freeipa.git/daemons/ipa-slapi-plugins/topology, branch kdc-fixes FreeIPA patches allow deletion of segment if endpoint is not managed 2015-07-02T09:54:01+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-07-01T09:55:13+00:00 6f916b0ac96726eb0219a67f8a06c7df7e59cc86 in the preop check do not reject the deletion of a segment, if not both endpoints are managed servers for the suffix thisis part of work for ticlet #5072 Reviewed-By: Simo Sorce <ssorce@redhat.com> 
in the preop check do not reject the deletion of a segment, if not both endpoints
are managed servers for the suffix

thisis part of work for ticlet #5072

Reviewed-By: Simo Sorce <ssorce@redhat.com>
v2 improve processing of invalid data. 2015-07-01T10:29:24+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-30T14:02:16+00:00 5b76df4e7335c723f3fb14ef809e4d71e53509c9 reject attempts to add segments to suffixes, which do not exist or are not configured. check completenes and validity of segment attributes cf ticket 5088: https://fedorahosted.org/freeipa/ticket/5088 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
    reject attempts to add segments to suffixes, which do not exist or are not configured.
    check completenes and validity of segment attributes

    cf ticket 5088: https://fedorahosted.org/freeipa/ticket/5088

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
v2 clear start attr from segment after initialization 2015-06-30T10:47:50+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-30T09:27:50+00:00 bb1f45b7f093bcc07094cf65b66189125fa44bc7 Online initialization can be triggered by setting "nsds5BeginReplicaRefresh[;left|;right]": start to a segment. But this field remained in the segment and after restart the init would be executed again. see Ticket #5065 To fix this the field is cleared: - after a backend comes back online after being initialized - since there is a delay and the sending server could be restarted in between, the field is also scheced and renḿoved at startup Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
    Online initialization can be triggered by setting "nsds5BeginReplicaRefresh[;left|;right]": start to a
    segment. But this field remained in the segment and after restart the init would be executed again.
    see Ticket #5065

    To fix this the field is cleared:
    - after a backend comes back online after being initialized
    - since there is a delay and the sending server could be restarted in between,
        the field is also scheced and renḿoved at startup

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
fix coverity issues 2015-06-29T15:17:29+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-16T09:14:37+00:00 5e92c981b0e433ee28b953d222a1b531b525ff1c Reviewed-By: Martin Basti <mbasti@redhat.com> 
Reviewed-By: Martin Basti <mbasti@redhat.com>
correct management of one directional segments 2015-06-29T11:52:34+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-16T08:25:22+00:00 a86f2b3c624335a8f6bb211d52dc17b490b80d25 this patch contains the following improvements: check for existing segments works for all combinations of one directional and bidirectional segments rdns of replication agreements generated from one directional segments are preserves after merging of segments, so that deletion of the segment deletes the corresponding replication agreements Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
    this patch contains the following improvements:
    check for existing segments works for all combinations of one directional and bidirectional segments
    rdns of replication agreements generated from one directional segments are preserves after
        merging of segments, so that deletion of the segment deletes the corresponding replication
        agreements

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
v2-reject modifications of endpoints and connectivity of a segment 2015-06-11T11:58:02+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-11T09:22:19+00:00 056518ab1af36fa4a8d7b4450616145aa0dbfd16 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
make sure the agremment rdn match the rdn used in the segment 2015-06-11T11:58:02+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-10T13:53:16+00:00 b3c2a4b810bfe31dc544648de8fe98dbb84ec320 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
move replications managers group to cn=sysaccounts,cn=etc,$SUFFIX 2015-06-11T10:10:40+00:00 Petr Vobornik pvoborni@redhat.com 2015-06-04T12:18:37+00:00 7cf82cf9aac6cc5ecb8d575ce4f141ab2afa85a2 https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4302

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
check for existing and self referential segments 2015-06-10T12:32:26+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-03T12:22:52+00:00 777a9500ceba11e6adbd85306f460e8a320504cb Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
crash when removing a replica 2015-06-04T09:42:44+00:00 Ludwig Krispenz lkrispen@redhat.com 2015-06-02T07:29:23+00:00 f87324df546055df1e7d038e63c04bb0d2250f55 when a server is removed from the topology the plugin tries to remove the credentials from the replica and the bind dn group. It performs an internal search for the ldap principal, but can fail if it was already removed Due to an unitialized variable in this case it can eitehr crash or erroneously remove all principals. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
when a server is removed from the topology the plugin tries to remove the
credentials from the replica and the bind dn group.
It performs an internal search for the ldap principal, but can fail if it was already removed
Due to an unitialized variable in this case it can eitehr crash or erroneously remove all
principals.

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>