From f52d471aa7d9dfbb1553bcf58e1279459bc6986b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Fri, 26 Apr 2013 15:21:35 +0200
Subject: Add schema updater based on IPA schema files

The new updater is run as part of `ipa-ldap-updater --upgrade`
and `ipa-ldap-updater --schema` (--schema is a new option).
The --schema-file option to ipa-ldap-updater may be used (multiple
times) to select a non-default set of schema files to update against.

The updater adds an X-ORIGIN tag with the current IPA version to
all elements it adds or modifies.

https://fedorahosted.org/freeipa/ticket/3454
---
 ipapython/ipaldap.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ipapython/ipaldap.py')

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 339da25c..1d392497 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -1768,6 +1768,12 @@ class LDAPClient(object):
                     if not force_replace:
                         modlist.append((ldap.MOD_DELETE, k, rems))
 
+        # Usually the modlist order does not matter.
+        # However, for schema updates, we want 'attributetypes' before
+        # 'objectclasses'.
+        # A simple sort will ensure this.
+        modlist.sort(key=lambda m: m[1].lower())
+
         return modlist
 
     def update_entry(self, entry, entry_attrs=None):
-- 
cgit