On 24.11.2015 08:37, Fraser Tweedale wrote:
On Mon, Nov 23, 2015 at 10:05:32AM +0100, Jan Cholasta wrote:
On 23.11.2015 06:54, Fraser Tweedale wrote:
The attached patches fix #5459: Default CA ACL rule is not
created during ipa-replica-install.
These patches apply on branch ipa-4-2. There is a (trivial)
conflict in imports when applying to master.
When a patch does not apply cleanly on all the target branches, you should
attach a rebased patch as well.
I strongly recommend review / testing of these patches with patches
0042-0043 due to the prevalence of the other issue.
Patch 0044: ACK
1) The check in caacl_del could be better, please take a look at how the
admins group is handled in ipalib/plugins/group.py for an example. You
should at least raise ProtectedEntryError rather than ValidationError.
2) _add_default_caacl() should be located in
3) Rather than calling the cainstance functions in replicainstall.install(),
they should be called from CAInstance.configure_instance() to make them
effective in ipa-ca-install and replica promotion as well.
Updated patches for ipa-4-2 and master branches attached.
The new patch 0045 is somewhat more intrusive; I have tested server
install, replica install (with CA) from 3.0 and 4.2 master and
ipa-ca-install with replica file from 3.0 master... but more testing
would be no bad thing!
Works for me, ACK.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code