[Freeipa-devel] [PATCH] 755 upgrade IPA on installation
Martin Kosek
mkosek at redhat.com
Fri Mar 18 12:52:27 UTC 2011
On Thu, 2011-03-17 at 17:10 -0400, Rob Crittenden wrote:
> Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
> restriction when run in --upgrade mode. This allows us to autobind
> giving root Directory Manager powers.
>
> This also:
> * corrects the ipa-ldap-updater man page
> * remove automatic --realm, --server, --domain options
> * handle upgrade errors properly
> * saves a copy of dse.ldif before we change it so it can be recovered
> * fixes an error discovered by pylint
>
> ticket 1087
>
> rob
NACK.
Patch is promising, ipa-ldap-updater --upgrade works just fine. The
upgrade was also correctly executed after I did the RPM upgrade.
But I have hit two issues:
1) When ipa-ldap-updater is run as a regular user on a configured IPA
server I get the following error:
$ ipa-ldap-updater
IPA is not configured on this system.
This is because regular user cannot access /var/lib/ipa/sysrestore/. I
guess we should either use another method of detecting installed IPA or
make the script root-only (as we do with other scripts taking advantage
of fstore).
2) I get stacktrace when I run ipa-ldap-updater with --ldapi:
$ sudo ipa-ldap-updater --ldapi
Traceback (most recent call last):
File "/usr/sbin/ipa-ldap-updater", line 125, in <module>
sys.exit(main())
File "/usr/sbin/ipa-ldap-updater", line 111, in main
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, live_run=not options.test, ldapi=options.ldapi)
File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 125, in __init__
conn.do_external_bind(self.pw_name)
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 360, in do_external_bind
self.__lateinit()
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 260, in __lateinit
[ 'nsslapd-directory' ])
File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 378, in getEntry
raise errors.NotFound(reason=notfound(args))
ipalib.errors.NotFound: * not found
I know that --ldapi did not work before the patch either, it just
crashed with another stacktrace. But it would be nice to fix this one.
Martin
More information about the Freeipa-devel
mailing list