[Freeipa-devel] [PATCH] 0052 Add ipa-advise plugins for legacy clients
Martin Kosek
mkosek at redhat.com
Wed Aug 7 07:22:50 UTC 2013
On 08/07/2013 08:48 AM, Alexander Bokovoy wrote:
> On Tue, 06 Aug 2013, Ana Krivokapic wrote:
>> On 08/06/2013 12:15 AM, Jakub Hrozek wrote:
>>> On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
>>>> On Mon, 05 Aug 2013, Ana Krivokapic wrote:
>>>>>>> + except errors.NotFound:
>>>>>>> + return dict(result=False)
>>>>>>> +
>>>>>>> + attr = groups_entry.get('schema-compat-lookup-sssd')
>>>>>> same here.
>>>>>>
>>>>>> It needs my patch 0112 too -- it changes ipa-adtrust-install to write
>>>>>> proper configuration options to slapi-nis configs.
>>>>> Done.
>>>>>
>>>>> Also, references to both relevant tickets
>>>>> https://fedorahosted.org/freeipa/ticket/3671 and
>>>>> https://fedorahosted.org/freeipa/ticket/3672 added to commit messages.
>>>>>
>>>>> Updated patches attached.
>>>> Thanks. Few more comments now that I've ran the ipa-advise with the
>>>> plugins:
>>>>
>>>> 1. We need to put downloading the certificate to both plugins.
>>> Right, this is something that was documented on the wiki during the test
>>> day and I agree with Alexander it makes sense to be present in the
>>> advise tool as well.
>>
>> Fixed. cacertdir_rehash script is also downloaded if necessary.
>>
>>>
>>>> 2. The certificate needs to be specified in sssd.conf as well as ldap.conf
>>> Wouldn't it be better to just say that you need to make sure that the
>>> certicicates are present on openldap's configured directories? That
>>> would cover not only the SSSD but also all the tool like ldapsearch the
>>> admin might want to run for troubleshooting. Maybe a hint to run
>>> cacertdir_rehash would be nice.
>>
>> Fixed. We agreed it is best to specify the defaults explicitly in config files,
>> while including a comment about a possible need for manual modification of the
>> script.
>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> Patch 52 is updated, patch 53 needed a rebase. The whole updated patch set is
>> attached.
> Thanks, looks more complete now.
>
> ACK
>
Looks good! Pushed to master.
Martin
More information about the Freeipa-devel
mailing list