From 463407ac6fb683b85866e39080cebe47b8c89fbc Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Mon, 11 Feb 2013 16:26:58 +0100
Subject: Make sure attributeTypes updates are done before objectClasses
 updates.

https://fedorahosted.org/freeipa/ticket/3521
---
 ipapython/ipaldap.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ipapython/ipaldap.py')

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 6d298910..4a128e99 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -2009,7 +2009,10 @@ class IPAdmin(LDAPClient):
             # replace any existing schema.
             if old_entry.get('dn', DN()) == DN(('cn', 'schema')):
                 if len(adds) > 0:
-                    modlist.append((ldap.MOD_ADD, key, adds))
+                    if key == 'attributetypes':
+                        modlist.insert(0, (ldap.MOD_ADD, key, adds))
+                    else:
+                        modlist.append((ldap.MOD_ADD, key, adds))
             else:
                 if adds:
                     if force_replace:
-- 
cgit