[Freeipa-devel] [PATCH] 0052 Add ipa-advise plugins for legacy clients
Alexander Bokovoy
abokovoy at redhat.com
Wed Aug 7 06:48:16 UTC 2013
On Tue, 06 Aug 2013, Ana Krivokapic wrote:
>On 08/06/2013 12:15 AM, Jakub Hrozek wrote:
>> On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
>>> On Mon, 05 Aug 2013, Ana Krivokapic wrote:
>>>>>> + except errors.NotFound:
>>>>>> + return dict(result=False)
>>>>>> +
>>>>>> + attr = groups_entry.get('schema-compat-lookup-sssd')
>>>>> same here.
>>>>>
>>>>> It needs my patch 0112 too -- it changes ipa-adtrust-install to write
>>>>> proper configuration options to slapi-nis configs.
>>>> Done.
>>>>
>>>> Also, references to both relevant tickets
>>>> https://fedorahosted.org/freeipa/ticket/3671 and
>>>> https://fedorahosted.org/freeipa/ticket/3672 added to commit messages.
>>>>
>>>> Updated patches attached.
>>> Thanks. Few more comments now that I've ran the ipa-advise with the
>>> plugins:
>>>
>>> 1. We need to put downloading the certificate to both plugins.
>> Right, this is something that was documented on the wiki during the test
>> day and I agree with Alexander it makes sense to be present in the
>> advise tool as well.
>
>Fixed. cacertdir_rehash script is also downloaded if necessary.
>
>>
>>> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf
>> Wouldn't it be better to just say that you need to make sure that the
>> certicicates are present on openldap's configured directories? That
>> would cover not only the SSSD but also all the tool like ldapsearch the
>> admin might want to run for troubleshooting. Maybe a hint to run
>> cacertdir_rehash would be nice.
>
>Fixed. We agreed it is best to specify the defaults explicitly in config files,
>while including a comment about a possible need for manual modification of the
>script.
>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>Patch 52 is updated, patch 53 needed a rebase. The whole updated patch set is
>attached.
Thanks, looks more complete now.
ACK
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list