[Pki-devel] [PATCH] 0042 Upgrade: add scriptlet to add profile schema

Fraser Tweedale ftweedal at redhat.com
Fri Jun 19 07:08:15 UTC 2015 

Updated patch attached - it now merely adds the schema update file,
in the simple format that FreeIPA's schema update machinery uses.

If it's ACKed and I'm not around, please push it as we need it in
10.2.5.

Thanks,
Fraser

On Thu, Jun 18, 2015 at 11:51:59AM -0500, Endi Sukma Dewata wrote:
> >>1. The all DS replicas must be running when the package is installed,
> >>otherwise the upgrade will fail.
> >>
> >Not necessarily.  Dogtag schema shows up in 99user.ldif which means they
> >are replicated.  Schema changes are replicated, which means they really
> >only need to be done on one server.  If a replica is down, it will
> >eventually have the change replicated to it when it replays the
> >changelog.
> 
> Right, I meant to say DS of the server being upgraded must be running (last
> minute changes messed it up). If IPA is shutdown, to my understanding it
> will shutdown the DS too.
> 
> -- 
> Endi S. Dewata
-------------- next part --------------
From 99f3ce751581f4637d04fde173559064aee52820 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 18 Jun 2015 21:28:02 -0400
Subject: [PATCH] Add profiles schema update file

Dogtag does not yet have a reliable way to update its schema, but
FreeIPA does need to add the new schema for LDAP-based profiles
during upgrade to 4.2.  As a temporary solution until Dogtag can
manage its own schema updates (including when deployed as FreeIPA
CA), FreeIPA will perform the schema upgrade.  Provide a schema file
that FreeIPA can use to do this.
---
 base/server/share/conf/schema-certProfile.ldif | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 base/server/share/conf/schema-certProfile.ldif

diff --git a/base/server/share/conf/schema-certProfile.ldif b/base/server/share/conf/schema-certProfile.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..1f09702c2faad9b213cd32c8841cfc77295e5485
--- /dev/null
+++ b/base/server/share/conf/schema-certProfile.ldif
@@ -0,0 +1,4 @@
+dn: cn=schema
+attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' )
+objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' )
-- 
2.1.0

More information about the Pki-devel mailing list