Fix syntax errors in schema files

- add missing closing parenthesis in idnsRecord declaration
- remove extra dollar sign from ipaSudoRule declaration
- handle missing/extraneous X-ORIGIN lines in 10-selinuxusermap.update

This does not use the schema updater because the syntax needs to be
fixed in the files themselves, otherwise 389 1.3.2+ will fail
to start.
Older DS versions transparently fix the syntax errors.

The existing ldap-updater directive for ipaSudoRule is fixed
(ldap-updater runs after upgradeconfig).

https://fedorahosted.org/freeipa/ticket/3578

2 files changed, 2 insertions, 2 deletions

diff --git a/install/updates/10-bind-schema.update b/install/updates/10-bind-schema.update
index a708b3445..2f3fa0aba 100644
--- a/install/updates/10-bind-schema.update
+++ b/install/updates/10-bind-schema.update
@@ -80,4 +80,4 @@ dn: cn=schema
 replace:objectClasses:( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY idnsUpdatePolicy )::( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord    STRUCTURAL MUST ( idnsName $$ idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY ( idnsUpdatePolicy $$ idnsAllowQuery $$ idnsAllowTransfer $$ idnsAllowSyncPTR $$ idnsForwardPolicy $$ idnsForwarders ) )
 replace:attributeTypes:"(1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)::( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )"
 replace:attributeTypes: (0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)::( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-replace:objectClasses:"( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $$ idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord )::( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord )"
+replace:objectClasses:"( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $$ idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord ) )::( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord ) )"
diff --git a/install/updates/10-selinuxusermap.update b/install/updates/10-selinuxusermap.update
index f9af01fad..c5a5167a5 100644
--- a/install/updates/10-selinuxusermap.update
+++ b/install/updates/10-selinuxusermap.update
@@ -18,7 +18,6 @@ add:attributeTypes:
      SUBSTR caseIgnoreSubstringsMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
      X-ORIGIN 'IPA v3')
-     X-ORIGIN 'IPA v3')
 replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) )
 
 # Add the default PAC service type relies on the new SELinux user map
@@ -41,6 +40,7 @@ add:objectClasses:
      NAME 'ipaSELinuxUserMap' SUP ipaAssociation
      STRUCTURAL MUST ipaSELinuxUser
      MAY ( accessTime $$ seeAlso )
+     X-ORIGIN 'IPA v3')
 
 # Create the SELinux User map container
 dn: cn=selinux,$SUFFIX