Do not fail if there are multiple nsDS5ReplicaId values in cn=replication,cn=etc

On systems installed before #3394 was fixed and nsDS5ReplicaId became
single-valued, there are two replica ID values stored in cn=replication:
the default (3) and the actual value we want.
Instead of failing when multiple values are found, use the largest one.

https://fedorahosted.org/freeipa/ticket/4375

Reviewed-By: Martin Kosek <mkosek@redhat.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 2805624af..fbbad5e6c 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -238,12 +238,17 @@ class ReplicationManager(object):
             root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server")
             raise
         else:
-            if replica.single_value.get('nsDS5ReplicaId') is None:
+            id_values = replica.get('nsDS5ReplicaId')
+            if not id_values:
                 root_logger.debug("Unable to retrieve nsDS5ReplicaId from remote server")
                 raise RuntimeError("Unable to retrieve nsDS5ReplicaId from remote server")
 
+        # nsDS5ReplicaId is single-valued now, but historically it could
+        # contain multiple values, of which we need the highest.
+        # see bug: https://fedorahosted.org/freeipa/ticket/3394
+        retval = max(int(v) for v in id_values)
+
         # Now update the value on the master
-        retval = int(replica.single_value['nsDS5ReplicaId'])
         mod = [(ldap.MOD_REPLACE, 'nsDS5ReplicaId', str(retval + 1))]
 
         try: