diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-05-10 09:28:02 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-05-22 12:28:21 +0200 |
commit | 9a5c2090eb996f131a6d96e997b0db8e762716ba (patch) | |
tree | 8d45eb45fbab6932c77da5ac6ba304cc133189f2 /ipaserver/install/bindinstance.py | |
parent | aa9ea477af7be67d59f204af4e0da67fd8cfd862 (diff) | |
download | freeipa-9a5c2090eb996f131a6d96e997b0db8e762716ba.tar.gz freeipa-9a5c2090eb996f131a6d96e997b0db8e762716ba.tar.xz freeipa-9a5c2090eb996f131a6d96e997b0db8e762716ba.zip |
Remove LDAP limits from DNS service
bind-dyndb-ldap persistent search queries LDAP for all DNS records.
The LDAP connection must have no size or time limits to work
properly.
This patch updates limits both for existing service principal
on updated machine and for new service principals added
as a part of DNS installation.
https://fedorahosted.org/freeipa/ticket/2531
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index fa3864a22..caac8b4f2 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -475,7 +475,12 @@ class BindInstance(service.Service): # We do not let the system start IPA components on its own, # Instead we reply on the IPA init script to start only enabled # components as found in our LDAP configuration tree - self.ldap_enable('DNS', self.fqdn, self.dm_password, self.suffix) + try: + self.ldap_enable('DNS', self.fqdn, self.dm_password, self.suffix) + except errors.DuplicateEntry: + # service already exists (forced DNS reinstall) + # don't crash, just report error + root_logger.error("DNS service already exists") def __setup_sub_dict(self): if self.forwarders: @@ -586,8 +591,22 @@ class BindInstance(service.Service): except ldap.TYPE_OR_VALUE_EXISTS: pass except Exception, e: - root_logger.critical("Could not modify principal's %s entry" % dns_principal) - raise e + root_logger.critical("Could not modify principal's %s entry: %s" \ + % (dns_principal, str(e))) + raise + + # bind-dyndb-ldap persistent search feature requires both size and time + # limit-free connection + mod = [(ldap.MOD_REPLACE, 'nsTimeLimit', '-1'), + (ldap.MOD_REPLACE, 'nsSizeLimit', '-1'), + (ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'), + (ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')] + try: + self.admin_conn.modify_s(dns_principal, mod) + except Exception, e: + root_logger.critical("Could not set principal's %s LDAP limits: %s" \ + % (dns_principal, str(e))) + raise def __setup_named_conf(self): self.fstore.backup_file('/etc/named.conf') |