[Freeipa-devel] [PATCHES 0197-0198] Fix uniqueness plugins upgrade
thierry bordaz
tbordaz at redhat.com
Wed Feb 25 16:42:39 UTC 2015
On 02/25/2015 05:28 PM, Martin Basti wrote:
> On 25/02/15 17:23, thierry bordaz wrote:
>> On 02/25/2015 02:34 PM, Martin Basti wrote:
>>> Modifications:
>>> * All plugins are migrated into new configuration style.
>>> * I left attribute uniqueness plugin disabled, cn=uid
>>> uniqueness,cn=plugins,cn=config is checking the same attribute.
>>> * POST_UPDATE plugin for uid removed, I moved it to update file. Is
>>> it okay Alexander? I haven't found reason why we need to do it in
>>> update plugin.
>>>
>>> Thierry, I touched configuration of plugins, which user lifecycle
>>> requires, can you take look if I it does not break anything?
>>>
>>> Patches attached.
>>>
>> Hello Martin,
>>
>> The fix looks good. I have just one question regarding
>> install/updates/10-uniqueness.update.
>>
>> For example :
>> # uid uniqueness scopes Active/Delete containers
>> dn: cn=attribute uniqueness,cn=plugins,cn=config
>> -remove:nsslapd-pluginarg1:'$SUFFIX'
>> -add:nsslapd-pluginarg1:'cn=accounts,$SUFFIX'
>> -add:nsslapd-pluginarg2:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
>> +remove:uniqueness-subtrees:'$SUFFIX'
>> +add:uniqueness-subtrees:'cn=accounts,$SUFFIX'
>> +add:uniqueness-subtrees:'cn=deleted users,cn=accounts,cn=provisioning,$SUFFIX'
>> remove:nsslapd-pluginenabled:off
>> add:nsslapd-pluginenabled:on
>> If we update the rpm from a version where 'nsslapd-pluginarg1' was used.
>> It will not remove it and we will have 'nsslapd-pluginarg1' along
>> with 'uniqueness-subtrees'.
>> Should not we keep 'remove:nsslapd-pluginarg1:'$SUFFIX'' ?
>>
>> thanks
>> thierry
> Hello Thierry,
>
> in patch 0197 is pre-upgrade plugin, which migrate all uniqueness
> plugins into new syntax (this happens before the update file is
> applied). So no nsslapd-pluginarg* attrs will be there.
>
> and in patch 0198 I removed the cn=attribute uniquenes plugin, we
> already have cn=uid uniqueness that do the same thing.
>
> Martin^2
>
> --
> Martin Basti
Ok. I understand. Thanks for the explanation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150225/eb41e514/attachment.htm>
More information about the Freeipa-devel
mailing list