[Freeipa-devel] FreeIPA 4.0.3?
Ludwig Krispenz
lkrispen at redhat.com
Thu Sep 11 14:21:48 UTC 2014
On 09/11/2014 04:17 PM, Nathaniel McCallum wrote:
> On Thu, 2014-09-11 at 16:09 +0200, Ludwig Krispenz wrote:
>> On 09/11/2014 04:04 PM, Martin Kosek wrote:
>>> On 09/11/2014 03:47 PM, Nathaniel McCallum wrote:
>>>> On Thu, 2014-09-11 at 15:46 +0200, Petr Viktorin wrote:
>>>>> On 09/11/2014 01:37 PM, Martin Kosek wrote:
>>>>>> Hi team,
>>>>>>
>>>>>> It seems we have pretty serious bug in our FreeIPA 4.0.2 release, breaking
>>>>>> upgrade from older releases:
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/4529
>>>>>>
>>>>>> We also have packaging fix requested by Fedora Server roles group:
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/4430
>>>>>>
>>>>>> It seems just these 2 bugs are enough for a quick FreeIPA 4.0.3 release...
>>>>>> Makes sense? Any other tickets or patches we would like to get in?
>>>>> Looks like it's just those two. I'll start releasing shortly.
>>>> I'd like to get a fix in for the missing ciphers in the new NSS. I can
>>>> have a patch on the list shortly.
>>>>
>>>> Nathaniel
>>> Isn't this related to
>>> https://fedorahosted.org/freeipa/ticket/4395
>>> ? I think we do not work with the newest DS which fixed the default ciphers.
>> yes
>>> Don't we need to set our SSL ciphers setting to
>>>
>>> https://fedorahosted.org/389/ticket/47838#comment:29
>> yes
>> tjhe attached patch tries this, but at the moment I failed to build and
>> also to upgrade to F21
> NACKallowweakcipher
>
>
> LDAP error: OBJECT_CLASS_VIOLATION
> attribute "allowweakcipher" not allowed
>
> I suspect we are missing a spec file requirement on a newer version of 389...
yes, you need the latest build of DS, Noriko added the allowweakcipher
only yesterday.
That's the problem, I wanted to wait with the ipa side patch until
allowweakcipher was implemented and then on F21 ipa and 389 no longer
played well and now there is a rush
>
> Nathaniel
>
More information about the Freeipa-devel
mailing list