summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2012-03-30 13:42:31 -0400
committerMartin Kosek <mkosek@redhat.com>2012-04-02 10:49:20 +0200
commit16b38d39b36eb0b39a77720e30ac4321e902e66b (patch)
treee089a2908fa37374c4420b4177ba0efbdea9c78b
parent56fa06fec4a841664f3ad6cbfb97979320c9bfd2 (diff)
downloadfreeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.tar.gz
freeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.tar.xz
freeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.zip
Handle updating replication agreements that lack nsDS5ReplicatedAttributeList
When updating from 2.x we need to add nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal if they aren't present. If nsDS5ReplicatedAttributeList is present and doesn't contain memberof then we want to add it. https://fedorahosted.org/freeipa/ticket/2594
-rw-r--r--ipaserver/install/plugins/fix_replica_memberof.py22
1 files changed, 21 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/fix_replica_memberof.py b/ipaserver/install/plugins/fix_replica_memberof.py
index 4ab3df426..04152d360 100644
--- a/ipaserver/install/plugins/fix_replica_memberof.py
+++ b/ipaserver/install/plugins/fix_replica_memberof.py
@@ -33,6 +33,12 @@ class update_replica_memberof(PreUpdate):
order=MIDDLE
def execute(self, **options):
+ totalexcludes = ('entryusn',
+ 'krblastsuccessfulauth',
+ 'krblastfailedauth',
+ 'krbloginfailedcount')
+ excludes = ('memberof', ) + totalexcludes
+
# We need an IPAdmin connection to the backend
conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm)
conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
@@ -43,7 +49,21 @@ class update_replica_memberof(PreUpdate):
self.log.debug("Found %d agreement(s)" % len(entries))
for replica in entries:
self.log.debug(replica.description)
- if 'memberof' not in replica.nsDS5ReplicatedAttributeList:
+ attrlist = replica.getValue('nsDS5ReplicatedAttributeList')
+ if attrlist is None:
+ self.log.debug("Adding nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal")
+ current = replica.toDict()
+ # Need to add it altogether
+ replica.setValues('nsDS5ReplicatedAttributeList',
+ '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes))
+ replica.setValues('nsDS5ReplicatedAttributeListTotal',
+ '(objectclass=*) $ EXCLUDE %s' % " ".join(totalexcludes))
+ try:
+ repl.conn.updateEntry(replica.dn, current, replica.toDict())
+ self.log.debug("Updated")
+ except Exception, e:
+ self.log.error("Error caught updating replica: %s" % str(e))
+ elif 'memberof' not in attrlist.lower():
self.log.debug("Attribute list needs updating")
current = replica.toDict()
replica.setValue('nsDS5ReplicatedAttributeList',