URL: https://github.com/freeipa/freeipa/pull/767 Author: tomaskrizek Title: #767: [4.5] upgrade: add missing DN suffix when enabling KDC proxy Action: opened
PR body: """ Original PR: #752 --- This issue prevented from upgrading from IPA 4.1. I also discovered a missing python dependency when I was running the ipa-server-upgrade manually. For packagers: the Python version that has the required symbols in CentOS is 2.7.5-24 https://pagure.io/freeipa/issue/6920 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/767/head:pr767 git checkout pr767
From f8aa9c33f530ebf875b707a80068106853158bb1 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 18:32:34 +0200 Subject: [PATCH 1/3] python2-ipalib: add missing python dependency Commit dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18 started to use ssl symbols like ssl.OP_NO_SSLv2 that were introduced in Python 2.7.9. Related https://pagure.io/freeipa/issue/6920 --- freeipa.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/freeipa.spec.in b/freeipa.spec.in index 3b7410b..1dd550b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -639,6 +639,7 @@ Requires: python-gssapi >= 1.2.0 Requires: gnupg Requires: keyutils Requires: pyOpenSSL +Requires: python >= 2.7.9 Requires: python-nss >= 0.16 Requires: python-cryptography >= 1.4 Requires: python-netaddr From 3c96c97a82fbf6907aca7f885fdd1051389e0e57 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 18:42:13 +0200 Subject: [PATCH 2/3] installer service: fix typo in service entry The typo would result in incorrect resolution of existing keys and their existence wasn't properly logged as intended. Related https://pagure.io/freeipa/issue/6920 --- ipaserver/install/service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 6b5e69c..1aa49ed 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -181,7 +181,7 @@ def set_service_entry_config(name, fqdn, config_values, except errors.NotFound: pass else: - existing_values = entry.get('ipaConnfigString', []) + existing_values = entry.get('ipaConfigString', []) for value in config_values: if case_insensitive_attr_has_value(existing_values, value): root_logger.debug( From e39ca833903a109c112073ffd67ae17076b57c27 Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Tue, 2 May 2017 19:26:04 +0200 Subject: [PATCH 3/3] upgrade: add missing suffix to http instance During an upgrade, http.suffix is used to identify ldap entry when configuring kdc proxy. When the suffix is missing, the script crashed when enabling KDC proxy, because it used invalid DN. Fixes https://pagure.io/freeipa/issue/6920 --- ipaserver/install/server/upgrade.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4d8fd66..9aec2d8 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1638,6 +1638,7 @@ def upgrade_configuration(): http = httpinstance.HTTPInstance(fstore) http.fqdn = fqdn http.realm = api.env.realm + http.suffix = ipautil.realm_to_suffix(api.env.realm) http.configure_selinux_for_httpd() http.change_mod_nss_port_from_http()
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code