On Wed, 2015-06-03 at 16:10 +0200, Petr Vobornik wrote:
> On 06/02/2015 02:20 PM, Ludwig Krispenz wrote:
> > replicas installed from older versions do not have a binddn group
> > just accept the errror
> Pushed to master: 8457edc14dade724b486540800bcdafb7d9a6f76
> Note that this group will be populated later. IMHO it should be done as
> a part of domain-level raise procedure before setting the new level.
Creating this group and populating it should be part of ipa-ldap-update
(sorry forgot the right name) and should be done when we install new
rpms. Each server must care by itself to populate this group with its
In particular this *should* not be done when the domain level is raised,
it is already late then.
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code