[Freeipa-devel] [PATCH] 0052 Add ipa-advise plugins for legacy clients
Jakub Hrozek
jhrozek at redhat.com
Mon Aug 5 22:15:26 UTC 2013
On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
> On Mon, 05 Aug 2013, Ana Krivokapic wrote:
> >>>+ except errors.NotFound:
> >>>+ return dict(result=False)
> >>>+
> >>>+ attr = groups_entry.get('schema-compat-lookup-sssd')
> >>same here.
> >>
> >>It needs my patch 0112 too -- it changes ipa-adtrust-install to write
> >>proper configuration options to slapi-nis configs.
> >
> >Done.
> >
> >Also, references to both relevant tickets
> >https://fedorahosted.org/freeipa/ticket/3671 and
> >https://fedorahosted.org/freeipa/ticket/3672 added to commit messages.
> >
> >Updated patches attached.
> Thanks. Few more comments now that I've ran the ipa-advise with the
> plugins:
>
> 1. We need to put downloading the certificate to both plugins.
Right, this is something that was documented on the wiki during the test
day and I agree with Alexander it makes sense to be present in the
advise tool as well.
> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf
Wouldn't it be better to just say that you need to make sure that the
certicicates are present on openldap's configured directories? That
would cover not only the SSSD but also all the tool like ldapsearch the
admin might want to run for troubleshooting. Maybe a hint to run
cacertdir_rehash would be nice.
More information about the Freeipa-devel
mailing list