replica-manage: Properly delete nested entries

Bad ordering of LDAP entries during replica removal resulted in a failure to
delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This
patch enforces the correct ordering of entries resulting in proper removal of
services before the host entry itself.

https://fedorahosted.org/freeipa/ticket/5019

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 4c16dc225..8ac024308 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1178,7 +1178,7 @@ class ReplicationManager(object):
                 self.suffix, ldap.SCOPE_SUBTREE,
                 filter='(krbprincipalname=*/%s@%s)' % (replica, realm))
             if entries:
-                entries.sort(key=len, reverse=True)
+                entries.sort(key=lambda x: len(x.dn), reverse=True)
                 for entry in entries:
                     self.conn.delete_entry(entry)
         except errors.NotFound:
@@ -1220,7 +1220,7 @@ class ReplicationManager(object):
                     ('cn', 'etc'), self.suffix)
             entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
             if entries:
-                entries.sort(key=len, reverse=True)
+                entries.sort(key=lambda x: len(x.dn), reverse=True)
                 for entry in entries:
                     self.conn.delete_entry(entry)
         except errors.NotFound: