diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ldapupdate.py | 2 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 14 |
2 files changed, 11 insertions, 5 deletions
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 44a95465f..4feb0cf43 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -414,7 +414,7 @@ class LDAPUpdate: The return type is ipaldap.Entry """ searchfilter="objectclass=*" - sattrs = ["*"] + sattrs = ["*", "aci", "attributeTypes", "objectClasses"] scope = ldap.SCOPE_BASE return self.conn.getList(dn, scope, searchfilter, sattrs) diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index b72a43ee3..b933839ab 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -523,10 +523,16 @@ class IPAdmin(SimpleLDAPObject): adds = list(new_values.difference(old_values)) removes = list(old_values.difference(new_values)) - if len(removes) > 0: - modlist.append((ldap.MOD_DELETE, key, removes)) - if len(adds) > 0: - modlist.append((ldap.MOD_ADD, key, adds)) + # You can't remove schema online. An add will automatically + # replace any existing schema. + if old_entry.get('dn') == 'cn=schema': + if len(adds) > 0: + modlist.append((ldap.MOD_ADD, key, adds)) + else: + if len(removes) > 0: + modlist.append((ldap.MOD_DELETE, key, removes)) + if len(adds) > 0: + modlist.append((ldap.MOD_ADD, key, adds)) return modlist |