Chapitre 23. Authentication and Interoperability
bind-dyndb-ldap
component, BZ#1139776- The latest version of the
bind-dyndb-ldap
system plug-in offers significant improvements over the previous versions, but currently has some limitations. One of the limitations is missing support for the LDAP rename (MODRDN) operation. As a consequence, DNS records renamed in LDAP are not served correctly. To work around this problem, restart thenamed
daemon to resynchronize data after each MODRDN operation. In an Identity Management (IdM) cluster, restart thenamed
daemon on all IdM replicas. ipa
component, BZ#1186352- When you restore an Identity Management (IdM) server from backup and re-initalize the restored data to other replicas, the Schema Compatibility plug-in can still maintain a cache of the old data from before performing the restore and re-initialization. Consequently, the replicas might behave unexpectedly. For example, if you attempt to add a user that was originally added after performing the backup, and thus removed during the restore and re-initialization steps, the operation might fail with an error, because the Schema Compatibility cache contains a conflicting user entry. To work around this problem, restart the IdM replicas after re-intializing them from the master server. This clears the Schema Compatibility cache and ensures that the replicas behave as expected in the described situation.
ipa
component, BZ#1188195- Both anonymous and authenticated users lose the default permission to read the
facsimiletelephonenumber
user attribute after upgrading to the Red Hat Enterprise Linux 7.1 version of Identity Management (IdM). To manually change the new default setting and make the attribute readable again, run the following command:ipa permission-mod 'System: Read User Addressbook Attributes' --includedattrs facsimiletelephonenumber