diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-03-30 13:42:31 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-04-02 10:49:20 +0200 |
commit | 16b38d39b36eb0b39a77720e30ac4321e902e66b (patch) | |
tree | e089a2908fa37374c4420b4177ba0efbdea9c78b /ipaserver | |
parent | 56fa06fec4a841664f3ad6cbfb97979320c9bfd2 (diff) | |
download | freeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.tar.gz freeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.tar.xz freeipa-16b38d39b36eb0b39a77720e30ac4321e902e66b.zip |
Handle updating replication agreements that lack nsDS5ReplicatedAttributeList
When updating from 2.x we need to add nsDS5ReplicatedAttributeList and
nsDS5ReplicatedAttributeListTotal if they aren't present.
If nsDS5ReplicatedAttributeList is present and doesn't contain memberof
then we want to add it.
https://fedorahosted.org/freeipa/ticket/2594
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/plugins/fix_replica_memberof.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/fix_replica_memberof.py b/ipaserver/install/plugins/fix_replica_memberof.py index 4ab3df426..04152d360 100644 --- a/ipaserver/install/plugins/fix_replica_memberof.py +++ b/ipaserver/install/plugins/fix_replica_memberof.py @@ -33,6 +33,12 @@ class update_replica_memberof(PreUpdate): order=MIDDLE def execute(self, **options): + totalexcludes = ('entryusn', + 'krblastsuccessfulauth', + 'krblastfailedauth', + 'krbloginfailedcount') + excludes = ('memberof', ) + totalexcludes + # We need an IPAdmin connection to the backend conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm) conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name) @@ -43,7 +49,21 @@ class update_replica_memberof(PreUpdate): self.log.debug("Found %d agreement(s)" % len(entries)) for replica in entries: self.log.debug(replica.description) - if 'memberof' not in replica.nsDS5ReplicatedAttributeList: + attrlist = replica.getValue('nsDS5ReplicatedAttributeList') + if attrlist is None: + self.log.debug("Adding nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal") + current = replica.toDict() + # Need to add it altogether + replica.setValues('nsDS5ReplicatedAttributeList', + '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes)) + replica.setValues('nsDS5ReplicatedAttributeListTotal', + '(objectclass=*) $ EXCLUDE %s' % " ".join(totalexcludes)) + try: + repl.conn.updateEntry(replica.dn, current, replica.toDict()) + self.log.debug("Updated") + except Exception, e: + self.log.error("Error caught updating replica: %s" % str(e)) + elif 'memberof' not in attrlist.lower(): self.log.debug("Attribute list needs updating") current = replica.toDict() replica.setValue('nsDS5ReplicatedAttributeList', |