsslapd-pluginenabled:on
If we update the rpm from a version where 'nsslapd-pluginarg1' was used.
It will not remove it and we will have 'nsslapd-pluginarg1' along with
'uniqueness-subtrees'.
Should not we keep 'remove:nsslapd-pluginarg1:'$SUFFIX'' ?
thanks
thierry
Hello Thierry,
in patch 0197 is pre-upgrade plugin, which migrate all uniqueness
plugins into new syntax (this happens before the update file is
applied). So no nsslapd-pluginarg* attrs will be there.
and in patch 0198 I removed the cn=attribute uniquenes plugin, we
already have cn=uid uniqueness that do the same thing.
Martin^2
--
Martin Basti
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel