[Freeipa-devel] #4450: how to allow password migration?
Ludwig Krispenz
lkrispen at redhat.com
Wed Jul 23 06:42:02 UTC 2014
On 07/22/2014 05:01 PM, Martin Kosek wrote:
> Hello,
>
> I was thinking more about the solution to fix migration in FreeIPA 4.0 as
> proposed in
> https://fedorahosted.org/freeipa/ticket/4450#comment:6
> and I realized it will be more complicated.
>
> Conditionally enabling nsslapd-allow-hashed-passwords in cn=config when
> migration mode is enabled is tricky as this setting is not replicated, compared
> to ipamigrationenabled.
>
> So enabling the migration on one server would still leave it broken on other
> servers. The same applies for disabling it again.
>
> Any ideas how to solve the issue? I am thinking we may need to unconditionally
> enable this cn=config setting for now to unblock migration (thus effectively
> revert https://fedorahosted.org/389/ticket/47389). Any other solution I can
> think of would be too complicated.
if you alwayys enable it, you would have the same behaviour as before
#47389 (which you see as a regression), so it should be ok.
Ludwig
Thanks.
More information about the Freeipa-devel
mailing list