Re: [Freeipa-devel] LDAP updater with --test option

2014-07-24 Thread Rob Crittenden 
Martin Basti wrote:
> Hi list,
> 
> maybe I missed something, but I expected, there are no modifications
> with this option.
> 
> With --test option the LDAP schema is not updated,  but update plugins
> don't care about --test option ('live_run' in code).
> 
> Update plugins use and IPA api directly to modify LDAP instead of return
> a required changes
> (DNS, update_idranges, update_managed_permissions, update_pacs,
> update_services  plugins).
> 
> Am wrong, or it is bad behavior and plugin should be fixed to not
> execute any modifications in test mode?

I seem to recall that Petr^3 saw this as well and filed a ticket though
I can't find it. IMHO yes, plugins should honor the test mode.

> Next Q: I have method which prepares IPA to support DNSSEC. The method 
> requires both updating LDAP and creating directories/keytabs/etc.
> Should I separate the LDAP part of update method, or can I use it all in
> ldap-updater?

The updater is intended for LDAP updates only. Probably best to split it
with the ipa-upgradeconfig script.

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] LDAP updater with --test option

2014-07-24 Thread Jan Cholasta 

Dne 24.7.2014 v 17:14 Martin Basti napsal(a):

Hi list,

maybe I missed something, but I expected, there are no modifications
with this option.

With --test option the LDAP schema is not updated,  but update plugins
don't care about --test option ('live_run' in code).


Most plugins should respect --test, only those that use ipaldap directly 
not, see .




Update plugins use and IPA api directly to modify LDAP instead of return
a required changes
(DNS, update_idranges, update_managed_permissions, update_pacs,
update_services  plugins).

Am wrong, or it is bad behavior and plugin should be fixed to not
execute any modifications in test mode?

Next Q: I have method which prepares IPA to support DNSSEC. The method
requires both updating LDAP and creating directories/keytabs/etc.
Should I separate the LDAP part of update method, or can I use it all in
ldap-updater?




--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] LDAP updater with --test option

2014-07-24 Thread Martin Basti 

Hi list,

maybe I missed something, but I expected, there are no modifications 
with this option.


With --test option the LDAP schema is not updated,  but update plugins 
don't care about --test option ('live_run' in code).


Update plugins use and IPA api directly to modify LDAP instead of return 
a required changes
(DNS, update_idranges, update_managed_permissions, update_pacs, 
update_services  plugins).


Am wrong, or it is bad behavior and plugin should be fixed to not 
execute any modifications in test mode?


Next Q: I have method which prepares IPA to support DNSSEC. The method  
requires both updating LDAP and creating directories/keytabs/etc.
Should I separate the LDAP part of update method, or can I use it all in 
ldap-updater?


--
Martin Basti

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel