From 41cbea0026b191d8410af2cf00a71aad5357f43f Mon Sep 17 00:00:00 2001 From: Ludwig Krispenz Date: Thu, 6 Aug 2015 16:40:52 +0200 Subject: handle multiple managed suffixes trigger topology updaet if suffix entry is added trigger topology update if managedSuffix is modified in host entry --- daemons/ipa-slapi-plugins/topology/topology.h | 13 +- daemons/ipa-slapi-plugins/topology/topology_agmt.c | 12 +- daemons/ipa-slapi-plugins/topology/topology_cfg.c | 4 +- daemons/ipa-slapi-plugins/topology/topology_init.c | 24 ++-- daemons/ipa-slapi-plugins/topology/topology_post.c | 13 +- daemons/ipa-slapi-plugins/topology/topology_pre.c | 54 ++++++++ daemons/ipa-slapi-plugins/topology/topology_util.c | 142 +++++++++++++++++---- install/share/70topology.ldif | 2 +- install/share/topology-entries.ldif | 3 + ipaserver/install/dsinstance.py | 3 + 10 files changed, 219 insertions(+), 51 deletions(-) diff --git a/daemons/ipa-slapi-plugins/topology/topology.h b/daemons/ipa-slapi-plugins/topology/topology.h index be9737679..65583a99c 100644 --- a/daemons/ipa-slapi-plugins/topology/topology.h +++ b/daemons/ipa-slapi-plugins/topology/topology.h @@ -90,8 +90,10 @@ typedef struct topo_replica { struct topo_replica *next; Slapi_Mutex *repl_lock; char *shared_config_base; - Slapi_DN *shared_config_sdn; char *repl_root; + char *strip_attrs; + char *total_attrs; + char *repl_attrs; TopoReplicaSegmentList *repl_segments; TopoReplicaHost *hosts; } TopoReplica; @@ -227,6 +229,10 @@ int ipa_topo_setup_gssapi_agmt(char *hostname, TopoReplica *repl_conf, TopoReplicaAgmt *agmt); void ipa_topo_queue_apply_shared_config(time_t event_time, void *arg); int ipa_topo_apply_shared_config(void); +int ipa_topo_apply_shared_replica_config(TopoReplica *replica_config); +void ipa_topo_util_suffix_init(Slapi_Entry *config); +void ipa_topo_util_suffix_update(Slapi_Entry *config_post, Slapi_Entry *config_pre, + LDAPMod **mods); int ipa_topo_setup_managed_servers(void); int ipa_topo_util_start(int delay); int ipa_topo_util_update_agmt_list(TopoReplica *repl_conf, @@ -274,10 +280,12 @@ int ipa_topo_util_agmt_is_marked(Slapi_Entry * repl_agmt); char *ipa_topo_agmt_attr_is_managed(char *type, char *direction); int ipa_topo_cfg_attr_is_restricted(char *type); int ipa_topo_util_setup_servers(void); -void ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry); +void ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname); char *ipa_topo_util_get_ldap_principal(char *repl_root, char *hostname); void ipa_topo_util_disable_repl_for_principal(char *repl_root, char *principal); +void ipa_topo_util_add_host(Slapi_Entry *hostentry); void ipa_topo_util_delete_host(Slapi_Entry *hostentry); +void ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods); void ipa_topo_util_disable_repl_from_host(char *repl_root, char *delhost); void ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost); @@ -293,6 +301,7 @@ TopoReplicaSegment *ipa_topo_util_segment_from_entry(TopoReplica *conf, TopoReplicaSegment *ipa_topo_util_find_segment(TopoReplica *conf, Slapi_Entry *entry); TopoReplica *ipa_topo_util_conf_from_entry(Slapi_Entry *entry); +TopoReplica *ipa_topo_util_replica_init(Slapi_Entry *entry); TopoReplica *ipa_topo_util_get_conf_for_segment(Slapi_Entry *segment_entry); Slapi_Entry *ipa_topo_util_get_entry(char *dn); int ipa_topo_util_modify(Slapi_DN *entrySDN, Slapi_Mods *smods); diff --git a/daemons/ipa-slapi-plugins/topology/topology_agmt.c b/daemons/ipa-slapi-plugins/topology/topology_agmt.c index 05edad342..6c8308a0a 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_agmt.c +++ b/daemons/ipa-slapi-plugins/topology/topology_agmt.c @@ -228,20 +228,20 @@ ipa_topo_agmt_setup(char *hostname, TopoReplica *conf, } if (agmt->repl_attrs) { slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList",agmt->repl_attrs); - } else { - slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList", REPL_ATTR_LIST); + } else if (conf->repl_attrs) { + slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList",conf->repl_attrs); } if (agmt->strip_attrs) { slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", agmt->strip_attrs); - } else { - slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", REPL_ATTR_STRIP); + } else if (conf->strip_attrs) { + slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", conf->strip_attrs); } if (agmt->total_attrs) { slapi_entry_add_string(e, "nsDS5ReplicatedAttributeListTotal", agmt->total_attrs); - } else { + } else if (conf->total_attrs) { slapi_entry_add_string(e, "nsDS5ReplicatedAttributeListTotal", - REPL_ATTR_LIST_TOTAL); + conf->total_attrs); } pb = slapi_pblock_new(); diff --git a/daemons/ipa-slapi-plugins/topology/topology_cfg.c b/daemons/ipa-slapi-plugins/topology/topology_cfg.c index 9c4b02ba3..d211f20f6 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_cfg.c +++ b/daemons/ipa-slapi-plugins/topology/topology_cfg.c @@ -809,6 +809,9 @@ ipa_topo_cfg_replica_new(void) topoRepl->next = NULL; topoRepl->repl_segments = NULL; topoRepl->repl_root = NULL; + topoRepl->strip_attrs = NULL; + topoRepl->total_attrs = NULL; + topoRepl->repl_attrs = NULL; topoRepl->shared_config_base = NULL; topoRepl->hosts = NULL; topoRepl->repl_lock = slapi_new_mutex(); @@ -851,7 +854,6 @@ ipa_topo_cfg_replica_free(TopoReplica *tconf) slapi_destroy_mutex(tconf->repl_lock); slapi_ch_free_string(&tconf->shared_config_base); slapi_ch_free_string(&tconf->repl_root); - slapi_sdn_free(&tconf->shared_config_sdn); seg = tconf->repl_segments; while (seg) { seg_next = seg->next; diff --git a/daemons/ipa-slapi-plugins/topology/topology_init.c b/daemons/ipa-slapi-plugins/topology/topology_init.c index 073e4bf42..de53ad69e 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_init.c +++ b/daemons/ipa-slapi-plugins/topology/topology_init.c @@ -13,7 +13,6 @@ static int ipa_topo_close(Slapi_PBlock * pb); static int ipa_topo_preop_init(Slapi_PBlock *pb); static int ipa_topo_postop_init(Slapi_PBlock *pb); static int ipa_topo_internal_postop_init(Slapi_PBlock *pb); -static int ipa_topo_apply_shared_replica_config(char *replica_root); static int ipa_topo_rootdse_init(Slapi_PBlock *pb); static int ipa_topo_rootdse_search(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, @@ -147,6 +146,7 @@ ipa_topo_apply_shared_config(void) int i = 0; int rc = 0; char **shared_replica_root = NULL; + TopoReplica *replica_config = NULL; while (0 == ipa_topo_acquire_startup_inprogress()) { DS_Sleep(1); @@ -154,7 +154,14 @@ ipa_topo_apply_shared_config(void) shared_replica_root = ipa_topo_get_plugin_replica_root(); while (rc == 0 && shared_replica_root[i]) { - rc = ipa_topo_apply_shared_replica_config(shared_replica_root[i]); + /* get replica onfig entry from shared tree */ + replica_config = ipa_topo_util_get_replica_conf(shared_replica_root[i]); + if (NULL == replica_config) { + slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, + "cannot find replica entry for: %s\n", shared_replica_root[i]); + } else { + rc = ipa_topo_apply_shared_replica_config(replica_config); + } i++; } /* initialize the list of managed servers */ @@ -176,21 +183,16 @@ ipa_topo_apply_shared_config(void) return (rc); } -static int -ipa_topo_apply_shared_replica_config(char *replica_root) +int +ipa_topo_apply_shared_replica_config(TopoReplica *replica_config) { - TopoReplica *replica_config = NULL; TopoReplicaSegmentList *replica_segments = NULL; int rc = 0; - /* step 1. get replica onfig entry from shared tree - * search replica entry for replcia root below shared config base - */ - replica_config = ipa_topo_util_get_replica_conf(replica_root); if (replica_config) { - /* step 2. get all segments for the replica from the shared config */ + /* get all segments for the replica from the shared config */ replica_segments = ipa_topo_util_get_replica_segments(replica_config); - /* step 3. get all replication agreements for replica root */ + /* get all replication agreements for replica root */ rc = ipa_topo_util_update_agmt_list(replica_config, replica_segments); } return (rc); diff --git a/daemons/ipa-slapi-plugins/topology/topology_post.c b/daemons/ipa-slapi-plugins/topology/topology_post.c index 4eb3c2fd1..5e9418933 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_post.c +++ b/daemons/ipa-slapi-plugins/topology/topology_post.c @@ -64,6 +64,7 @@ ipa_topo_post_add(Slapi_PBlock *pb) switch (entry_type) { case TOPO_CONFIG_ENTRY: /* initialize the shared topology data for a replica */ + ipa_topo_util_suffix_init(add_entry); break; case TOPO_SEGMENT_ENTRY: { TopoReplicaSegment *tsegm = NULL; @@ -103,7 +104,7 @@ ipa_topo_post_add(Slapi_PBlock *pb) * a segment which so far was inactive since * the host was not managed */ - ipa_topo_util_update_segments_for_host(add_entry); + ipa_topo_util_add_host(add_entry); break; } case TOPO_DOMLEVEL_ENTRY: { @@ -135,6 +136,7 @@ ipa_topo_post_mod(Slapi_PBlock *pb) int entry_type; Slapi_Entry *mod_entry = NULL; Slapi_Entry *pre_entry = NULL; + LDAPMod **mods; slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "--> ipa_topo_post_mod\n"); @@ -142,6 +144,7 @@ ipa_topo_post_mod(Slapi_PBlock *pb) /* 1. get entry */ slapi_pblock_get(pb,SLAPI_ENTRY_POST_OP,&mod_entry); slapi_pblock_get(pb,SLAPI_ENTRY_PRE_OP,&pre_entry); + slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); if (mod_entry == NULL || pre_entry == NULL) { slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "no entry\n"); @@ -158,9 +161,9 @@ ipa_topo_post_mod(Slapi_PBlock *pb) switch (entry_type) { case TOPO_CONFIG_ENTRY: + ipa_topo_util_suffix_update(mod_entry, pre_entry, mods); break; case TOPO_SEGMENT_ENTRY: { - LDAPMod **mods; TopoReplica *tconf = ipa_topo_util_get_conf_for_segment(mod_entry); TopoReplicaSegment *tsegm = NULL; if (tconf) tsegm = ipa_topo_util_find_segment(tconf, pre_entry); @@ -169,7 +172,6 @@ ipa_topo_post_mod(Slapi_PBlock *pb) "ipa_topo_post_mod - segment to be modified does not exist\n"); break; } - slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); ipa_topo_util_segment_update(tconf, tsegm, mods,ipa_topo_get_plugin_hostname()); ipa_topo_util_existing_agmts_update(tconf, tsegm, mods, ipa_topo_get_plugin_hostname()); @@ -191,7 +193,10 @@ ipa_topo_post_mod(Slapi_PBlock *pb) slapi_ch_free_string(&domlevel); break; } - case TOPO_HOST_ENTRY: + case TOPO_HOST_ENTRY: { + ipa_topo_util_update_host(mod_entry, mods); + break; + } case TOPO_IGNORE_ENTRY: break; } diff --git a/daemons/ipa-slapi-plugins/topology/topology_pre.c b/daemons/ipa-slapi-plugins/topology/topology_pre.c index 952068e7d..96874adf2 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_pre.c +++ b/daemons/ipa-slapi-plugins/topology/topology_pre.c @@ -75,6 +75,34 @@ ipa_topo_is_agmt_attr_restricted(Slapi_PBlock *pb) } return rc; } +int +ipa_topo_is_invalid_managed_suffix(Slapi_PBlock *pb) +{ + LDAPMod **mods; + int i; + int rc = 0; + + slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods); + for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) { + if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) { + switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) { + case LDAP_MOD_DELETE: + /* only deletion of specific valuses supported */ + if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) { + rc = 1; + } + break; + case LDAP_MOD_ADD: + break; + case LDAP_MOD_REPLACE: + rc = 1; + break; + } + } + } + return rc; +} + int ipa_topo_is_segm_attr_restricted(Slapi_PBlock *pb) { @@ -373,6 +401,28 @@ ipa_topo_check_segment_updates(Slapi_PBlock *pb) return rc; } +int +ipa_topo_check_host_updates(Slapi_PBlock *pb) +{ + int rc = 0; + Slapi_Entry *mod_entry; + char *pi; + + /* we have to check if the operation is triggered by the + * topology plugin itself - allow it + */ + slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi); + if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) { + return 0; + } + slapi_pblock_get(pb,SLAPI_MODIFY_EXISTING_ENTRY,&mod_entry); + if (TOPO_HOST_ENTRY == ipa_topo_check_entry_type(mod_entry) && + (ipa_topo_is_invalid_managed_suffix(pb))) { + rc = 1; + } + return rc; +} + int ipa_topo_check_topology_disconnect(Slapi_PBlock *pb) { @@ -502,6 +552,10 @@ ipa_topo_pre_mod(Slapi_PBlock *pb) /* some updates to segments are not supported */ errtxt = slapi_ch_smprintf("Modification of connectivity and segment nodes " " is not supported.\n"); + } else if (ipa_topo_check_host_updates(pb)) { + /* some updates to segments are not supported */ + errtxt = slapi_ch_smprintf("Modification of managed suffixes must explicitely " + " list suffix.\n"); } if (errtxt) { int rc = LDAP_UNWILLING_TO_PERFORM; diff --git a/daemons/ipa-slapi-plugins/topology/topology_util.c b/daemons/ipa-slapi-plugins/topology/topology_util.c index 523f6123c..cc82530bf 100644 --- a/daemons/ipa-slapi-plugins/topology/topology_util.c +++ b/daemons/ipa-slapi-plugins/topology/topology_util.c @@ -182,10 +182,7 @@ ipa_topo_util_get_replica_conf(char *repl_root) "ipa_topo_util_get_replica_conf: " "server configuration missing\n"); } else { - topoRepl = ipa_topo_cfg_replica_new(); - topoRepl->shared_config_base = - slapi_ch_strdup(slapi_entry_get_dn_const(entries[0])); - topoRepl->repl_root = slapi_ch_strdup(repl_root); + topoRepl = ipa_topo_util_replica_init(entries[0]); } } slapi_ch_free_string(&filter); @@ -424,6 +421,7 @@ ipa_topo_util_segm_from_agmt(Slapi_Entry *repl_agmt) agmt->origin = slapi_ch_strdup(segment->from); agmt->target = slapi_ch_strdup(segment->to); + agmt->rdn = slapi_entry_attr_get_charptr(repl_agmt, "cn"); agmt->repl_timeout = slapi_entry_attr_get_charptr(repl_agmt, "nsds5replicatimeout"); agmt->repl_root = slapi_entry_attr_get_charptr(repl_agmt, "nsds5replicaroot"); @@ -456,6 +454,21 @@ ipa_topo_util_get_conf_for_segment(Slapi_Entry *segment_entry) return tconf; } +TopoReplica * +ipa_topo_util_replica_init(Slapi_Entry *conf) +{ + TopoReplica *topoRepl = NULL; + topoRepl = ipa_topo_cfg_replica_new(); + if (topoRepl) { + topoRepl->shared_config_base = slapi_ch_strdup(slapi_entry_get_dn_const(conf)); + topoRepl->repl_root = slapi_entry_attr_get_charptr(conf,"ipaReplTopoConfRoot"); + topoRepl->repl_attrs = slapi_entry_attr_get_charptr(conf, "nsDS5ReplicatedAttributeList"); + topoRepl->strip_attrs = slapi_entry_attr_get_charptr(conf, "nsds5ReplicaStripAttrs"); + topoRepl->total_attrs = slapi_entry_attr_get_charptr(conf, "nsDS5ReplicatedAttributeListTotal"); + } + return topoRepl; +} + TopoReplica * ipa_topo_util_conf_from_entry(Slapi_Entry *entry) { @@ -1288,11 +1301,10 @@ ipa_topo_util_agmt_is_marked(Slapi_Entry *repl_agmt) } void -ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry) +ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname) { int rc = 0; int nentries; - char* newhost = NULL; Slapi_Entry **entries; Slapi_Entry *repl_agmt; Slapi_PBlock *pb = NULL; @@ -1302,11 +1314,10 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry) * Since the host was not yet managed new segments ghave to be * created */ - newhost = slapi_entry_attr_get_charptr(hostentry,"cn"); pb = slapi_pblock_new(); - filter = slapi_ch_smprintf("(&(objectclass=nsds5replicationagreement)(nsds5replicahost=%s))", - newhost); + filter = slapi_ch_smprintf("(&(objectclass=nsds5replicationagreement)(nsds5replicahost=%s)(nsds5replicaroot=%s))", + hostname, conf->repl_root); slapi_search_internal_set_pb(pb, "cn=config", LDAP_SCOPE_SUB, filter, NULL, 0, NULL, NULL, ipa_topo_get_plugin_id(), 0); @@ -1317,15 +1328,15 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry) slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "ipa_topo_util_update_segments_for_host: " "no replication agreeements for host %s: error %d\n", - newhost, rc); - goto error_return; + hostname, rc); + return; } else { slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); if (NULL == entries || NULL == entries[0]) { slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "ipa_topo_util_update_segments_for_host: " "no agrements found\n"); - goto error_return; + return; } } @@ -1333,9 +1344,8 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry) nentries = 0; repl_agmt = entries[0]; while (repl_agmt) { - TopoReplica *conf = NULL; - TopoReplicaSegment *topo_segm; - char *repl_root = NULL; + TopoReplicaSegment *topo_segm = NULL; + TopoReplicaAgmt *topo_agmt = NULL; slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "ipa_topo_util_update_segments_for_host: " @@ -1343,27 +1353,29 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry) slapi_entry_get_dn_const(repl_agmt)); /* generate segment from agreement */ - repl_root = slapi_entry_attr_get_charptr(repl_agmt,"nsds5replicaroot"); - conf = ipa_topo_cfg_replica_find(repl_root,1); - if (conf == NULL) goto next_agmt; topo_segm = ipa_topo_util_segm_from_agmt(repl_agmt); rc = ipa_topo_util_segment_write(conf, topo_segm); if (rc != 0) { slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "ipa_topo_util_update_segments_for_host: " "failed to write segment for host %s: error %d\n", - newhost, rc); + hostname, rc); } rc = ipa_topo_util_agmt_mark(conf, repl_agmt, topo_segm); if (rc != 0) { slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "ipa_topo_util_update_segments_for_host: " "failed to mark agreement for host %s: error %d\n", - newhost, rc); + hostname, rc); + } + /* segment has been recreated and added during postp of segment_write + * but the correct agreement rdn was lost, set it now */ + topo_agmt = ipa_topo_util_find_segment_agmt(conf->repl_segments, + ipa_topo_get_plugin_hostname(), + hostname); + if (topo_agmt) { + ipa_topo_util_set_agmt_rdn(topo_agmt, repl_agmt); } - ipa_topo_cfg_segment_add(conf, topo_segm); -next_agmt: - slapi_ch_free_string(&repl_root); repl_agmt = entries[++nentries]; } @@ -1371,9 +1383,6 @@ next_agmt: slapi_free_search_results_internal(pb); slapi_pblock_destroy(pb); -error_return: - slapi_ch_free_string(&newhost); - } void @@ -1432,6 +1441,61 @@ ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost) "ipa_topo_util_delete_segments_for_host <-- done\n"); } + +void +ipa_topo_util_add_managed_host(char *suffix, char *addhost) +{ + TopoReplica *conf = ipa_topo_cfg_replica_find(suffix,1); + if (conf) { + ipa_topo_util_update_segments_for_host(conf, addhost); + } +} + +void +ipa_topo_util_add_host(Slapi_Entry *hostentry) +{ + char* addhost = NULL; + char **suffixes = NULL; + int i=0; + addhost = slapi_entry_attr_get_charptr(hostentry,"cn"); + suffixes = slapi_entry_attr_get_charray(hostentry,"ipaReplTopoManagedSuffix"); + while (suffixes && suffixes[i]) { + ipa_topo_util_add_managed_host(suffixes[i], addhost); + i++; + } + slapi_ch_free_string(&addhost); + slapi_ch_array_free(suffixes); +} + + +void +ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods) +{ + char* modhost = NULL; + int i, j; + + modhost = slapi_entry_attr_get_charptr(hostentry,"cn"); + for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) { + if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) { + switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) { + case LDAP_MOD_DELETE: + /* preop check ensures we have valuses */ + if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) { + } + break; + case LDAP_MOD_ADD: + for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) { + ipa_topo_util_add_managed_host(mods[i]->mod_bvalues[j]->bv_val, modhost); + } + break; + case LDAP_MOD_REPLACE: + break; + } + } + } + slapi_ch_free_string(&modhost); +} + void ipa_topo_util_delete_host(Slapi_Entry *hostentry) { @@ -1673,3 +1737,29 @@ ipa_topo_util_reset_init(char *repl_root) slapi_mods_free(&smods); } } + +void +ipa_topo_util_suffix_init(Slapi_Entry *config_entry) +{ + int rc = 0; + TopoReplica *topoRepl = NULL; + char *repl_suffix = slapi_entry_attr_get_charptr(config_entry,"ipaReplTopoConfRoot"); + if (repl_suffix) { + topoRepl = ipa_topo_util_replica_init(config_entry); + if (topoRepl) { + rc = ipa_topo_cfg_replica_add(topoRepl); + rc = ipa_topo_apply_shared_replica_config(topoRepl); + if (rc) + slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, + "ipa_topo_util_suffix_init: failed to init suffix %s\n", repl_suffix); + } + } + slapi_ch_free_string(&repl_suffix); +} + + +void +ipa_topo_util_suffix_update(Slapi_Entry *config_post, Slapi_Entry *config_pre, + LDAPMod **mods) +{ +} diff --git a/install/share/70topology.ldif b/install/share/70topology.ldif index 5a13255ac..b1b8cf66a 100644 --- a/install/share/70topology.ldif +++ b/install/share/70topology.ldif @@ -9,7 +9,7 @@ attributetypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatus' D attributetypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGenerated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' ) attributetypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgreementState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' ) attributetypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffix' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' ) -objectclasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( cn $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal ) X-ORIGIN 'Free IPA' ) +objectclasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( cn $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5ReplicaStripAttrs) X-ORIGIN 'Free IPA' ) objectclasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDirection $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode) MAY ( cn $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefresh $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X-ORIGIN 'Free IPA' ) objectclasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreement' DESC 'marker objectclass for managed replication agreements' SUP top AUXILIARY MAY ( ipaReplTopoManagedAgreementState ) X-ORIGIN 'Free IPA' ) objectclasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ( ipaReplTopoManagedSuffix ) X-ORIGIN 'Free IPA' ) diff --git a/install/share/topology-entries.ldif b/install/share/topology-entries.ldif index 5ee4f617a..0f92a8826 100644 --- a/install/share/topology-entries.ldif +++ b/install/share/topology-entries.ldif @@ -10,4 +10,7 @@ changetype: add objectclass: top objectclass: iparepltopoconf ipaReplTopoConfRoot: $SUFFIX +nsDS5ReplicatedAttributeList: $EXCLUDES +nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES +nsds5ReplicaStripAttrs: $STRIP_ATTRS cn: realm diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 45a523e9b..3fffe9a0a 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -407,6 +407,9 @@ class DsInstance(service.Service): DOMAIN_LEVEL=self.domainlevel, MAX_DOMAIN_LEVEL=constants.MAX_DOMAIN_LEVEL, MIN_DOMAIN_LEVEL=constants.MIN_DOMAIN_LEVEL, + STRIP_ATTRS=" ".join(replication.STRIP_ATTRS), + EXCLUDES='(objectclass=*) $ EXCLUDE %s' % " ".join(replication.EXCLUDES), + TOTAL_EXCLUDES='(objectclass=*) $ EXCLUDE %s' % " ".join(replication.TOTAL_EXCLUDES), ) def __create_instance(self): -- cgit