summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Babinsky <mbabinsk@redhat.com>2016-11-10 14:37:40 +0100
committerMartin Basti <mbasti@redhat.com>2016-11-17 00:39:17 +0100
commitcf6048a3ba9998a65858993e52bd4895749f2a79 (patch)
tree097b5e1305bc04fe094b27648203148aab9af123
parent3dc9ab162141c7d2e4affe73f520e1599e9f8c30 (diff)
downloadfreeipa-cf6048a3ba9998a65858993e52bd4895749f2a79.tar.gz
freeipa-cf6048a3ba9998a65858993e52bd4895749f2a79.tar.xz
freeipa-cf6048a3ba9998a65858993e52bd4895749f2a79.zip
replication: refactor the code setting principals as replica bind DNs
In addition to improving the readability of `setup_krb_princs_as_replica_binddns` method, the re-usable bits were factored out to separate methods https://fedorahosted.org/freeipa/ticket/6406 Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat
-rw-r--r--ipaserver/install/replication.py47
1 files changed, 21 insertions, 26 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 6209f81fd..4ad669406 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -782,6 +782,22 @@ class ReplicationManager(object):
return (a_entry[0].dn, b_entry[0].dn)
+ def _add_replica_bind_dn(self, conn, bind_dn):
+ rep_dn = self.replica_dn()
+ assert isinstance(rep_dn, DN)
+ try:
+ mod = [(ldap.MOD_ADD, "nsds5replicabinddn", bind_dn)]
+ conn.modify_s(rep_dn, mod)
+ except ldap.TYPE_OR_VALUE_EXISTS:
+ pass
+
+ def _add_dn_to_replication_managers(self, conn, bind_dn):
+ try:
+ mod = [(ldap.MOD_ADD, "member", bind_dn)]
+ conn.modify_s(self.repl_man_group_dn, mod)
+ except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_OBJECT):
+ pass
+
def setup_krb_princs_as_replica_binddns(self, a, b):
"""
Search the appropriate principal names so we can get
@@ -790,37 +806,16 @@ class ReplicationManager(object):
as replication agents.
"""
- rep_dn = self.replica_dn()
- group_dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),
- ('cn', 'etc'), self.suffix)
- assert isinstance(rep_dn, DN)
(a_dn, b_dn) = self.get_replica_principal_dns(a, b, retries=100)
assert isinstance(a_dn, DN)
assert isinstance(b_dn, DN)
- # Add kerberos principal DNs as valid bindDNs for replication
- try:
- mod = [(ldap.MOD_ADD, "nsds5replicabinddn", b_dn)]
- a.modify_s(rep_dn, mod)
- except ldap.TYPE_OR_VALUE_EXISTS:
- pass
- try:
- mod = [(ldap.MOD_ADD, "nsds5replicabinddn", a_dn)]
- b.modify_s(rep_dn, mod)
- except ldap.TYPE_OR_VALUE_EXISTS:
- pass
- # Add kerberos principal DNs as valid bindDNs to bindDN group
- try:
- mod = [(ldap.MOD_ADD, "member", b_dn)]
- a.modify_s(group_dn, mod)
- except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_OBJECT):
- pass
- try:
- mod = [(ldap.MOD_ADD, "member", a_dn)]
- b.modify_s(group_dn, mod)
- except (ldap.TYPE_OR_VALUE_EXISTS, ldap.NO_SUCH_OBJECT):
- pass
+ for conn, bind_dn in ((a, b_dn), (b, a_dn)):
+ # Add kerberos principal DNs as valid bindDNs for replication
+ self._add_replica_bind_dn(conn, bind_dn)
+ # Add kerberos principal DNs as valid bindDNs to bindDN group
+ self._add_dn_to_replication_managers(conn, bind_dn)
def gssapi_update_agreements(self, a, b):
generated by cgit (git 2.34.1) at 2026-02-12 16:10:45 +0000