On Wed, 2015-06-03 at 16:10 +0200, Petr Vobornik wrote: > On 06/02/2015 02:20 PM, Ludwig Krispenz wrote: > > replicas installed from older versions do not have a binddn group > > just accept the errror > > ACK > > Pushed to master: 8457edc14dade724b486540800bcdafb7d9a6f76 > > Note that this group will be populated later. IMHO it should be done as > a part of domain-level raise procedure before setting the new level.
Creating this group and populating it should be part of ipa-ldap-update (sorry forgot the right name) and should be done when we install new rpms. Each server must care by itself to populate this group with its own membership. In particular this *should* not be done when the domain level is raised, it is already late then. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
