[Freeipa-devel] [PATCH] 964 catch connection exceptions
Martin Kosek
mkosek at redhat.com
Fri Feb 24 15:54:59 UTC 2012
On Thu, 2012-02-23 at 17:32 -0500, Rob Crittenden wrote:
> The call to create_connection in the backend was outside a try/except so
> we would miss public ACI errors. This will catch them.
>
> To test this you can delete the S4U2Proxy delegation:
>
> $ ldapmodify -x -D 'cn=directory manager' -W
> LDAP Password:
> dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
> changetype: modify
> delete: memberPrincipal
>
> $ kinit admin
> $ user-show admin
> ipa: ERROR: Insufficient access: KDC returned NOT_ALLOWED_TO_DELEGATE
>
> To fix your instance run:
>
> # ipa-ldap-updater --ldapi /usr/share/ipa/updates/30-s4u2proxy.update
>
> rob
ACK. Works ok. Pushed to master, ipa-2-2.
Martin
More information about the Freeipa-devel
mailing list