From b77046d55089f52a060128bf6d78a5e7fe9161fd Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 8 Feb 2011 22:24:54 -0500
Subject: Disable replication version plugin by default.

The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.

When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.

Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.

ticket 918
---
 ipaserver/install/dsinstance.py  |  4 ++++
 ipaserver/install/replication.py | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)

(limited to 'ipaserver')

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index be6b5048..2544e167 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -289,6 +289,10 @@ class DsInstance(service.Service):
 
 
     def __setup_replica(self):
+        replication.enable_replication_version_checking(self.fqdn,
+            self.realm_name,
+            self.dm_password)
+
         repl = replication.ReplicationManager(self.realm_name,
                                               self.fqdn,
                                               self.dm_password)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index ac35db1a..0bf0e218 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -22,6 +22,7 @@ import time, logging
 import os
 import ldap
 from ipaserver import ipaldap
+from ipaserver.install.service import restart
 from ldap import modlist
 from ipalib import util
 from ipalib import errors
@@ -53,6 +54,26 @@ def check_replication_plugin():
 
     return True
 
+def enable_replication_version_checking(hostname, realm, dirman_passwd):
+    """
+    Check the replication version checking plugin. If it is not
+    enabled then enable it and restart 389-ds. If it is enabled
+    the do nothing.
+    """
+    conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT)
+    if dirman_passwd:
+        conn.do_simple_bind(bindpw=dirman_passwd)
+    else:
+        conn.sasl_interactive_bind_s('', SASL_AUTH)
+    entry = conn.search_s('cn=IPA Version Replication,cn=plugins,cn=config', ldap.SCOPE_BASE, 'objectclass=*')
+    if entry[0].getValue('nsslapd-pluginenabled') == 'off':
+        conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
+        conn.unbind()
+        serverid = "-".join(realm.split("."))
+        restart("dirsrv", instance_name=serverid)
+    else:
+        conn.unbind()
+
 class ReplicationManager:
     """Manage replication agreements between DS servers, and sync
     agreements with Windows servers"""
-- 
cgit