summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2012-11-16 13:59:11 +0100
committerMartin Kosek <mkosek@redhat.com>2012-11-23 12:19:20 +0100
commit83ef2e251fa0550ebecc68c4c54406b1cef7f3b3 (patch)
tree116ea69c6b4eb2bd8b7ee8d6df74076470d7a682
parent17f91dac5501b165615453c79f75f7df88459544 (diff)
downloadfreeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.tar.gz
freeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.tar.xz
freeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.zip
Filter suffix in replication management tools
With the new unified Dogtag10 LDAP database, PKI-CA data and the agreements themselves are now in the main LDAP instance. Replication management tools now need to properly filter replication agreements based on the suffix to avoid clashing of agreements of different types.
-rwxr-xr-xinstall/tools/ipa-csreplica-manage2
-rw-r--r--ipaserver/install/replication.py37
2 files changed, 31 insertions, 8 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index f2924993f..55edd1a23 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -376,7 +376,7 @@ def re_initialize(realm, options):
thishost = installutils.get_fqdn()
- filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost
+ filter = repl.get_agreement_filter(host=thishost)
entry = repl.conn.search_s(DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter)
if len(entry) == 0:
root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 23de883a5..dfc3c7716 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -191,6 +191,32 @@ class ReplicationManager(object):
return retval
+ def get_agreement_filter(self, agreement_types=None, host=None):
+ """
+ Get an LDAP replication agreement filter with a possibility to filter
+ the agreements by their type and a host
+ """
+ if agreement_types is None:
+ agreement_types = (IPA_REPLICA, WINSYNC)
+ elif not isinstance(agreement_types, (list, tuple)):
+ agreement_types = (agreement_types,)
+
+ agreement_types_filters = []
+ if IPA_REPLICA in agreement_types:
+ agreement_types_filters.append('(&(objectclass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=%s))'
+ % self.suffix)
+ if WINSYNC in agreement_types:
+ agreement_types_filters.append('(objectclass=nsDSWindowsReplicationAgreement)')
+ if len(agreement_types_filters) > 1:
+ agreement_filter = '(|%s)' % ''.join(agreement_types_filters)
+ else:
+ agreement_filter = ''.join(agreement_types_filters)
+
+ if host is not None:
+ agreement_filter = '(&%s(nsDS5ReplicaHost=%s))' % (agreement_filter, host)
+
+ return agreement_filter
+
def find_replication_agreements(self):
"""
The replication agreements are stored in
@@ -202,7 +228,7 @@ class ReplicationManager(object):
response. For now just return "No entries" even if the user may
not be allowed to see them.
"""
- filt = "(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement))"
+ filt = self.get_agreement_filter()
try:
ents = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')),
ldap.SCOPE_SUBTREE, filt)
@@ -220,7 +246,7 @@ class ReplicationManager(object):
res = []
- filt = "(objectclass=nsds5ReplicationAgreement)"
+ filt = self.get_agreement_filter(IPA_REPLICA)
try:
ents = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')),
ldap.SCOPE_SUBTREE, filt)
@@ -242,7 +268,7 @@ class ReplicationManager(object):
Returns None if not found.
"""
- filt = "(&(|(objectclass=nsds5ReplicationAgreement)(objectclass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=%s))" % hostname
+ filt = self.get_agreement_filter(host=hostname)
try:
entries = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')),
ldap.SCOPE_SUBTREE, filt)
@@ -958,10 +984,7 @@ class ReplicationManager(object):
newschedule = '2358-2359 0'
- filter = ('(&(nsDS5ReplicaHost=%s)'
- '(&(!(nsDS5ReplicaRoot=o=ipaca))'
- '(|(objectclass=nsDSWindowsReplicationAgreement)'
- '(objectclass=nsds5ReplicationAgreement))))' % hostname)
+ filter = self.get_agreement_filter(host=hostname)
entries = conn.getList(
DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter)
if len(entries) == 0: