[Freeipa-devel] [PATCH] 910 fix memberof for privileges
Rob Crittenden
rcritten at redhat.com
Wed Dec 7 18:50:26 UTC 2011
Martin Kosek wrote:
> On Tue, 2011-12-06 at 14:03 -0500, Rob Crittenden wrote:
>> Some privileges were being created after the permissions that were
>> pointing to it causing the memberof to not be generated.
>>
>> This patch reorders things for new installs and creates a PBAC memberof
>> task that will correct an upgrade.
>>
>> rob
>
> I found few issues with this patch:
>
> 1) It needs a rebase, Makefile.am chunk does not apply.
Done.
>
> 2) The patch won't fix "Modify Group membership" privilege issue. The
> problem here is that this privilege does not have any permissions
> assigned at all.
Right, I started looking at the wrong privilege. Fixed.
>
> 3) The update has failed in my case (on F16):
>
> # ipa-ldap-updater --upgrade
> Upgrading IPA:
> [1/8]: stopping directory server
> [2/8]: saving configuration
> [3/8]: disabling listeners
> [4/8]: starting directory server
> [5/8]: upgrading server
> ipa : ERROR Upgrade failed with Unable to connect to LDAP server ldapi://%2fvar%2frun%2fslapd-IDM-LAB-BOS-REDHAT-COM.socket
> [6/8]: stopping directory server
> [7/8]: restoring configuration
> [8/8]: starting directory server
> done configuring dirsrv.
> ipa : INFO IPA upgrade failed.
> IPA upgrade failed.
>
> The socker is there though, no AVC in audit.log either.
> # ls /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket
> /var/run/slapd-IDM-LAB-BOS-REDHAT-COM.socket
>
> Did the update work for you?
Yes, it works for me. I think this problem is unrelated to my patch.
Might be worth it to check the 389-ds logs to see if it started properly.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-910-2-memberof.patch
Type: text/x-patch
Size: 7501 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/7c6e5c8e/attachment.bin>
More information about the Freeipa-devel
mailing list