diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2014-10-17 13:24:49 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 14:08:37 +0200 |
commit | 6f81217c18a416dcbd23360ad3d7f3fea0174fc0 (patch) | |
tree | d8cea36fbb172c55fd0aa31faee3892e0a91035b /ipaserver/install/bindinstance.py | |
parent | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (diff) | |
download | freeipa-6f81217c18a416dcbd23360ad3d7f3fea0174fc0.tar.gz freeipa-6f81217c18a416dcbd23360ad3d7f3fea0174fc0.tar.xz freeipa-6f81217c18a416dcbd23360ad3d7f3fea0174fc0.zip |
dns: fix privileges' memberof during dns install
Permissions with member attrs pointing to privileges are created before the privileges.
Run memberof plugin task to fix other ends of the relationships.
https://fedorahosted.org/freeipa/ticket/4637
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 636e04f5e..d964daf22 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -23,6 +23,7 @@ import pwd import netaddr import re import sys +import time import ldap @@ -674,6 +675,35 @@ class BindInstance(service.Service): def __setup_dns_container(self): self._ldap_mod("dns.ldif", self.sub_dict) + self.__fix_dns_privilege_members() + + def __fix_dns_privilege_members(self): + ldap = api.Backend.ldap2 + + cn = 'Update PBAC memberOf %s' % time.time() + task_dn = DN(('cn', cn), ('cn', 'memberof task'), ('cn', 'tasks'), + ('cn', 'config')) + basedn = DN(api.env.container_privilege, api.env.basedn) + entry = ldap.make_entry( + task_dn, + objectclass=['top', 'extensibleObject'], + cn=[cn], + basedn=[basedn], + filter=['(objectclass=*)'], + ttl=[10]) + ldap.add_entry(entry) + + start_time = time.time() + while True: + try: + task = ldap.get_entry(task_dn) + except errors.NotFound: + break + if 'nstaskexitcode' in task: + break + time.sleep(1) + if time.time() > (start_time + 60): + raise errors.TaskTimeout(task='memberof', task_dn=task_dn) def __setup_zone(self): # Always use force=True as named is not set up yet |