diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-03-02 12:10:27 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-03-02 16:46:03 +0100 |
| commit | 5cc1e63b95de634d348b273efd930893993c382a (patch) | |
| tree | 1c9745c57e0cbbb604c606898646df6a70763499 | |
| parent | 418cf117002cc44f475ebe9cbb946b9f7abb89f7 (diff) | |
| download | freeipa.git-5cc1e63b95de634d348b273efd930893993c382a.tar.gz freeipa.git-5cc1e63b95de634d348b273efd930893993c382a.tar.xz freeipa.git-5cc1e63b95de634d348b273efd930893993c382a.zip | |
Remove memberPrincipal for deleted replicas
When a replica is deleted, its memberPrincipal entries in
cn=s4u2proxy,cn=etc,SUFFIX were not removed. Then, if the replica
is reinstalled and connected again, the installer would report
an error with duplicate value in LDAP.
This patch extends replica cleanup procedure to remove replica
principal from s4u2proxy configuration.
https://fedorahosted.org/freeipa/ticket/2451
| -rw-r--r-- | ipalib/constants.py | 1 | ||||
| -rw-r--r-- | ipaserver/install/replication.py | 24 |
2 files changed, 23 insertions, 2 deletions
diff --git a/ipalib/constants.py b/ipalib/constants.py index 3c63739f..dc32533e 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -100,6 +100,7 @@ DEFAULT_CONFIG = ( ('container_entitlements', 'cn=entitlements,cn=etc'), ('container_automember', 'cn=automember,cn=etc'), ('container_selinux', 'cn=usermap,cn=selinux'), + ('container_s4u2proxy', 'cn=s4u2proxy,cn=etc'), # Ports, hosts, and URIs: # FIXME: let's renamed xmlrpc_uri to rpc_xml_uri diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 9247b58f..7e89eeb4 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -27,8 +27,7 @@ from ipaserver import ipaldap from ipapython import services as ipaservices import installutils from ldap import modlist -from ipalib import util -from ipalib import errors +from ipalib import api, util, errors from ipapython import ipautil from ipalib.dn import DN @@ -941,6 +940,27 @@ class ReplicationManager(object): else: err = e + # remove replica memberPrincipal from s4u2proxy configuration + dn1 = DN(u'cn=ipa-http-delegation', api.env.container_s4u2proxy, self.suffix) + member_principal1 = "HTTP/%(fqdn)s@%(realm)s" % dict(fqdn=replica, realm=realm) + + dn2 = DN(u'cn=ipa-ldap-delegation-targets', api.env.container_s4u2proxy, self.suffix) + member_principal2 = "ldap/%(fqdn)s@%(realm)s" % dict(fqdn=replica, realm=realm) + + for (dn, member_principal) in ((str(dn1), member_principal1), + (str(dn2), member_principal2)): + try: + mod = [(ldap.MOD_DELETE, 'memberPrincipal', member_principal)] + self.conn.modify_s(dn, mod) + except (ldap.NO_SUCH_OBJECT, ldap.NO_SUCH_ATTRIBUTE): + root_logger.debug("Replica (%s) memberPrincipal (%s) not found in %s" % \ + (replica, member_principal, dn)) + except Exception, e: + if not force: + raise e + elif not err: + err = e + # delete master entry with all active services try: dn = 'cn=%s,cn=masters,cn=ipa,cn=etc,%s' % (replica, self.suffix) |