On pe, 18 helmi 2022, Sigbjorn Lie wrote:
Is there an existing BZ for this? As we recently upgraded we have just
about all the recent EL8 patches installed.
I couldn't find one.
The problem is that the ACIs are defined in two places:
install/share/default-aci.ldif
install/updates/20-aci.update
default-aci.ldif has the ACI including GROUPDN but this isn't
applied on
upgrades.
20-aci.update has what you are seeing, USERDN only.
This will require two fixes: one to add the GROUPDN when the ACI is
missing and one to repair existing installs.
rob
_______________________________________________
Ok. I have opened the following BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=2056009
I will open a RH support case to back this request as well.
Thanks for helping in discovering the root cause quickly. :)
Thank you!
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
