On Sun, 2012-05-20 at 02:22 -0700, Gelen James wrote:
The currently assumption is that all IPA users can login into
Unix/Linux machines to change their IPA password, or reset their
expired password.
But this is not available all the time, so a more general alternative
-- web UI -- will
Only use no_create/no_update for things we really don't want the user to
change (even through setattr). This is stuff like ipacertificatesubjectbase.
Make --{set,add,del}attr refuse to modify these params.
For things we just don't advertise in the because there's a different
way to do change
When converting to GSSAPI replication we need to fetch the ldap
principal from the other side. We've seen this fail from time to time
despite having a call to force_sync. Add a retry loop to try harder, and
fix the error reporting.
I was never able to force reproduction of the underlying
We already have an index on fqdn in the master branch. Add this to the
2.2 branch as well. We do a search on host when installing a replica and
an unindexed search might fail.
rob
From 9b57300613b5747697122cac2857506b223688d0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
On Mon, 2012-05-21 at 16:32 -0400, Rob Crittenden wrote:
When converting to GSSAPI replication we need to fetch the ldap
principal from the other side. We've seen this fail from time to time
despite having a call to force_sync. Add a retry loop to try harder,
and
fix the error reporting.
On Mon, 2012-05-21 at 16:40 -0400, Rob Crittenden wrote:
We already have an index on fqdn in the master branch. Add this to
the
2.2 branch as well. We do a search on host when installing a replica
and
an unindexed search might fail.
ACK
Simo.
--
Simo Sorce * Red Hat, Inc * New York