From c5f319d3e8d1b5e500225af207ac247f75baea17 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Wed, 6 May 2015 15:06:56 +0200
Subject: replica-manage: Properly delete nested entries

Bad ordering of LDAP entries during replica removal resulted in a failure to
delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This
patch enforces the correct ordering of entries resulting in proper removal of
services before the host entry itself.

https://fedorahosted.org/freeipa/ticket/5019

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 install/tools/ipa-replica-manage | 2 +-
 ipaserver/install/replication.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 4f92c0c92..0d2688e6d 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -322,7 +322,7 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
                     ipautil.realm_to_suffix(realm))
             entries = repl1.conn.get_entries(dn, repl1.conn.SCOPE_SUBTREE)
             if entries:
-                entries.sort(key=len, reverse=True)
+                entries.sort(key=lambda x: len(x.dn), reverse=True)
                 for entry in entries:
                     repl1.conn.delete_entry(entry)
         except Exception, e:
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 4c16dc225..8ac024308 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1178,7 +1178,7 @@ class ReplicationManager(object):
                 self.suffix, ldap.SCOPE_SUBTREE,
                 filter='(krbprincipalname=*/%s@%s)' % (replica, realm))
             if entries:
-                entries.sort(key=len, reverse=True)
+                entries.sort(key=lambda x: len(x.dn), reverse=True)
                 for entry in entries:
                     self.conn.delete_entry(entry)
         except errors.NotFound:
@@ -1220,7 +1220,7 @@ class ReplicationManager(object):
                     ('cn', 'etc'), self.suffix)
             entries = self.conn.get_entries(dn, ldap.SCOPE_SUBTREE)
             if entries:
-                entries.sort(key=len, reverse=True)
+                entries.sort(key=lambda x: len(x.dn), reverse=True)
                 for entry in entries:
                     self.conn.delete_entry(entry)
         except errors.NotFound:
-- 
cgit