From 1dd7364b7b0e26c09884b045afbc9736b9340ee5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 28 Apr 2011 08:57:36 -0400 Subject: Handle principal not found errors when converting replication a greements There are times where one side or the other is missing its peers krbprincipalname when converting from simple to GSSAPI replication. Ticket 1188 should address the cause of this. This patch provides better information and handling should either side be missing. ticket 1044 --- ipaserver/install/replication.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'ipaserver/install') diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 3712d1c3e..e640873ba 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -441,6 +441,13 @@ class ReplicationManager: a_pn = b.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_a) b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b) + if a_pn is None: + logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b))) + if b_pn is None: + logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a))) + if a_pn is None or b_pn is None: + raise RuntimeError('Replication agreement cannot be converted') + # Add kerberos principal DNs as valid bindDNs for replication try: mod = [(ldap.MOD_ADD, "nsds5replicabinddn", b_pn[0].dn)] -- cgit