On Wed, 2015-06-03 at 16:10 +0200, Petr Vobornik wrote:
> On 06/02/2015 02:20 PM, Ludwig Krispenz wrote:
> > replicas installed from older versions do not have a binddn group
> > just accept the errror
> Pushed to master: 8457edc14dade724b486540800bcdafb7d9a6f76
> Note that this group will be populated later. IMHO it should be done as 
> a part of domain-level raise procedure before setting the new level.

Creating this group and populating it should be part of ipa-ldap-update
(sorry forgot the right name) and should be done when we install new
rpms. Each server must care by itself to populate this group with its
own membership.
In particular this *should* not be done when the domain level is raised,
it is already late then.


Simo Sorce * Red Hat, Inc * New York

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to