diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-04-13 09:15:47 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-04-24 17:11:51 +0200 |
commit | ddbbb1c58e8a4fec8129e7d1e941c54660af6a69 (patch) | |
tree | 8b792847000d3c1ca62f1986847227dd02317e6e | |
parent | 0c0af8cf7adf61ef03ba1240ecbdecef7fa15275 (diff) | |
download | freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.gz freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.tar.xz freeipa-ddbbb1c58e8a4fec8129e7d1e941c54660af6a69.zip |
Move the compat plugin setup at the end of install
The compat plugin was causing deadlocks with the topology plugin. Move
its setup at the end of the installation and remove the
cn=topology,cn=ipa,cn=etc subtree from its scope.
https://pagure.io/freeipa/issue/6821
Reviewed-By: Martin Basti <mbasti@redhat.com>
-rw-r--r-- | install/share/Makefile.am | 1 | ||||
-rw-r--r-- | install/updates/10-schema_compat.update | 93 | ||||
-rw-r--r-- | install/updates/80-schema_compat.update (renamed from install/share/schema_compat.uldif) | 96 | ||||
-rw-r--r-- | install/updates/Makefile.am | 2 | ||||
-rw-r--r-- | ipaplatform/base/paths.py | 3 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 9 |
6 files changed, 98 insertions, 106 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 3a34f6eaa..e7fac0c39 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -65,7 +65,6 @@ dist_app_DATA = \ opendnssec_conf.template \ opendnssec_kasp.template \ unique-attributes.ldif \ - schema_compat.uldif \ ldapi.ldif \ wsgi.py \ repoint-managed-entries.ldif \ diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update deleted file mode 100644 index fbe870340..000000000 --- a/install/updates/10-schema_compat.update +++ /dev/null @@ -1,93 +0,0 @@ -dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config -only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") -add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") -add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup} -# Fix for #4324 (regression of #1309) -remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn") -remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser} -remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup} -remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid") -remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup} -remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") - -# We need to add the value in a separate transaction -dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") -add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") -add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") -add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") -add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") -add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") -remove: schema-compat-ignore-subtree: cn=changelog -remove: schema-compat-ignore-subtree: o=ipaca -add: schema-compat-restrict-subtree: $SUFFIX -add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX - -# Change padding for host and userCategory so the pad returns the same value -# as the original, '' or -. -dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config -replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-}) -remove: schema-compat-ignore-subtree: cn=changelog -remove: schema-compat-ignore-subtree: o=ipaca -add: schema-compat-restrict-subtree: $SUFFIX -add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX - -dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config -default:objectClass: top -default:objectClass: extensibleObject -default:cn: computers -default:schema-compat-container-group: cn=compat, $SUFFIX -default:schema-compat-container-rdn: cn=computers -default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX -default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) -default:schema-compat-entry-rdn: cn=%first("%{fqdn}") -default:schema-compat-entry-attribute: objectclass=device -default:schema-compat-entry-attribute: objectclass=ieee802Device -default:schema-compat-entry-attribute: cn=%{fqdn} -default:schema-compat-entry-attribute: macAddress=%{macAddress} -remove: schema-compat-ignore-subtree: cn=changelog -remove: schema-compat-ignore-subtree: o=ipaca -add: schema-compat-restrict-subtree: $SUFFIX -add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX - -dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config -add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder} - -dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config -remove: schema-compat-ignore-subtree: cn=changelog -remove: schema-compat-ignore-subtree: o=ipaca -add: schema-compat-restrict-subtree: $SUFFIX -add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX - -dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config -remove: schema-compat-ignore-subtree: cn=changelog -remove: schema-compat-ignore-subtree: o=ipaca -add: schema-compat-restrict-subtree: $SUFFIX -add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config -add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX - -dn: cn=Schema Compatibility,cn=plugins,cn=config -# We need to run schema-compat pre-bind callback before -# other IPA pre-bind callbacks to make sure bind DN is -# rewritten to the original entry if needed -add:nsslapd-pluginprecedence: 40 - -dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config -add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") -add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","") -add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid} -add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") - -dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config -add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") -add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","") -add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid} -add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") - -dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config -add:schema-compat-entry-attribute: uid=%{uid} -replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}") diff --git a/install/share/schema_compat.uldif b/install/updates/80-schema_compat.update index 66f8ea1c3..06cbcab8a 100644 --- a/install/share/schema_compat.uldif +++ b/install/updates/80-schema_compat.update @@ -1,5 +1,6 @@ # -# Enable the Schema Compatibility plugin provided by slapi-nis. +# Setup the Schema Compatibility plugin provided by slapi-nis. +# This should be done after all other updates have been applied # # http://slapi-nis.fedorahosted.org/ # @@ -126,3 +127,96 @@ default:schema-compat-entry-attribute: macAddress=%{macAddress} dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config only:aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; ) +dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config +only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}") +add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}") +add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup} +# Fix for #4324 (regression of #1309) +remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn") +remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser} +remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup} +remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid") +remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup} +remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") + +# We need to add the value in a separate transaction +dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn") +add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}") +add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}") +add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")") +add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}") +add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")") +remove: schema-compat-ignore-subtree: cn=changelog +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: $SUFFIX +add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX + +# Change padding for host and userCategory so the pad returns the same value +# as the original, '' or -. +dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config +replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-}) +remove: schema-compat-ignore-subtree: cn=changelog +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: $SUFFIX +add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX + +dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config +default:objectClass: top +default:objectClass: extensibleObject +default:cn: computers +default:schema-compat-container-group: cn=compat, $SUFFIX +default:schema-compat-container-rdn: cn=computers +default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX +default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) +default:schema-compat-entry-rdn: cn=%first("%{fqdn}") +default:schema-compat-entry-attribute: objectclass=device +default:schema-compat-entry-attribute: objectclass=ieee802Device +default:schema-compat-entry-attribute: cn=%{fqdn} +default:schema-compat-entry-attribute: macAddress=%{macAddress} +remove: schema-compat-ignore-subtree: cn=changelog +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: $SUFFIX +add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX + +dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config +add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder} + +dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config +remove: schema-compat-ignore-subtree: cn=changelog +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: $SUFFIX +add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX + +dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config +remove: schema-compat-ignore-subtree: cn=changelog +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: $SUFFIX +add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config +add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX + +dn: cn=Schema Compatibility,cn=plugins,cn=config +# We need to run schema-compat pre-bind callback before +# other IPA pre-bind callbacks to make sure bind DN is +# rewritten to the original entry if needed +add:nsslapd-pluginprecedence: 40 + +dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config +add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") +add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","") +add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid} +add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") + +dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config +add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","") +add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","") +add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid} +add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","") + +dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config +add:schema-compat-entry-attribute: uid=%{uid} +replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}") diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 0ff0edb93..e18d01127 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -9,7 +9,6 @@ app_DATA = \ 10-selinuxusermap.update \ 10-rootdse.update \ 10-uniqueness.update \ - 10-schema_compat.update \ 19-managed-entries.update \ 20-aci.update \ 20-dna.update \ @@ -62,6 +61,7 @@ app_DATA = \ 73-custodia.update \ 73-winsync.update \ 73-certmap.update \ + 80-schema_compat.update \ 90-post_upgrade_plugins.update \ $(NULL) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index ad41814a3..57f185e23 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -236,7 +236,8 @@ class BasePathNamespace(object): HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con" NIS_ULDIF = "/usr/share/ipa/nis.uldif" NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif" - SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif" + SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update" + SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif" IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins" UPDATES_DIR = "/usr/share/ipa/updates/" DICT_WORDS = "/usr/share/dict/words" diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 99a1781ca..403fe8489 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -38,7 +38,6 @@ from ipapython import dogtag from ipaserver.install import service from ipaserver.install import installutils from ipaserver.install import certs -from ipaserver.install import ldapupdate from ipaserver.install import replication from ipaserver.install import sysupgrade from ipaserver.install import upgradeinstance @@ -281,8 +280,6 @@ class DsInstance(service.Service): self.step("configuring Posix uid/gid generation", self.__config_uidgid_gen) self.step("adding replication acis", self.__add_replication_acis) - self.step("enabling compatibility plugin", - self.__enable_compat_plugin) self.step("activating sidgen plugin", self._add_sidgen_plugin) self.step("activating extdom plugin", self._add_extdom_plugin) self.step("tuning directory server", self.__tuning) @@ -706,12 +703,6 @@ class DsInstance(service.Service): def __add_winsync_module(self): self._ldap_mod("ipa-winsync-conf.ldif") - def __enable_compat_plugin(self): - ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict) - rv = ld.update([paths.SCHEMA_COMPAT_ULDIF]) - if not rv: - raise RuntimeError("Enabling compatibility plugin failed") - def __config_version_module(self): self._ldap_mod("version-conf.ldif") |