On 23.11.2015 06:54, Fraser Tweedale wrote:
Hi all,

The attached patches fix #5459[1]: Default CA ACL rule is not
created during ipa-replica-install.

These patches apply on branch ipa-4-2.  There is a (trivial)
conflict in imports when applying to master.

When a patch does not apply cleanly on all the target branches, you should attach a rebased patch as well.

I strongly recommend review / testing of these patches with patches
0042-0043[2] due to the prevalence of the other issue.

[1] https://fedorahosted.org/freeipa/ticket/5459
[2] https://www.redhat.com/archives/freeipa-devel/2015-November/msg00298.html

Patch 0044: ACK

Patch 0045:

1) The check in caacl_del could be better, please take a look at how the admins group is handled in ipalib/plugins/group.py for an example. You should at least raise ProtectedEntryError rather than ValidationError.

2) _add_default_caacl() should be located in ipaserver/install/cainstance.py.

3) Rather than calling the cainstance functions in replicainstall.install(), they should be called from CAInstance.configure_instance() to make them effective in ipa-ca-install and replica promotion as well.


Jan Cholasta

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to