Removing adding ipa-cifs-delegation-targets in an ldif. If it is needed
it will be added by an update file at the end of the install.
rob
From 250f33b42c1a35ddcef24ba344e8cfa6ac501316 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Tue, 26 Jun 2012 17:33:53 -0400
Subject: [PATCH] Defer adding ipa-cifs-delegation-targets until the Updates
phase.
It was likely that this would fail being in an LDIF so let an update
file add this potentially conflicting entry instead.
https://fedorahosted.org/freeipa/ticket/2837
---
install/share/replica-s4u2proxy.ldif |8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif
index ce58365c55ca0a4da4d3de89b6d1a31683f6db96..98de46fa7760965ea28fe15b29a16e88310e4992 100644
--- a/install/share/replica-s4u2proxy.ldif
+++ b/install/share/replica-s4u2proxy.ldif
@@ -2,9 +2,11 @@ dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
add: memberPrincipal
memberPrincipal: HTTP/$FQDN@$REALM
--
-add: ipaAllowedTarget
-ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
+
+# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP
+# delegation but we don't add it here as an LDIF because this entry may
+# already exist from another replica, or previous install. If it is missing
+# then it will be caught by the update file 61-trusts-s4u2proxy.update
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
--
1.7.10.2
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
