diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-02-22 16:02:19 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-02-23 15:54:59 +0100 |
commit | ecf544ea0b5e5f8cc8b1339268bb85da90a03f03 (patch) | |
tree | 11b2b0715def3b0862d66078cee62f712f3e53f3 /ipaserver/install/replication.py | |
parent | b9e368553421e4ca7052ffbd4ce01926e8519196 (diff) | |
download | freeipa.git-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.gz freeipa.git-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.tar.xz freeipa.git-ecf544ea0b5e5f8cc8b1339268bb85da90a03f03.zip |
Make sure memberof is in replication attribute exclusion list.
A previous bug caused this attribute to not be added which would lead
to unnecessary replication. This runs as an updater plugin.
https://fedorahosted.org/freeipa/ticket/2223
Diffstat (limited to 'ipaserver/install/replication.py')
-rw-r--r-- | ipaserver/install/replication.py | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 6f637251..b36fbf8d 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -100,7 +100,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): class ReplicationManager(object): """Manage replication agreements between DS servers, and sync agreements with Windows servers""" - def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=False): + def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=False, conn=None): self.hostname = hostname self.port = port self.dirman_passwd = dirman_passwd @@ -110,18 +110,23 @@ class ReplicationManager(object): self.suffix = str(DN(tmp)).lower() self.need_memberof_fixup = False - # If we are passed a password we'll use it as the DM password - # otherwise we'll do a GSSAPI bind. - if starttls: - self.conn = ipaldap.IPAdmin(hostname, port=port) - ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERT) - self.conn.start_tls_s() - else: - self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT) - if dirman_passwd: - self.conn.do_simple_bind(bindpw=dirman_passwd) + # The caller is allowed to pass in an existing IPAdmin connection. + # Open a new one if not provided + if conn is None: + # If we are passed a password we'll use it as the DM password + # otherwise we'll do a GSSAPI bind. + if starttls: + self.conn = ipaldap.IPAdmin(hostname, port=port) + ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERT) + self.conn.start_tls_s() + else: + self.conn = ipaldap.IPAdmin(hostname, port=port, cacert=CACERT) + if dirman_passwd: + self.conn.do_simple_bind(bindpw=dirman_passwd) + else: + self.conn.do_sasl_gssapi_bind() else: - self.conn.do_sasl_gssapi_bind() + self.conn = conn self.repl_man_passwd = dirman_passwd |