Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade: add missing DN suffix when enabling KDC proxy #752

Closed
wants to merge 3 commits into from
Closed

upgrade: add missing DN suffix when enabling KDC proxy #752

wants to merge 3 commits into from

Conversation

tkrizek
Copy link
Contributor

@tkrizek tkrizek commented May 2, 2017
edited by MartinBasti

This issue prevented from upgrading from IPA 4.1.

I also discovered a missing python dependency when I was running the ipa-server-upgrade manually. For packagers: the Python version that has the required symbols in CentOS is 2.7.5-24

https://pagure.io/freeipa/issue/6920

Tomas Krizek added 3 commits May 2, 2017 18:32
python2-ipalib: add missing python dependency
cb3052b 
Commit dfd560a started to use
ssl symbols like ssl.OP_NO_SSLv2 that were introduced in Python 2.7.9.

Related https://pagure.io/freeipa/issue/6920
installer service: fix typo in service entry
213e251 
The typo would result in incorrect resolution of existing keys and
their existence wasn't properly logged as intended.

Related https://pagure.io/freeipa/issue/6920
upgrade: add missing suffix to http instance
74ef58e 
During an upgrade, http.suffix is used to identify ldap entry when
configuring kdc proxy. When the suffix is missing, the script crashed
when enabling KDC proxy, because it used invalid DN.

Fixes https://pagure.io/freeipa/issue/6920
@martbab martbab self-assigned this May 4, 2017
@martbab
Copy link
Contributor

martbab commented May 5, 2017

This makes me wonder why don't we just use self.api.env.basedn in the ldap_enable/enable_kdcproxy/enable_pkinit methods but instead rely on 3 ways how to construct the root DN.

LGTM as a quick fix, but we need to overhaul this part service installers in the future.

@MartinBasti
Copy link
Contributor

Works for me

@MartinBasti MartinBasti added the ack Pull Request approved, can be merged label May 5, 2017
@martbab
Copy link
Contributor

martbab commented May 5, 2017

A separate PR will be needed for ipa-4-5 branch.

@MartinBasti
Copy link
Contributor

master:

  • 999706f python2-ipalib: add missing python dependency
  • 4b8ab77 installer service: fix typo in service entry
  • ebefb28 upgrade: add missing suffix to http instance

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label May 5, 2017
@MartinBasti MartinBasti closed this May 5, 2017
@tkrizek tkrizek mentioned this pull request May 9, 2017
Closed
@tkrizek tkrizek deleted the t6920-enable-kdcproxy-during-upgrade branch September 15, 2017 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@martbab martbab

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@tkrizek @martbab @MartinBasti