From c1e9b6fa1d3b334e6331c00158bf8e71926cd658 Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akrivoka@redhat.com>
Date: Wed, 15 May 2013 11:22:41 +0200
Subject: Make sure replication works after DM password is changed

Replica information file contains the file `cacert.p12` which is protected by
the Directory Manager password of the initial IPA server installation. The DM
password of the initial installation is also used for the PKI admin user
password.

If the DM password is changed after the IPA server installation, the replication
fails.

To prevent this failure, add the following steps to ipa-replica-prepare:
1. Regenerate the `cacert.p12` file and protect it with the current DM password
2. Update the password of the PKI admin user with the current DM password

https://fedorahosted.org/freeipa/ticket/3594
---
 freeipa.spec.in | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'freeipa.spec.in')

diff --git a/freeipa.spec.in b/freeipa.spec.in
index 5a143b64..debc6e58 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -17,7 +17,7 @@ Source0:        freeipa-%{version}.tar.gz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %if ! %{ONLY_CLIENT}
-BuildRequires:  389-ds-base-devel >= 1.3.1.1
+BuildRequires:  389-ds-base-devel >= 1.3.1.3
 BuildRequires:  svrcore-devel
 BuildRequires:  policycoreutils >= %{POLICYCOREUTILSVER}
 BuildRequires:  systemd-units
@@ -89,7 +89,7 @@ Group: System Environment/Base
 Requires: %{name}-python = %{version}-%{release}
 Requires: %{name}-client = %{version}-%{release}
 Requires: %{name}-admintools = %{version}-%{release}
-Requires: 389-ds-base >= 1.3.1.1
+Requires: 389-ds-base >= 1.3.1.3
 Requires: openldap-clients > 2.4.35-4
 %if 0%{?fedora} == 18
 Requires: nss >= 3.14.3-2
@@ -145,7 +145,7 @@ Requires: zip
 Requires: policycoreutils >= %{POLICYCOREUTILSVER}
 Requires: tar
 Requires(pre): certmonger >= 0.65
-Requires(pre): 389-ds-base >= 1.3.0.5
+Requires(pre): 389-ds-base >= 1.3.1.3
 
 # With FreeIPA 3.3, package freeipa-server-selinux was obsoleted as the
 # entire SELinux policy is stored in the system policy
@@ -815,6 +815,9 @@ fi
 %endif  # ! %{ONLY_CLIENT}
 
 %changelog
+* Wed Jul 10 2013 Ana Krivokapic <akrivoka@redhat.com> - 3.2.99-4
+- Bump minimum version of 389-ds-base to 1.3.1.3 for user password change fix.
+
 * Wed Jun 26 2013 Jan Cholasta <jcholast@redhat.com> - 3.2.99-3
 - Bump minimum version of 389-ds-base to 1.3.1.1 for SASL mapping priority
   support.
-- 
cgit