Fix ORDERING in some attributetypes and remove other unnecessary elements.

Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.

This requires 389-ds-base-1.2.8.0-1+

ticket 1153

2 files changed, 11 insertions, 5 deletions

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 44a95465f..4feb0cf43 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -414,7 +414,7 @@ class LDAPUpdate:
            The return type is ipaldap.Entry
         """
         searchfilter="objectclass=*"
-        sattrs = ["*"]
+        sattrs = ["*", "aci", "attributeTypes", "objectClasses"]
         scope = ldap.SCOPE_BASE
 
         return self.conn.getList(dn, scope, searchfilter, sattrs)
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index b72a43ee3..b933839ab 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -523,10 +523,16 @@ class IPAdmin(SimpleLDAPObject):
             adds = list(new_values.difference(old_values))
             removes = list(old_values.difference(new_values))
 
-            if len(removes) > 0:
-                modlist.append((ldap.MOD_DELETE, key, removes))
-            if len(adds) > 0:
-                modlist.append((ldap.MOD_ADD, key, adds))
+            # You can't remove schema online. An add will automatically
+            # replace any existing schema.
+            if old_entry.get('dn') == 'cn=schema':
+                if len(adds) > 0:
+                    modlist.append((ldap.MOD_ADD, key, adds))
+            else:
+                if len(removes) > 0:
+                    modlist.append((ldap.MOD_DELETE, key, removes))
+                if len(adds) > 0:
+                    modlist.append((ldap.MOD_ADD, key, adds))
 
         return modlist