On Wed, 2015-06-03 at 16:50 +0200, Martin Kosek wrote:
> On 06/03/2015 04:10 PM, Petr Vobornik wrote:
> > On 06/02/2015 02:20 PM, Ludwig Krispenz wrote:
> >> replicas installed from older versions do not have a binddn group
> >> just accept the errror
> > 
> > ACK
> > 
> > Pushed to master: 8457edc14dade724b486540800bcdafb7d9a6f76
> > 
> > Note that this group will be populated later. IMHO it should be done as a 
> > part
> > of domain-level raise procedure before setting the new level.
> 
> As said in other mail, I am not sure why we should be overloading domain-level
> raise command that way.

+1

> I thought, we will create this group when the first replica upgrades to 4.2.
> Whenever a new replica is added/upgraded, it's principal will be added to the
> group also (even if Domain Level is 0).

+1

> Domain Level 1 means that all replicas are 4.2 and thus the group is fully
> populated and Topology can be used.

+1

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to