diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/share/default-aci.ldif | 5 | ||||
-rwxr-xr-x | install/tools/ipa-replica-manage | 78 |
2 files changed, 46 insertions, 37 deletions
diff --git a/install/share/default-aci.ldif b/install/share/default-aci.ldif index d0dfa23d7..159cb07bd 100644 --- a/install/share/default-aci.ldif +++ b/install/share/default-aci.ldif @@ -23,6 +23,11 @@ changetype: modify add: aci aci: (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) +dn: cn=ipa,cn=etc,$SUFFIX +changetype: modify +add: aci +aci: (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,$SUFFIX";) + dn: cn=accounts,$SUFFIX changetype: modify add: aci diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index 33c68c8f5..135b346bc 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -76,16 +76,6 @@ def get_suffix(): suffix = l.normalize_dn(util.realm_to_suffix(get_realm_name())) return suffix -def get_host_name(): - hostname = installutils.get_fqdn() - try: - installutils.verify_fqdn(hostname) - except RuntimeError, e: - logging.error(str(e)) - sys.exit(1) - - return hostname - def test_connection(host): """ Make a GSSAPI connection to the remote LDAP server to test out credentials. @@ -114,41 +104,55 @@ def list_masters(replman, verbose): print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastinitend)) print " last update status: %s" % entry.nsds5replicalastupdatestatus print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend)) - + def del_master(replman, hostname, force=False): + has_repl_agreement = True try: t = replman.get_agreement_type(hostname) except ldap.NO_SUCH_OBJECT: print "No replication agreement found for '%s'" % hostname - return + if force: + has_repl_agreement = False + else: + return except errors.NotFound: print "No replication agreement found for '%s'" % hostname - return + if force: + has_repl_agreement = False + else: + return - # Delete the remote agreement first - if t == replication.IPA_REPLICA: - failed = False - try: - other_replman = replication.ReplicationManager(hostname, replman.dirman_passwd) - other_replman.suffix = get_suffix() - other_replman.delete_agreement(replman.conn.host) - except ldap.LDAPError, e: - desc = e.args[0]['desc'].strip() - info = e.args[0].get('info', '').strip() - print "Unable to remove agreement on %s: %s: %s" % (hostname, desc, info) - failed = True - except Exception, e: - print "Unable to remove agreement on %s: %s" % (hostname, str(e)) - failed = True + if has_repl_agreement: + # Delete the remote agreement first + if t == replication.IPA_REPLICA: + failed = False + try: + other_replman = replication.ReplicationManager(hostname, replman.dirman_passwd) + other_replman.suffix = get_suffix() + other_replman.delete_agreement(replman.conn.host) + except ldap.LDAPError, e: + desc = e.args[0]['desc'].strip() + info = e.args[0].get('info', '').strip() + print "Unable to remove agreement on %s: %s: %s" % (hostname, desc, info) + failed = True + except Exception, e: + print "Unable to remove agreement on %s: %s" % (hostname, str(e)) + failed = True - if failed: - if force: - print "Forcing removal on local server" - else: - return + if failed: + if force: + print "Forcing removal on local server" + else: + return - # Delete the local agreement - replman.delete_agreement(hostname) + # Delete the local agreement + replman.delete_agreement(hostname) + + try: + replman.replica_cleanup(hostname, get_realm_name(), force=True) + except Exception, e: + print "Failed to cleanup %s entries: %s" % (hostname, str(e)) + print "You may need to manually remove them from the tree" def add_master(replman, hostname, options): other_args = {} @@ -210,13 +214,13 @@ def synch_master(replman, hostname): def main(): options, args = parse_options() - + dirman_passwd = None if options.host: host = options.host else: - host = get_host_name() + host = installutils.get_fqdn() if options.dirman_passwd: dirman_passwd = options.dirman_passwd |