[Freeipa-devel] [PATCH] 0052 Add ipa-advise plugins for legacy clients

Tue Aug 6 14:33:58 UTC 2013

On 08/06/2013 12:15 AM, Jakub Hrozek wrote:
> On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
>> On Mon, 05 Aug 2013, Ana Krivokapic wrote:
>>>>> +        except errors.NotFound:
>>>>> +            return dict(result=False)
>>>>> +
>>>>> +        attr = groups_entry.get('schema-compat-lookup-sssd')
>>>> same here.
>>>>
>>>> It needs my patch 0112 too -- it changes ipa-adtrust-install to write
>>>> proper configuration options to slapi-nis configs.
>>> Done.
>>>
>>> Also, references to both relevant tickets
>>> https://fedorahosted.org/freeipa/ticket/3671 and
>>> https://fedorahosted.org/freeipa/ticket/3672 added to commit messages.
>>>
>>> Updated patches attached.
>> Thanks. Few more comments now that I've ran the ipa-advise with the
>> plugins:
>>
>> 1. We need to put downloading the certificate to both plugins.
> Right, this is something that was documented on the wiki during the test
> day and I agree with Alexander it makes sense to be present in the
> advise tool as well.

Fixed. cacertdir_rehash script is also downloaded if necessary.

>
>> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf
> Wouldn't it be better to just say that you need to make sure that the
> certicicates are present on openldap's configured directories? That
> would cover not only the SSSD but also all the tool like ldapsearch the
> admin might want to run for troubleshooting. Maybe a hint to run
> cacertdir_rehash would be nice.

Fixed. We agreed it is best to specify the defaults explicitly in config files,
while including a comment about a possible need for manual modification of the
script.

>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Patch 52 is updated, patch 53 needed a rebase. The whole updated patch set is
attached.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0052-04-Add-ipa-advise-plugins-for-legacy-clients.patch
Type: text/x-patch
Size: 13121 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130806/0bccb4d1/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0054-03-Add-new-command-compat-is-enabled.patch
Type: text/x-patch
Size: 3262 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130806/0bccb4d1/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0053-02-Enable-running-API-commands-in-ipa-advise-plugins.patch
Type: text/x-patch
Size: 2038 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130806/0bccb4d1/attachment-0002.bin>