Move Managed Entries into their own container in the replicated space.

Repoint cn=Managed Entries,cn=plugins,cn=config in common_setup
Create: cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
Create method for dynamically migrating any and all custom Managed Entries
from the cn=config space into the new container.
Separate the connection creation during update so that a restart can
be performed to initialize changes before performing a delete.
Add wait_for_open_socket() method in installutils

https://fedorahosted.org/freeipa/ticket/1708

5 files changed, 49 insertions, 13 deletions

diff --git a/install/updates/19-managed-entries.update b/install/updates/19-managed-entries.update
new file mode 100644
index 000000000..1d8ebebfd
--- /dev/null
+++ b/install/updates/19-managed-entries.update
@@ -0,0 +1,17 @@
+dn: cn=Managed Entries,cn=plugins,cn=config
+only: nsslapd-pluginConfigArea: 'cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX'
+
+dn: cn=Managed Entries,cn=etc,$SUFFIX
+default: objectClass: nsContainer
+default: objectClass: top
+default: cn: Managed Entries
+
+dn: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
+default: objectClass: nsContainer
+default: objectClass: top
+default: cn: Templates
+
+dn: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
+default: objectClass: nsContainer
+default: objectClass: top
+default: cn: Definitions
diff --git a/install/updates/20-host_nis_groups.update b/install/updates/20-host_nis_groups.update
index 662980211..c6fe8d8ac 100644
--- a/install/updates/20-host_nis_groups.update
+++ b/install/updates/20-host_nis_groups.update
@@ -2,14 +2,22 @@
 # This is required for replication. The template entry will get
 # replicated but the plugin configuration will not.
 
-dn: cn=NGP Definition,cn=Managed Entries,cn=plugins,cn=config
+dn: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
+default:objectclass: mepTemplateEntry
+default:cn: NGP HGP Template
+default:mepRDNAttr: cn
+default:mepStaticAttr: ipaUniqueId: autogenerate
+default:mepStaticAttr: objectclass: ipanisnetgroup
+default:mepStaticAttr: objectclass: ipaobject
+default:mepStaticAttr: nisDomainName: $DOMAIN
+default:mepMappedAttr: cn: $$cn
+default:mepMappedAttr: memberHost: $$dn
+default:mepMappedAttr: description: ipaNetgroup $$cn
+
+dn: cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
 default:objectclass: extensibleObject
-default:cn: NGP Definition
+only:cn: NGP Definition
 default:originScope: cn=hostgroups,cn=accounts,$SUFFIX
 default:originFilter: objectclass=ipahostgroup
 default:managedBase: cn=ng,cn=alt,$SUFFIX
-default:managedTemplate: cn=NGP HGP Template,cn=etc,$SUFFIX
-
-# Fix an existing configuration with the wrong cn
-dn: cn=NGP Definition,cn=Managed Entries,cn=plugins,cn=config
-only:cn: NGP Definition
+default:managedTemplate: cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
diff --git a/install/updates/20-user_private_groups.update b/install/updates/20-user_private_groups.update
index 8c7baca41..d54cc02d6 100644
--- a/install/updates/20-user_private_groups.update
+++ b/install/updates/20-user_private_groups.update
@@ -2,10 +2,23 @@
 # This is required for replication. The template entry will get
 # replicated but the plugin configuration will not.
 
-dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
+dn: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
+default:objectclass: mepTemplateEntry
+default:cn: UPG Template
+default:mepRDNAttr: cn
+default:mepStaticAttr: objectclass: posixgroup
+default:mepStaticAttr: objectclass: ipaobject
+default:mepStaticAttr: ipaUniqueId: autogenerate
+default:mepMappedAttr: cn: $$uid
+default:mepMappedAttr: gidNumber: $$uidNumber
+default:mepMappedAttr: description: User private group for $$uid
+
+
+dn: cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
 default:objectclass: extensibleObject
+replace:originFilter:objectclass=posixAccount::(&(objectclass=posixAccount)(!(description=__no_upg__)))
 default:cn: UPG Definition
 default:originScope: cn=users,cn=accounts,$SUFFIX
-default:originFilter: (&(objectclass=posixAccount)(!(description=__no_upg__)))
+default:originFilter: objectclass=posixAccount
 default:managedBase: cn=groups,cn=accounts,$SUFFIX
-default:managedTemplate: cn=UPG Template,cn=etc,$SUFFIX
+default:managedTemplate: cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
diff --git a/install/updates/50-suppress-upg.update b/install/updates/50-suppress-upg.update
deleted file mode 100644
index 571788266..000000000
--- a/install/updates/50-suppress-upg.update
+++ /dev/null
@@ -1,2 +0,0 @@
-dn: cn=UPG Definition,cn=Managed Entries,cn=plugins,cn=config
-replace: originFilter:objectclass=posixAccount::(&(objectclass=posixAccount)(!(description=__no_upg__)))
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index cf29e3f29..bf4d9af96 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -7,6 +7,7 @@ app_DATA =				\
 	10-RFC4876.update		\
 	10-config.update		\
 	10-sudo.update			\
+	19-managed-entries.update	\
 	20-aci.update			\
 	20-dna.update			\
 	20-host_nis_groups.update	\
@@ -22,7 +23,6 @@ app_DATA =				\
 	50-lockout-policy.update	\
 	50-groupuuid.update		\
 	50-hbacservice.update		\
-	50-suppress-upg.update		\
 	$(NULL)
 
 EXTRA_DIST =				\