Move the compat plugin setup at the end of install

The compat plugin was causing deadlocks with the topology plugin. Move its setup at the end of the installation and remove the cn=topology,cn=ipa,cn=etc subtree from its scope. https://pagure.io/freeipa/issue/6821 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Stanislav Laznicka <slaznick@redhat.com> 2017-04-13 09:15:47 +0200
committer: Martin Basti <mbasti@redhat.com> 2017-04-24 17:11:51 +0200
commit: ddbbb1c58e8a4fec8129e7d1e941c54660af6a69 (patch)
tree: 8b792847000d3c1ca62f1986847227dd02317e6e
parent: 0c0af8cf7adf61ef03ba1240ecbdecef7fa15275 (diff)
download: freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.gz
freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.xz
freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.zip
6 files changed, 98 insertions, 106 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 3a34f6eaa..e7fac0c39 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -65,7 +65,6 @@ dist_app_DATA =				\
 	opendnssec_conf.template	\
 	opendnssec_kasp.template	\
 	unique-attributes.ldif		\
-	schema_compat.uldif		\
 	ldapi.ldif			\
 	wsgi.py				\
 	repoint-managed-entries.ldif	\
diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update
deleted file mode 100644
index fbe870340..000000000
--- a/install/updates/10-schema_compat.update
+++ /dev/null
@@ -1,93 +0,0 @@
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
-add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
-add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-# Fix for #4324 (regression of #1309)
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
-remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-
-# We need to add the value in a separate transaction
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-# Change padding for host and userCategory so the pad returns the same value
-# as the original, '' or -.
-dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
-replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
-default:objectClass: top
-default:objectClass: extensibleObject
-default:cn: computers
-default:schema-compat-container-group: cn=compat, $SUFFIX
-default:schema-compat-container-rdn: cn=computers
-default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
-default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
-default:schema-compat-entry-attribute: objectclass=device
-default:schema-compat-entry-attribute: objectclass=ieee802Device
-default:schema-compat-entry-attribute: cn=%{fqdn}
-default:schema-compat-entry-attribute: macAddress=%{macAddress}
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=Schema Compatibility,cn=plugins,cn=config
-# We need to run schema-compat pre-bind callback before
-# other IPA pre-bind callbacks to make sure bind DN is
-# rewritten to the original entry if needed
-add:nsslapd-pluginprecedence: 40
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: uid=%{uid}
-replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
diff --git a/install/share/schema_compat.uldif b/install/updates/80-schema_compat.update
index 66f8ea1c3..06cbcab8a 100644
--- a/install/share/schema_compat.uldif
+++ b/install/updates/80-schema_compat.update
@@ -1,5 +1,6 @@
 #
-# Enable the Schema Compatibility plugin provided by slapi-nis.
+# Setup the Schema Compatibility plugin provided by slapi-nis.
+# This should be done after all other updates have been applied
 #
 # http://slapi-nis.fedorahosted.org/
 #
@@ -126,3 +127,96 @@ default:schema-compat-entry-attribute: macAddress=%{macAddress}
 dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
 only:aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
 
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
+add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
+add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+# Fix for #4324 (regression of #1309)
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
+remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+
+# We need to add the value in a separate transaction
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+# Change padding for host and userCategory so the pad returns the same value
+# as the original, '' or -.
+dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
+replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=Schema Compatibility,cn=plugins,cn=config
+# We need to run schema-compat pre-bind callback before
+# other IPA pre-bind callbacks to make sure bind DN is
+# rewritten to the original entry if needed
+add:nsslapd-pluginprecedence: 40
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: uid=%{uid}
+replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 0ff0edb93..e18d01127 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -9,7 +9,6 @@ app_DATA =				\
 	10-selinuxusermap.update	\
 	10-rootdse.update		\
 	10-uniqueness.update		\
-	10-schema_compat.update		\
 	19-managed-entries.update	\
 	20-aci.update			\
 	20-dna.update			\
@@ -62,6 +61,7 @@ app_DATA =				\
 	73-custodia.update		\
 	73-winsync.update		\
 	73-certmap.update		\
+	80-schema_compat.update \
 	90-post_upgrade_plugins.update	\
 	$(NULL)
 
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index ad41814a3..57f185e23 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -236,7 +236,8 @@ class BasePathNamespace(object):
     HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
     NIS_ULDIF = "/usr/share/ipa/nis.uldif"
     NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
-    SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+    SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
+    SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
     IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
     UPDATES_DIR = "/usr/share/ipa/updates/"
     DICT_WORDS = "/usr/share/dict/words"
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 99a1781ca..403fe8489 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -38,7 +38,6 @@ from ipapython import dogtag
 from ipaserver.install import service
 from ipaserver.install import installutils
 from ipaserver.install import certs
-from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
 from ipaserver.install import upgradeinstance
@@ -281,8 +280,6 @@ class DsInstance(service.Service):
         self.step("configuring Posix uid/gid generation",
                   self.__config_uidgid_gen)
         self.step("adding replication acis", self.__add_replication_acis)
-        self.step("enabling compatibility plugin",
-                  self.__enable_compat_plugin)
         self.step("activating sidgen plugin", self._add_sidgen_plugin)
         self.step("activating extdom plugin", self._add_extdom_plugin)
         self.step("tuning directory server", self.__tuning)
@@ -706,12 +703,6 @@ class DsInstance(service.Service):
     def __add_winsync_module(self):
         self._ldap_mod("ipa-winsync-conf.ldif")
 
-    def __enable_compat_plugin(self):
-        ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict)
-        rv = ld.update([paths.SCHEMA_COMPAT_ULDIF])
-        if not rv:
-            raise RuntimeError("Enabling compatibility plugin failed")
-
     def __config_version_module(self):
         self._ldap_mod("version-conf.ldif")
author	Stanislav Laznicka <slaznick@redhat.com>	2017-04-13 09:15:47 +0200
committer	Martin Basti <mbasti@redhat.com>	2017-04-24 17:11:51 +0200
commit	ddbbb1c58e8a4fec8129e7d1e941c54660af6a69 (patch)
tree	8b792847000d3c1ca62f1986847227dd02317e6e
parent	0c0af8cf7adf61ef03ba1240ecbdecef7fa15275 (diff)
download	freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.gz freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.xz freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.zip