From f1f1b4e7f2e9c1838ad7ec76002b78ca0c2a3c46 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 15 Nov 2012 21:38:26 -0500
Subject: Enable transactions by default, make password and modrdn TXN-aware

The password and modrdn plugins needed to be made transaction aware
for the pre and post operations.

Remove the reverse member hoop jumping. Just fetch the entry once
and all the memberof data is there (plus objectclass).

Fix some unit tests that are failing because we actually get the data
now due to transactions.

Add small bit of code in user plugin to retrieve the user again
ala wait_for_attr but in the case of transactions we need do it only
once.

Deprecate wait_for_attr code.

Add a memberof fixup task for roles.

https://fedorahosted.org/freeipa/ticket/1263
https://fedorahosted.org/freeipa/ticket/1891
https://fedorahosted.org/freeipa/ticket/2056
https://fedorahosted.org/freeipa/ticket/3043
https://fedorahosted.org/freeipa/ticket/3191
https://fedorahosted.org/freeipa/ticket/3046
---
 install/share/nis.uldif                 |  1 +
 install/share/schema_compat.uldif       |  1 +
 install/tools/man/ipa-ldap-updater.1    |  1 +
 install/ui/test/data/ipa_init.json      |  1 -
 install/updates/10-disable-betxn.update | 37 -------------------------
 install/updates/10-enable-betxn.update  | 49 +++++++++++++++++++++++++++++++++
 install/updates/55-pbacmemberof.update  |  8 ++++++
 install/updates/Makefile.am             |  2 +-
 8 files changed, 61 insertions(+), 39 deletions(-)
 delete mode 100644 install/updates/10-disable-betxn.update
 create mode 100644 install/updates/10-enable-betxn.update

(limited to 'install')

diff --git a/install/share/nis.uldif b/install/share/nis.uldif
index 1e5482890..1735fb552 100644
--- a/install/share/nis.uldif
+++ b/install/share/nis.uldif
@@ -6,6 +6,7 @@ default:cn: NIS Server
 default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
 default:nsslapd-plugininitfunc: nis_plugin_init
 default:nsslapd-plugintype: object
+default:nsslapd-pluginbetxn: on
 default:nsslapd-pluginenabled: on
 default:nsslapd-pluginid: nis-server
 default:nsslapd-pluginversion: 0.10
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif
index deca1bb41..a93b32771 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -14,6 +14,7 @@ default:nsslapd-plugintype: object
 default:nsslapd-pluginenabled: on
 default:nsslapd-pluginid: schema-compat-plugin
 default:nsslapd-pluginversion: 0.8
+default:nsslapd-pluginbetxn: on
 default:nsslapd-pluginvendor: redhat.com
 default:nsslapd-plugindescription: Schema Compatibility Plugin
 
diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1
index df8dfe650..37e200f52 100644
--- a/install/tools/man/ipa-ldap-updater.1
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -37,6 +37,7 @@ There are 7 keywords:
     * add: add a value (or values) to an attribute
     * remove: remove a value (or values) from an attribute
     * only: set an attribute to this
+    * onlyifexist: set an attribute to this only if the entry exists
     * deleteentry: remove the entry
     * replace: replace an existing value, format is old: new
     * addifnew: add a new attribute and value only if the attribute doesn't already exist. Only works with single\-value attributes.
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 41f2c6270..44484a9aa 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -738,7 +738,6 @@
                     "startup_traceback": false,
                     "validate_api": false,
                     "verbose": 0,
-                    "wait_for_attr": false,
                     "webui_assets_dir": null,
                     "webui_prod": true,
                     "xmlrpc_uri": "https://dev.example.com/ipa/xml"
diff --git a/install/updates/10-disable-betxn.update b/install/updates/10-disable-betxn.update
deleted file mode 100644
index 8fca4a5e8..000000000
--- a/install/updates/10-disable-betxn.update
+++ /dev/null
@@ -1,37 +0,0 @@
-# Disable transactions in 389-ds-base
-
-dn: cn=7-bit check,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=attribute uniqueness,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=Auto Membership Plugin,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=Linked Attributes,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=Managed Entries,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=MemberOf Plugin,cn=plugins,cn=config
-only: nsslapd-pluginType: postoperation
-
-dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config
-only: nsslapd-pluginbetxn: off
-
-dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
-only: nsslapd-pluginType: preoperation
-
-dn: cn=referential integrity postoperation,cn=plugins,cn=config
-only: nsslapd-pluginType: postoperation
-
-dn: cn=Roles Plugin,cn=plugins,cn=config
-only: nsslapd-pluginbetxn: off
-
-dn: cn=State Change Plugin,cn=plugins,cn=config
-only: nsslapd-pluginType: postoperation
-
-dn: cn=USN,cn=plugins,cn=config
-only: nsslapd-pluginbetxn: off
diff --git a/install/updates/10-enable-betxn.update b/install/updates/10-enable-betxn.update
new file mode 100644
index 000000000..88f584cb3
--- /dev/null
+++ b/install/updates/10-enable-betxn.update
@@ -0,0 +1,49 @@
+# Enable transactions in 389-ds-base
+
+dn: cn=7-bit check,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=attribute uniqueness,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=Auto Membership Plugin,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=Linked Attributes,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=Managed Entries,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=MemberOf Plugin,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpostoperation
+
+dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config
+only: nsslapd-pluginbetxn: on
+
+dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpreoperation
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpostoperation
+
+dn: cn=Roles Plugin,cn=plugins,cn=config
+only: nsslapd-pluginbetxn: on
+
+dn: cn=State Change Plugin,cn=plugins,cn=config
+only: nsslapd-pluginType: betxnpostoperation
+
+dn: cn=USN,cn=plugins,cn=config
+only: nsslapd-pluginbetxn: on
+
+dn: cn=IPA MODRDN,cn=plugins,cn=config
+only: nsslapd-plugintype: betxnpostoperation
+
+dn: cn=ipa_pwd_extop,cn=plugins,cn=config
+only: nsslapd-pluginbetxn: on
+
+dn: cn=Schema Compatibility, cn=plugins, cn=config
+onlyifexist: nsslapd-pluginbetxn: on
+
+dn: cn=NIS Server, cn=plugins, cn=config
+onlyifexist: nsslapd-pluginbetxn: on
diff --git a/install/updates/55-pbacmemberof.update b/install/updates/55-pbacmemberof.update
index bc17f5664..f02b4f84b 100644
--- a/install/updates/55-pbacmemberof.update
+++ b/install/updates/55-pbacmemberof.update
@@ -8,3 +8,11 @@ add: cn: IPA PBAC memberOf $TIME
 add: basedn: 'cn=privileges,cn=pbac,$SUFFIX'
 add: filter: (objectclass=*)
 add: ttl: 10
+
+dn: cn=Update Role memberOf $TIME, cn=memberof task, cn=tasks, cn=config
+add: objectClass: top
+add: objectClass: extensibleObject
+add: cn: Update Role memberOf $TIME
+add: basedn: 'cn=roles,cn=accounts,$SUFFIX'
+add: filter: (objectclass=*)
+add: ttl: 10
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index a675af8b4..2e4f0a264 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -7,7 +7,7 @@ app_DATA =				\
 	10-RFC2307bis.update		\
 	10-RFC4876.update		\
 	10-config.update		\
-	10-disable-betxn.update		\
+	10-enable-betxn.update		\
 	10-selinuxusermap.update	\
 	10-sudo.update			\
 	10-ssh.update			\
-- 
cgit