Make sure memberof is in replication attribute exclusion list.

A previous bug caused this attribute to not be added which would lead to unnecessary replication. This runs as an updater plugin. https://fedorahosted.org/freeipa/ticket/2223
author: Rob Crittenden <rcritten@redhat.com> 2012-02-22 16:02:19 -0500
committer: Martin Kosek <mkosek@redhat.com> 2012-02-23 15:54:59 +0100
commit: ecf544ea0b5e5f8cc8b1339268bb85da90a03f03 (patch)
tree: 11b2b0715def3b0862d66078cee62f712f3e53f3 /ipaserver/install/replication.py
parent: b9e368553421e4ca7052ffbd4ce01926e8519196 (diff)
download: freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.gz
freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.xz
freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.zip
1 files changed, 17 insertions, 12 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 6f6372514..b36fbf8de 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -100,7 +100,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
 class ReplicationManager(object):
     """Manage replication agreements between DS servers, and sync
     agreements with Windows servers"""
-    def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=False):
+    def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=False, conn=None):
         self.hostname = hostname
         self.port = port
         self.dirman_passwd = dirman_passwd
@@ -110,18 +110,23 @@ class ReplicationManager(object):
         self.suffix = str(DN(tmp)).lower()
         self.need_memberof_fixup = False
 
-        # If we are passed a password we'll use it as the DM password
-        # otherwise we'll do a GSSAPI bind.
-        if starttls:
-            self.conn = ipaldap.IPAdmin(hostname, port=port)
-            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERT)
-            self.conn.start_tls_s()
-        else:
-            self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT)
-        if dirman_passwd:
-            self.conn.do_simple_bind(bindpw=dirman_passwd)
+        # The caller is allowed to pass in an existing IPAdmin connection.
+        # Open a new one if not provided
+        if conn is None:
+            # If we are passed a password we'll use it as the DM password
+            # otherwise we'll do a GSSAPI bind.
+            if starttls:
+                self.conn = ipaldap.IPAdmin(hostname, port=port)
+                ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERT)
+                self.conn.start_tls_s()
+            else:
+                self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT)
+            if dirman_passwd:
+                self.conn.do_simple_bind(bindpw=dirman_passwd)
+            else:
+                self.conn.do_sasl_gssapi_bind()
         else:
-            self.conn.do_sasl_gssapi_bind()
+            self.conn = conn
 
         self.repl_man_passwd = dirman_passwd
author	Rob Crittenden <rcritten@redhat.com>	2012-02-22 16:02:19 -0500
committer	Martin Kosek <mkosek@redhat.com>	2012-02-23 15:54:59 +0100
commit	ecf544ea0b5e5f8cc8b1339268bb85da90a03f03 (patch)
tree	11b2b0715def3b0862d66078cee62f712f3e53f3 /ipaserver/install/replication.py
parent	b9e368553421e4ca7052ffbd4ce01926e8519196 (diff)
download	freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.gz freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.xz freeipa-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.zip