[Freeipa-devel] [freeipa PR#1125][opened] Check if replica-s4u2proxy.ldif should be applied

Tue, 03 Oct 2017 12:52:20 -0700 

   URL: https://github.com/freeipa/freeipa/pull/1125
Author: felipevolpone
 Title: #1125: Check if replica-s4u2proxy.ldif should be applied
Action: opened

PR body:
"""
Now, before applying replica-s3u2proxy.ldif, we check if the values are already 
there. The values can be
there, if a replica installation was done in the past and some info was left 
behind.

https://pagure.io/freeipa/issue/7174
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1125/head:pr1125
git checkout pr1125

From cc6aa7ef270176279501cce0e7bd297117ba6ec3 Mon Sep 17 00:00:00 2001
From: Felipe Barreto <fbarr...@redhat.com>
Date: Tue, 3 Oct 2017 15:18:42 -0300
Subject: [PATCH] Checks if replica-s4u2proxy.ldif should be applied

Now, before applying replica-s3u2proxy.ldif, we check
if the values are already there. The values can be
there if a replica installation was done in the past
and some info was left behind.

https://pagure.io/freeipa/issue/7174
---
 ipaserver/install/dsinstance.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 4ec6ceed5a..d5b043e4f0 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -935,6 +935,24 @@ def __add_replication_acis(self):
         self._ldap_mod("replica-acis.ldif", self.sub_dict)
 
     def __setup_s4u2proxy(self):
+        http_dn = DN(('cn', 'ipa-http-delegation'), ('cn', 's4u2proxy'),
+                     ('cn', 'etc'), self.suffix)
+
+        ldap_dn = DN(('cn', 'ipa-ldap-delegation-targets'),
+                     ('cn', 's4u2proxy'), ('cn', 'etc'), self.suffix)
+
+        mp_http = 'HTTP/{fqdn}@{realm}'.format(fqdn=self.fqdn,
+                                               realm=self.realm)
+        mp_ldap = 'ldap/{fqdn}@{realm}'.format(fqdn=self.fqdn,
+                                               realm=self.realm)
+
+        entry_http = api.Backend.ldap2.get_entry(http_dn, ['memberPrincipal'])
+        entry_ldap = api.Backend.ldap2.get_entry(ldap_dn, ['memberPrincipal'])
+
+        if (mp_http in entry_http['memberPrincipal']
+           and mp_ldap in entry_ldap['memberPrincipal']):
+            return
+
         self._ldap_mod("replica-s4u2proxy.ldif", self.sub_dict)
 
     def __create_indices(self):

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to