diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-04-28 08:57:36 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-04-28 15:10:25 +0200 |
commit | 1dd7364b7b0e26c09884b045afbc9736b9340ee5 (patch) | |
tree | 5898989a0ccbb8c26b37f0fb8398883e1cc06187 /ipaserver | |
parent | 8472dc26b7e261090b73e0dba488df23917830fa (diff) | |
download | freeipa-1dd7364b7b0e26c09884b045afbc9736b9340ee5.tar.gz freeipa-1dd7364b7b0e26c09884b045afbc9736b9340ee5.tar.xz freeipa-1dd7364b7b0e26c09884b045afbc9736b9340ee5.zip |
Handle principal not found errors when converting replication a greements
There are times where one side or the other is missing its peers
krbprincipalname when converting from simple to GSSAPI replication. Ticket
1188 should address the cause of this.
This patch provides better information and handling should either side
be missing.
ticket 1044
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/replication.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 3712d1c3e..e640873ba 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -441,6 +441,13 @@ class ReplicationManager: a_pn = b.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_a) b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b) + if a_pn is None: + logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b))) + if b_pn is None: + logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a))) + if a_pn is None or b_pn is None: + raise RuntimeError('Replication agreement cannot be converted') + # Add kerberos principal DNs as valid bindDNs for replication try: mod = [(ldap.MOD_ADD, "nsds5replicabinddn", b_pn[0].dn)] |