[Freeipa-devel] [PATCH 0010] KeyError raised upon replica installation
Ludwig Krispenz
lkrispen at redhat.com
Tue Jun 2 15:24:18 UTC 2015
On 06/02/2015 05:16 PM, Martin Kosek wrote:
> On 06/02/2015 05:08 PM, Ludwig Krispenz wrote:
>> On 06/02/2015 03:53 PM, Petr Vobornik wrote:
>>> On 06/02/2015 02:20 PM, Ludwig Krispenz wrote:
>>>> On 06/02/2015 12:09 PM, Oleg Fayans wrote:
>>>>> Hi all,
>>>>>
>>>>> The following error was caught during replica installation (I used all
>>>>> the latest patches from Ludwig and Martin Basti):
>>> - except ldap.TYPE_OR_VALUE_EXISTS:
>>> + except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_OBJECT):
>>>
>>> What happens if all replicas are updated and domain level is raised? I don't
>>> think that the group will be populated. Or will it be? Without it, topology
>>> plugin won't work, right?
>> good point,
>> it will be limited, when adding a new segment a replication agreement will be
>> created, but it will not have the credentials to replicate.
>>> There should be a moment where all the DNs are added.
>> yes, there could probably be a check when topology plugin gets active if the
>> binddn group exists and if not create and populate it
> Should we finally start maintaining by default IPA Masters hostgroup? *That*
> should be the BIND DN group which Topology plugins works with, no?
what would be the members of this group ?
the binddn group needs all the ldap principals in it so that a replica
can do gssapi replication to another replica.
> If this
> group is populated from FreeIPA 4.2+, raising to Domain Level 1 would mean no
> operation needed on FreeIPA side.
>
> This is part of the ticket
> https://fedorahosted.org/freeipa/ticket/3416
>
> This looks as another change that should make it to the Alpha, no?
>
> Martin
More information about the Freeipa-devel
mailing list