Handle principal not found errors when converting replication a greements

There are times where one side or the other is missing its peers
krbprincipalname when converting from simple to GSSAPI replication. Ticket
1188 should address the cause of this.

This patch provides better information and handling should either side
be missing.

ticket 1044

1 files changed, 7 insertions, 0 deletions

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 3712d1c3..e640873b 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -441,6 +441,13 @@ class ReplicationManager:
         a_pn = b.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_a)
         b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b)
 
+        if a_pn is None:
+            logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b)))
+        if b_pn is None:
+            logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a)))
+        if a_pn is None or b_pn is None:
+            raise RuntimeError('Replication agreement cannot be converted')
+
         # Add kerberos principal DNs as valid bindDNs for replication
         try:
             mod = [(ldap.MOD_ADD, "nsds5replicabinddn", b_pn[0].dn)]