On 06/03/2015 04:10 PM, Petr Vobornik wrote: > On 06/02/2015 02:20 PM, Ludwig Krispenz wrote: >> replicas installed from older versions do not have a binddn group >> just accept the errror > > ACK > > Pushed to master: 8457edc14dade724b486540800bcdafb7d9a6f76 > > Note that this group will be populated later. IMHO it should be done as a part > of domain-level raise procedure before setting the new level.
As said in other mail, I am not sure why we should be overloading domain-level raise command that way. I thought, we will create this group when the first replica upgrades to 4.2. Whenever a new replica is added/upgraded, it's principal will be added to the group also (even if Domain Level is 0). Domain Level 1 means that all replicas are 4.2 and thus the group is fully populated and Topology can be used. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
