Re: [Freeipa-devel] [PATCH 0242] Set the default attributes for RootDSE
On 07/28/2014 03:03 PM, Petr Viktorin wrote:
On 07/15/2014 09:13 AM, Tomas Babej wrote:
Hi,
With 389 DS 1.3.3 upwards we can leverage the
nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same
attributes
returned from searches on rootDSE as in 1.3.1.
https://fedorahosted.org/freeipa/ticket/4288
This fails with an older DS version.
Running transaction (shutdown inhibited)
Updating : freeipa-python-4.0.0GITa2b91d7-0.fc20.x86_64
1/14
Updating : freeipa-client-4.0.0GITa2b91d7-0.fc20.x86_64
2/14
Could not load host key: /etc/ssh/ssh_host_dsa_key
Updating : freeipa-admintools-4.0.0GITa2b91d7-0.fc20.x86_64
3/14
Updating : freeipa-server-4.0.0GITa2b91d7-0.fc20.x86_64
4/14
Updating : freeipa-server-trust-ad-4.0.0GITa2b91d7-0.fc20.x86_64
5/14
Updating : freeipa-tests-4.0.0GITa2b91d7-0.fc20.x86_64
6/14
Updating : freeipa-debuginfo-4.0.0GITa2b91d7-0.fc20.x86_64
7/14
Cleanup: freeipa-tests-4.0.0GIT06aa522-0.fc20.x86_64
8/14
Cleanup: freeipa-debuginfo-4.0.0GIT06aa522-0.fc20.x86_64
9/14
Cleanup: freeipa-server-trust-ad-4.0.0GIT06aa522-0.fc20.x86_64
10/14
Cleanup: freeipa-server-4.0.0GIT06aa522-0.fc20.x86_64
11/14
Cleanup: freeipa-admintools-4.0.0GIT06aa522-0.fc20.x86_64
12/14
Cleanup: freeipa-client-4.0.0GIT06aa522-0.fc20.x86_64
13/14
Cleanup: freeipa-python-4.0.0GIT06aa522-0.fc20.x86_64
14/14
Upgrade failed with attribute nsslapd-return-default-opattr not allowed
IPA upgrade failed.
You'll need to update the spec file too, at least.
Sure, spec file updated.
We might want to wait with pushing this, since 1.3.3 is not available yet.
--
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org
From 8c90173e40468406b69ad9ed57c8cb2bb7d39070 Mon Sep 17 00:00:00 2001
From: Tomas Babej tba...@redhat.com
Date: Wed, 2 Jul 2014 02:55:01 +0200
Subject: [PATCH] Set the default attributes for RootDSE
With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same attributes
returned from searches on rootDSE as in 1.3.1.
https://fedorahosted.org/freeipa/ticket/4288
---
freeipa.spec.in | 2 +-
install/updates/10-rootdse.update | 9 +
install/updates/Makefile.am | 1 +
3 files changed, 11 insertions(+), 1 deletion(-)
create mode 100644 install/updates/10-rootdse.update
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 24771ac8eea0390d3cc3db201ca9bc986e48dc53..90d4596e7230a877f0cde061db75ffbde9bed9ac 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -87,7 +87,7 @@ Group: System Environment/Base
Requires: %{name}-python = %{version}-%{release}
Requires: %{name}-client = %{version}-%{release}
Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base = 1.3.2.20
+Requires: 389-ds-base = 1.3.3
Requires: openldap-clients 2.4.35-4
Requires: nss = 3.14.3-12.0
Requires: nss-tools = 3.14.3-12.0
diff --git a/install/updates/10-rootdse.update b/install/updates/10-rootdse.update
new file mode 100644
index ..f44992a5d9cc0ad58eaed485f9793e1b07f06b6a
--- /dev/null
+++ b/install/updates/10-rootdse.update
@@ -0,0 +1,9 @@
+# Set the default attributes to be returned by RootDSE
+dn:
+add:nsslapd-return-default-opattr:namingContexts
+add:nsslapd-return-default-opattr:supportedControl
+add:nsslapd-return-default-opattr:supportedExtension
+add:nsslapd-return-default-opattr:supportedLDAPVersion
+add:nsslapd-return-default-opattr:supportedSASLMechanisms
+add:nsslapd-return-default-opattr:vendorName
+add:nsslapd-return-default-opattr:vendorVersion
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 1d912a7d29552000d082aca58d345924ab84e11c..82acaca70b0d0712cd074eca97c543d1cfb0bbb8 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -5,6 +5,7 @@ app_DATA =\
10-config.update \
10-enable-betxn.update \
10-selinuxusermap.update \
+ 10-rootdse.update \
10-uniqueness.update \
10-schema_compat.update \
19-managed-entries.update \
--
1.9.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0242] Set the default attributes for RootDSE
On 07/15/2014 09:13 AM, Tomas Babej wrote: Hi, With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr attribute to enumerate the list of attributes that should be returned even if not specified explicitly. Use the behaviour to get the same attributes returned from searches on rootDSE as in 1.3.1. https://fedorahosted.org/freeipa/ticket/4288 This fails with an older DS version. Running transaction (shutdown inhibited) Updating : freeipa-python-4.0.0GITa2b91d7-0.fc20.x86_64 1/14 Updating : freeipa-client-4.0.0GITa2b91d7-0.fc20.x86_64 2/14 Could not load host key: /etc/ssh/ssh_host_dsa_key Updating : freeipa-admintools-4.0.0GITa2b91d7-0.fc20.x86_64 3/14 Updating : freeipa-server-4.0.0GITa2b91d7-0.fc20.x86_64 4/14 Updating : freeipa-server-trust-ad-4.0.0GITa2b91d7-0.fc20.x86_64 5/14 Updating : freeipa-tests-4.0.0GITa2b91d7-0.fc20.x86_64 6/14 Updating : freeipa-debuginfo-4.0.0GITa2b91d7-0.fc20.x86_64 7/14 Cleanup: freeipa-tests-4.0.0GIT06aa522-0.fc20.x86_64 8/14 Cleanup: freeipa-debuginfo-4.0.0GIT06aa522-0.fc20.x86_64 9/14 Cleanup: freeipa-server-trust-ad-4.0.0GIT06aa522-0.fc20.x86_64 10/14 Cleanup: freeipa-server-4.0.0GIT06aa522-0.fc20.x86_64 11/14 Cleanup: freeipa-admintools-4.0.0GIT06aa522-0.fc20.x86_64 12/14 Cleanup: freeipa-client-4.0.0GIT06aa522-0.fc20.x86_64 13/14 Cleanup: freeipa-python-4.0.0GIT06aa522-0.fc20.x86_64 14/14 Upgrade failed with attribute nsslapd-return-default-opattr not allowed IPA upgrade failed. You'll need to update the spec file too, at least. -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0242] Set the default attributes for RootDSE
Hi, With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr attribute to enumerate the list of attributes that should be returned even if not specified explicitly. Use the behaviour to get the same attributes returned from searches on rootDSE as in 1.3.1. https://fedorahosted.org/freeipa/ticket/4288 -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org From c13810e99970ee38f7d22c087781b0c5d5f270a2 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Wed, 2 Jul 2014 02:55:01 +0200 Subject: [PATCH] Set the default attributes for RootDSE With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr attribute to enumerate the list of attributes that should be returned even if not specified explicitly. Use the behaviour to get the same attributes returned from searches on rootDSE as in 1.3.1. https://fedorahosted.org/freeipa/ticket/4288 --- install/updates/10-rootdse.update | 9 + install/updates/Makefile.am | 1 + 2 files changed, 10 insertions(+) create mode 100644 install/updates/10-rootdse.update diff --git a/install/updates/10-rootdse.update b/install/updates/10-rootdse.update new file mode 100644 index ..f44992a5d9cc0ad58eaed485f9793e1b07f06b6a --- /dev/null +++ b/install/updates/10-rootdse.update @@ -0,0 +1,9 @@ +# Set the default attributes to be returned by RootDSE +dn: +add:nsslapd-return-default-opattr:namingContexts +add:nsslapd-return-default-opattr:supportedControl +add:nsslapd-return-default-opattr:supportedExtension +add:nsslapd-return-default-opattr:supportedLDAPVersion +add:nsslapd-return-default-opattr:supportedSASLMechanisms +add:nsslapd-return-default-opattr:vendorName +add:nsslapd-return-default-opattr:vendorVersion diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index a6d24b94f040293ab76866f9651079d08d4ac297..c951e2edd002bc4e525d649b1bad7d294690f597 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -5,6 +5,7 @@ app_DATA =\ 10-config.update \ 10-enable-betxn.update \ 10-selinuxusermap.update \ + 10-rootdse.update \ 10-uniqueness.update \ 10-schema_compat.update \ 19-managed-entries.update \ -- 1.9.3 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
