From 5cf1676c4f90fb469b0518c9f250541dd13218d9 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Fri, 31 Jul 2015 16:22:13 +0200 Subject: enable topology plugin on upgrade Reviewed-by: Simo Sorce --- install/updates/20-replication.update | 25 +++++++++++++++++++++++++ ipalib/constants.py | 18 ++++++++++++++++++ ipaserver/install/ldapupdate.py | 9 +++++++++ 3 files changed, 52 insertions(+) diff --git a/install/updates/20-replication.update b/install/updates/20-replication.update index 43f4edc0d..009378aee 100644 --- a/install/updates/20-replication.update +++ b/install/updates/20-replication.update @@ -27,12 +27,37 @@ default: objectclass: top default: objectclass: iparepltopoconf default: ipaReplTopoConfRoot: $SUFFIX default: cn: realm +add: nsDS5ReplicatedAttributeList: $EXCLUDES +add: nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES +add: nsds5ReplicaStripAttrs: $STRIP_ATTRS # add IPA realm managed suffix to master entry dn: cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX add: objectclass: ipaReplTopoManagedServer add: ipaReplTopoManagedSuffix: $SUFFIX +# Enable Topology Plugin +dn: cn=IPA Topology Configuration,cn=plugins,cn=config +default: changetype: add +default: objectClass: top +default: objectClass: nsSlapdPlugin +default: objectClass: extensibleObject +default: cn: IPA Topology Configuration +default: nsslapd-pluginPath: libtopology +default: nsslapd-pluginInitfunc: ipa_topo_init +default: nsslapd-pluginType: object +default: nsslapd-pluginEnabled: on +default: nsslapd-topo-plugin-shared-config-base: cn=ipa,cn=etc,$SUFFIX +default: nsslapd-topo-plugin-shared-replica-root: $SUFFIX +default: nsslapd-topo-plugin-shared-binddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX +default: nsslapd-topo-plugin-startup-delay: 20 +default: nsslapd-pluginId: none +default: nsslapd-plugin-depends-on-named: ldbm database +default: nsslapd-plugin-depends-on-named: Multimaster Replication Plugin +default: nsslapd-pluginVersion: 1.0 +default: nsslapd-pluginVendor: none +default: nsslapd-pluginDescription: none + # Set replication changelog limit (#5086) dn: cn=changelog5,cn=config addifnew: nsslapd-changelogmaxage: 7d diff --git a/ipalib/constants.py b/ipalib/constants.py index 987d40901..6cd39f8f0 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -239,3 +239,21 @@ SID_ANCHOR_PREFIX = ':SID:' MIN_DOMAIN_LEVEL = 0 MAX_DOMAIN_LEVEL = 1 + +# Constants used in generation of replication agreements and as topology +# defaults + +# List of attributes that need to be excluded from replication initialization. +REPL_AGMT_TOTAL_EXCLUDES = ('entryusn', + 'krblastsuccessfulauth', + 'krblastfailedauth', + 'krbloginfailedcount') + +# List of attributes that need to be excluded from normal replication. +REPL_AGMT_EXCLUDES = ('memberof', 'idnssoaserial') + REPL_AGMT_TOTAL_EXCLUDES + +# List of attributes that are not updated on empty replication +REPL_AGMT_STRIP_ATTRS = ('modifiersName', + 'modifyTimestamp', + 'internalModifiersName', + 'internalModifyTimestamp') diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 5fac58eca..fd02bdc02 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -303,6 +303,15 @@ class LDAPUpdate: self.sub_dict["MIN_DOMAIN_LEVEL"] = str(constants.MIN_DOMAIN_LEVEL) if not self.sub_dict.get("MAX_DOMAIN_LEVEL"): self.sub_dict["MAX_DOMAIN_LEVEL"] = str(constants.MAX_DOMAIN_LEVEL) + if not self.sub_dict.get("STRIP_ATTRS"): + self.sub_dict["STRIP_ATTRS"] = "%s" % ( + " ".join(constants.REPL_AGMT_STRIP_ATTRS),) + if not self.sub_dict.get("EXCLUDES"): + self.sub_dict["EXCLUDES"] = "(objectclass=*) $ EXCLUDE %s" % ( + " ".join(constants.REPL_AGMT_EXCLUDES),) + if not self.sub_dict.get("TOTAL_EXCLUDES"): + self.sub_dict["TOTAL_EXCLUDES"] = "(objectclass=*) $ EXCLUDE " + \ + " ".join(constants.REPL_AGMT_TOTAL_EXCLUDES) self.api = create_api(mode=None) self.api.bootstrap(in_server=True, context='updates') self.api.finalize() -- cgit