On 06/02/2015 05:08 PM, Ludwig Krispenz wrote: > > On 06/02/2015 03:53 PM, Petr Vobornik wrote: >> On 06/02/2015 02:20 PM, Ludwig Krispenz wrote: >>> >>> On 06/02/2015 12:09 PM, Oleg Fayans wrote: >>>> Hi all, >>>> >>>> The following error was caught during replica installation (I used all >>>> the latest patches from Ludwig and Martin Basti): >> >> - except ldap.TYPE_OR_VALUE_EXISTS: >> + except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_OBJECT): >> >> What happens if all replicas are updated and domain level is raised? I don't >> think that the group will be populated. Or will it be? Without it, topology >> plugin won't work, right? > good point, > it will be limited, when adding a new segment a replication agreement will be > created, but it will not have the credentials to replicate. >> >> There should be a moment where all the DNs are added. > yes, there could probably be a check when topology plugin gets active if the > binddn group exists and if not create and populate it
Should we finally start maintaining by default IPA Masters hostgroup? *That* should be the BIND DN group which Topology plugins works with, no? If this group is populated from FreeIPA 4.2+, raising to Domain Level 1 would mean no operation needed on FreeIPA side. This is part of the ticket https://fedorahosted.org/freeipa/ticket/3416 This looks as another change that should make it to the Alpha, no? Martin -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
