On Fri, 08 Jan 2016, Martin Basti wrote:



On 08.01.2016 16:22, Martin Basti wrote:


On 08.01.2016 16:19, Petr Vobornik wrote:
On 01/08/2016 02:54 PM, Alexander Bokovoy wrote:
On Wed, 06 Jan 2016, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5507

Patch attached.

Is proposed workaround in ticket enough or should I also prepare a
update that will fix missing maps?
The update you have is good but we need to recover missing maps.
Given that we know which maps exist in the broken setup (those from
50-nis.update), it would make sense to check if only those CNs exist and
then remove them and fire recovery.


Could there be a situation where such state would be desired and the update would actually break user's setup?
Only if user removed all these maps:

"nis-domain={domain}+nis-map=passwd.byname,{suffix}",
"nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
"nis-domain={domain}+nis-map=group.byname,{suffix}",
"nis-domain={domain}+nis-map=group.bygid,{suffix}",
"nis-domain={domain}+nis-map=netid.byname,{suffix}",
"nis-domain={domain}+nis-map=netgroup,{suffix}",



Updated patch attached.
ACK: I did upgrade of an install were NIS was enabled last December and
it had broken records as can be seen by CreateTimestamp. During upgrade
new entries were added, restoring the proper configuration:

# ldapsearch  -LLL -H ldapi://%2fvar%2frun%2fslapd-RH-VDA-LI.socket -b 
cn=config '(nis-domain=*)' dn CreateTimestamp ModifyTimestamp
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: nis-domain=rh.vda.li+nis-map=ethers.byaddr,cn=NIS 
Server,cn=plugins,cn=config
CreateTimestamp: 20151202162357Z
ModifyTimestamp: 20151202162357Z

dn: nis-domain=rh.vda.li+nis-map=ethers.byname,cn=NIS 
Server,cn=plugins,cn=config
CreateTimestamp: 20151202162357Z
ModifyTimestamp: 20151202162357Z

dn: nis-domain=rh.vda.li+nis-map=group.bygid,cn=NIS Server,cn=plugins,cn=config
CreateTimestamp: 20160111071241Z
ModifyTimestamp: 20160111071241Z

dn: nis-domain=rh.vda.li+nis-map=group.byname,cn=NIS Server,cn=plugins,cn=config
CreateTimestamp: 20160111071241Z
ModifyTimestamp: 20160111071241Z

dn: nis-domain=rh.vda.li+nis-map=netgroup,cn=NIS Server,cn=plugins,cn=config
CreateTimestamp: 20160111071242Z
ModifyTimestamp: 20160111071242Z

dn: nis-domain=rh.vda.li+nis-map=netid.byname,cn=NIS Server,cn=plugins,cn=config
CreateTimestamp: 20160111071242Z
ModifyTimestamp: 20160111071242Z

dn: nis-domain=rh.vda.li+nis-map=passwd.byname,cn=NIS 
Server,cn=plugins,cn=config
CreateTimestamp: 20160111071240Z
ModifyTimestamp: 20160111071240Z

dn: nis-domain=rh.vda.li+nis-map=passwd.byuid,cn=NIS Server,cn=plugins,cn=config
CreateTimestamp: 20160111071240Z
ModifyTimestamp: 20160111071240Z



--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to