[Freeipa-devel] [PATCH] 0038 Rework init and sync commands of ipa-replica-prepare
Jakub Hrozek
jhrozek at redhat.com
Tue Dec 21 18:09:46 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/21/2010 08:14 AM, Simo Sorce wrote:
>
> These commands had a very confusing syntax as well as issues (init was
> running the memberof task on the wrong server).
>
> The commands has been renamed to make it clearer what they do.
> init -> re-initialize
> synch -> force-sync
>
> both commands now require a --from <hostname> as the server they get
> their data from and can only be run on the replica that needs to be
> re-initialized or re-synced. This is to make it was confusing to
> understand what server was used so now the server you are operating on
> is the one you are sitting on.
>
> As a bonus the whole thing now works with just admin credentials (or
> any kerb credentials of a user with the managereplica permission).
>
> The init command also does not return until the re-initialization is
> done (giving out the status once a second) and properly runs the
> memberof task only once all the entries have been received.
>
> The only thing that I am a bit unconfortable with is the new aci on the
> cn=tasks,cn=config object. I tried to add the task on the cn=memberof
> task,cn=tasks,cn=config object to restrict pwer only on that task, but
> DS refused to allow me to set an aci on that entry for some reason.
>
> Fixes: #626
>
> Simo.
>
The patch looks good to me, but the hunk in ipaserver/install/service.py
seems to be completely unrelated. Did you run git commit -am by accident?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0Q7WoACgkQHsardTLnvCX9qwCgoOvWEijDCVR5HdkwTmUy3k1G
10cAoOUf3Ku9jtsVTT1Wt0iTmX5uKuoP
=GMK7
-----END PGP SIGNATURE-----
More information about the Freeipa-devel
mailing list