[Freeipa-devel] [PATCH] 943 detect duplicate winsync agreement
Martin Kosek
mkosek at redhat.com
Mon Feb 27 13:41:43 UTC 2012
On Fri, 2012-02-24 at 13:09 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Wed, 2012-02-08 at 14:52 -0500, Rob Crittenden wrote:
> >> We currnently only support a single winsync agreement against any given
> >> host so all we need to do is check to see if we have one with the remote
> >> host.
> >>
> >> This also adds some minor exception handling cleanup.
> >>
> >> https://fedorahosted.org/freeipa/ticket/2130
> >>
> >> This depends on my patch 935.
> >>
> >> I have a ticket open, 2358, to add support for multiple agreements.
> >>
> >> rob
> >
> > winsync replica management now looks and works fine, good job there.
> > Though I found an issue in our ipa-winsync plugin during the review.
> >
> > The plugin tries to look for GID number of our default users group so
> > that it can use it for added user. But since ipausers group is now
> > non-posix, it fails to find the GID and creates a user without
> > objectclass posixuser. It is then unusable and is not shown in
> > "user-find" command. Details are in a ticket I created:
> >
> > https://fedorahosted.org/freeipa/ticket/2436
> >
> > But back to your patches. I found out that 943 broke connecting to
> > standard replica:
> >
> > # ipa-replica-manage connect vm-115.idm.lab.bos.redhat.com
> > unexpected error: coercing to Unicode: need string or buffer, NoneType
> > found
> >
> > There are at least 2 problems in this area:
> > 1) It does duplicate winsync agreement check against non-winsync replica
> > 2) It now adds a cert even though it wasn't passed to ipa-replica-manage
> >
> > Martin
> >
>
> Hmm, odd that I took out that cacert conditional. I put it back, works now.
>
> We didn't check for dups when adding a new agreement. It is silently
> handled on the IPA -> IPA side, not win2003, hence the check. I added an
> additional message for the IPA side.
>
> What you would see previously if you tried to connect to an IPA server
> with an existing agreement is "Connected x to y" and not "already an
> agreement.
>
> rob
Yup, this works better. ACK. Pushed to master, ipa-2-2.
Martin
More information about the Freeipa-devel
mailing list