On 07/28/2014 03:03 PM, Petr Viktorin wrote:
On 07/15/2014 09:13 AM, Tomas Babej wrote:
Hi,
With 389 DS 1.3.3 upwards we can leverage the
nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same
attributes
returned from searches on rootDSE as in 1.3.1.
https://fedorahosted.org/freeipa/ticket/4288
This fails with an older DS version.
Running transaction (shutdown inhibited)
Updating : freeipa-python-4.0.0GITa2b91d7-0.fc20.x86_64
1/14
Updating : freeipa-client-4.0.0GITa2b91d7-0.fc20.x86_64
2/14
Could not load host key: /etc/ssh/ssh_host_dsa_key
Updating : freeipa-admintools-4.0.0GITa2b91d7-0.fc20.x86_64
3/14
Updating : freeipa-server-4.0.0GITa2b91d7-0.fc20.x86_64
4/14
Updating : freeipa-server-trust-ad-4.0.0GITa2b91d7-0.fc20.x86_64
5/14
Updating : freeipa-tests-4.0.0GITa2b91d7-0.fc20.x86_64
6/14
Updating : freeipa-debuginfo-4.0.0GITa2b91d7-0.fc20.x86_64
7/14
Cleanup: freeipa-tests-4.0.0GIT06aa522-0.fc20.x86_64
8/14
Cleanup: freeipa-debuginfo-4.0.0GIT06aa522-0.fc20.x86_64
9/14
Cleanup: freeipa-server-trust-ad-4.0.0GIT06aa522-0.fc20.x86_64
10/14
Cleanup: freeipa-server-4.0.0GIT06aa522-0.fc20.x86_64
11/14
Cleanup: freeipa-admintools-4.0.0GIT06aa522-0.fc20.x86_64
12/14
Cleanup: freeipa-client-4.0.0GIT06aa522-0.fc20.x86_64
13/14
Cleanup: freeipa-python-4.0.0GIT06aa522-0.fc20.x86_64
14/14
Upgrade failed with attribute nsslapd-return-default-opattr not allowed
IPA upgrade failed.
You'll need to update the spec file too, at least.
Sure, spec file updated.
We might want to wait with pushing this, since 1.3.3 is not available yet.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 8c90173e40468406b69ad9ed57c8cb2bb7d39070 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 2 Jul 2014 02:55:01 +0200
Subject: [PATCH] Set the default attributes for RootDSE
With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same attributes
returned from searches on rootDSE as in 1.3.1.
https://fedorahosted.org/freeipa/ticket/4288
---
freeipa.spec.in | 2 +-
install/updates/10-rootdse.update | 9 +
install/updates/Makefile.am | 1 +
3 files changed, 11 insertions(+), 1 deletion(-)
create mode 100644 install/updates/10-rootdse.update
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 24771ac8eea0390d3cc3db201ca9bc986e48dc53..90d4596e7230a877f0cde061db75ffbde9bed9ac 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -87,7 +87,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base = 1.3.2.20
+Requires: 389-ds-base = 1.3.3
Requires: openldap-clients 2.4.35-4
Requires: nss = 3.14.3-12.0
Requires: nss-tools = 3.14.3-12.0
diff --git a/install/updates/10-rootdse.update b/install/updates/10-rootdse.update
new file mode 100644
index ..f44992a5d9cc0ad58eaed485f9793e1b07f06b6a
--- /dev/null
+++ b/install/updates/10-rootdse.update
@@ -0,0 +1,9 @@
+# Set the default attributes to be returned by RootDSE
+dn:
+add:nsslapd-return-default-opattr:namingContexts
+add:nsslapd-return-default-opattr:supportedControl
+add:nsslapd-return-default-opattr:supportedExtension
+add:nsslapd-return-default-opattr:supportedLDAPVersion
+add:nsslapd-return-default-opattr:supportedSASLMechanisms
+add:nsslapd-return-default-opattr:vendorName
+add:nsslapd-return-default-opattr:vendorVersion
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 1d912a7d29552000d082aca58d345924ab84e11c..82acaca70b0d0712cd074eca97c543d1cfb0bbb8 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -5,6 +5,7 @@ app_DATA =\
10-config.update \
10-enable-betxn.update \
10-selinuxusermap.update \
+ 10-rootdse.update \
10-uniqueness.update \
10-schema_compat.update \
19-managed-entries.update \
--
1.9.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel