Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not
On 09.12.2015 09:43, Martin Basti wrote: On 08.12.2015 17:32, Martin Babinsky wrote: On 12/08/2015 04:53 PM, Tomas Babej wrote: On 12/08/2015 02:28 PM, Tomas Babej wrote: Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 Actually, we found out with Martin that this patch deletes realm instead of domain suffix, against all initial impressions. Updated patch attached. Tomas Works for me, ACK. I have also made some hardening in topology connectivity checks so that this kind of situations is handled and reported by them. I will send a patch in separate thread. Pushed to master: a84b7d2117aafc5182640d0a22675b214c27dd7c I accidentally pushed first revision of the patch, fix pushed to master: dcb5c2a5200a797b0eec9bb809c570f9ed80f7bb -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not
On 08.12.2015 17:32, Martin Babinsky wrote: On 12/08/2015 04:53 PM, Tomas Babej wrote: On 12/08/2015 02:28 PM, Tomas Babej wrote: Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 Actually, we found out with Martin that this patch deletes realm instead of domain suffix, against all initial impressions. Updated patch attached. Tomas Works for me, ACK. I have also made some hardening in topology connectivity checks so that this kind of situations is handled and reported by them. I will send a patch in separate thread. Pushed to master: a84b7d2117aafc5182640d0a22675b214c27dd7c -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not
On 12/08/2015 04:53 PM, Tomas Babej wrote: On 12/08/2015 02:28 PM, Tomas Babej wrote: Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 Actually, we found out with Martin that this patch deletes realm instead of domain suffix, against all initial impressions. Updated patch attached. Tomas Works for me, ACK. I have also made some hardening in topology connectivity checks so that this kind of situations is handled and reported by them. I will send a patch in separate thread. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not
On 12/08/2015 02:28 PM, Tomas Babej wrote: > Hi, > > The old 'realm' topology suffix is no longer used, however, it was being > created on masters with version 4.2.3 and later. Make sure it's properly > removed. > > Note that this is not the case for the 'ipaca' suffix, which was later > removed to 'ca'. > > https://fedorahosted.org/freeipa/ticket/5526 > Actually, we found out with Martin that this patch deletes realm instead of domain suffix, against all initial impressions. Updated patch attached. Tomas From 669f741f8cc20772b84f5980b9b6b57f71e3b992 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 8 Dec 2015 13:34:15 +0100 Subject: [PATCH] topology: Make sure the old 'realm' topology suffix is not used The old 'realm' topology suffix is no longer used, howver, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, whic was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 --- install/updates/20-replication.update | 4 1 file changed, 4 insertions(+) diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update index a471742532cf5954be1b76dbe4a6d908e4cefa2c..c9d96066d5f9bec5b8b92a3f2c457636c095137a 100644 --- a/install/updates/20-replication.update +++ b/install/updates/20-replication.update @@ -31,6 +31,10 @@ add: nsDS5ReplicatedAttributeList: $EXCLUDES add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES add: nsds5ReplicaStripAttrs: $STRIP_ATTRS +# Remove old topology configuration area (unused) +dn: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX +deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX + # add IPA realm managed suffix to master entry dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX add: objectclass: ipaReplTopoManagedServer -- 2.5.0 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0394] topology: Make sure the old 'realm' topology suffix is not
Hi, The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 From 4c60de6009140f389bc45a5649868f1fde938421 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 8 Dec 2015 13:34:15 +0100 Subject: [PATCH] topology: Make sure the old 'realm' topology suffix is not used The old 'realm' topology suffix is no longer used, however, it was being created on masters with version 4.2.3 and later. Make sure it's properly removed. Note that this is not the case for the 'ipaca' suffix, which was later removed to 'ca'. https://fedorahosted.org/freeipa/ticket/5526 --- install/updates/20-replication.update | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update index a471742532cf5954be1b76dbe4a6d908e4cefa2c..1543a04c917c386e93ed93dfd2767e0fde4685f5 100644 --- a/install/updates/20-replication.update +++ b/install/updates/20-replication.update @@ -31,6 +31,9 @@ add: nsDS5ReplicatedAttributeList: $EXCLUDES add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES add: nsds5ReplicaStripAttrs: $STRIP_ATTRS +# Remove old topology configuration area (unused) +deleteentry: cn=realm,cn=topology,cn=ipa,cn=etc,$SUFFIX + # add IPA realm managed suffix to master entry dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX add: objectclass: ipaReplTopoManagedServer -- 2.5.0 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code