On 23.11.2015 06:54, Fraser Tweedale wrote:
The attached patches fix #5459: Default CA ACL rule is not
created during ipa-replica-install.
These patches apply on branch ipa-4-2. There is a (trivial)
conflict in imports when applying to master.
When a patch does not apply cleanly on all the target branches, you
should attach a rebased patch as well.
I strongly recommend review / testing of these patches with patches
0042-0043 due to the prevalence of the other issue.
Patch 0044: ACK
1) The check in caacl_del could be better, please take a look at how the
admins group is handled in ipalib/plugins/group.py for an example. You
should at least raise ProtectedEntryError rather than ValidationError.
2) _add_default_caacl() should be located in
3) Rather than calling the cainstance functions in
replicainstall.install(), they should be called from
CAInstance.configure_instance() to make them effective in ipa-ca-install
and replica promotion as well.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code