[Freeipa-devel] MemberOf and Referential Integrity plugin failures cause abort of operation
Tomas Babej
tbabej at redhat.com
Tue Sep 15 08:23:48 UTC 2015
Hi,
from DS 1.3.3, the memberOf and referential integrity plugins have been
converted to backend transaction plugins, which means that failures in
these plugins will propagate and cause abort of the operation that
triggered them. [1]
I.e. in case of memberOf plugin, if a operation triggered an addition of
memberOf attribute, and that addition failed, the operation itself did
succeed in spite of this failure. This is no longer the case.
We have been already hit by this issue in winsync agreement setup:
https://bugzilla.redhat.com/show_bug.cgi?id=1262315
However, there is little special about this case and there might be
multiple such entries in IPA which are added as group members,
but do not contain an objectclass which allows memberOf attribute.
So we need to step back and think - are there any other entries where
this change of behaviour will hit us?
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1250177
A nice explanation: https://bugzilla.redhat.com/show_bug.cgi?id=1258624
More information about the Freeipa-devel
mailing list