[Freeipa-devel] [PATCH] 910 fix memberof for privileges
Martin Kosek
mkosek at redhat.com
Wed Dec 7 09:22:18 UTC 2011
On Tue, 2011-12-06 at 14:03 -0500, Rob Crittenden wrote:
> Some privileges were being created after the permissions that were
> pointing to it causing the memberof to not be generated.
>
> This patch reorders things for new installs and creates a PBAC memberof
> task that will correct an upgrade.
>
> rob
I found few issues with this patch:
1) It needs a rebase, Makefile.am chunk does not apply.
2) The patch won't fix "Modify Group membership" privilege issue. The
problem here is that this privilege does not have any permissions
assigned at all.
3) The update has failed in my case (on F16):
# ipa-ldap-updater --upgrade
Upgrading IPA:
[1/8]: stopping directory server
[2/8]: saving configuration
[3/8]: disabling listeners
[4/8]: starting directory server
[5/8]: upgrading server
ipa : ERROR Upgrade failed with Unable to connect to LDAP server ldapi://%2fvar%2frun%2fslapd-IDM-LAB-BOS-REDHAT-COM.socket
[6/8]: stopping directory server
[7/8]: restoring configuration
[8/8]: starting directory server
done configuring dirsrv.
ipa : INFO IPA upgrade failed.
IPA upgrade failed.
The socker is there though, no AVC in audit.log either.
# ls /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket
/var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket
Did the update work for you?
Martin
More information about the Freeipa-devel
mailing list