diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-11-16 13:59:11 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-11-23 12:19:20 +0100 |
commit | 83ef2e251fa0550ebecc68c4c54406b1cef7f3b3 (patch) | |
tree | 116ea69c6b4eb2bd8b7ee8d6df74076470d7a682 | |
parent | 17f91dac5501b165615453c79f75f7df88459544 (diff) | |
download | freeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.tar.gz freeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.tar.xz freeipa-83ef2e251fa0550ebecc68c4c54406b1cef7f3b3.zip |
Filter suffix in replication management tools
With the new unified Dogtag10 LDAP database, PKI-CA data and the
agreements themselves are now in the main LDAP instance.
Replication management tools now need to properly filter replication
agreements based on the suffix to avoid clashing of agreements of
different types.
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 2 | ||||
-rw-r--r-- | ipaserver/install/replication.py | 37 |
2 files changed, 31 insertions, 8 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index f2924993f..55edd1a23 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -376,7 +376,7 @@ def re_initialize(realm, options): thishost = installutils.get_fqdn() - filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost + filter = repl.get_agreement_filter(host=thishost) entry = repl.conn.search_s(DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter) if len(entry) == 0: root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 23de883a5..dfc3c7716 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -191,6 +191,32 @@ class ReplicationManager(object): return retval + def get_agreement_filter(self, agreement_types=None, host=None): + """ + Get an LDAP replication agreement filter with a possibility to filter + the agreements by their type and a host + """ + if agreement_types is None: + agreement_types = (IPA_REPLICA, WINSYNC) + elif not isinstance(agreement_types, (list, tuple)): + agreement_types = (agreement_types,) + + agreement_types_filters = [] + if IPA_REPLICA in agreement_types: + agreement_types_filters.append('(&(objectclass=nsds5ReplicationAgreement)(nsDS5ReplicaRoot=%s))' + % self.suffix) + if WINSYNC in agreement_types: + agreement_types_filters.append('(objectclass=nsDSWindowsReplicationAgreement)') + if len(agreement_types_filters) > 1: + agreement_filter = '(|%s)' % ''.join(agreement_types_filters) + else: + agreement_filter = ''.join(agreement_types_filters) + + if host is not None: + agreement_filter = '(&%s(nsDS5ReplicaHost=%s))' % (agreement_filter, host) + + return agreement_filter + def find_replication_agreements(self): """ The replication agreements are stored in @@ -202,7 +228,7 @@ class ReplicationManager(object): response. For now just return "No entries" even if the user may not be allowed to see them. """ - filt = "(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement))" + filt = self.get_agreement_filter() try: ents = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')), ldap.SCOPE_SUBTREE, filt) @@ -220,7 +246,7 @@ class ReplicationManager(object): res = [] - filt = "(objectclass=nsds5ReplicationAgreement)" + filt = self.get_agreement_filter(IPA_REPLICA) try: ents = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')), ldap.SCOPE_SUBTREE, filt) @@ -242,7 +268,7 @@ class ReplicationManager(object): Returns None if not found. """ - filt = "(&(|(objectclass=nsds5ReplicationAgreement)(objectclass=nsDSWindowsReplicationAgreement))(nsDS5ReplicaHost=%s))" % hostname + filt = self.get_agreement_filter(host=hostname) try: entries = self.conn.getList(DN(('cn', 'mapping tree'), ('cn', 'config')), ldap.SCOPE_SUBTREE, filt) @@ -958,10 +984,7 @@ class ReplicationManager(object): newschedule = '2358-2359 0' - filter = ('(&(nsDS5ReplicaHost=%s)' - '(&(!(nsDS5ReplicaRoot=o=ipaca))' - '(|(objectclass=nsDSWindowsReplicationAgreement)' - '(objectclass=nsds5ReplicationAgreement))))' % hostname) + filter = self.get_agreement_filter(host=hostname) entries = conn.getList( DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter) if len(entries) == 0: |