URL: https://github.com/freeipa/freeipa/pull/2284 Author: flo-renaud Title: #2284: [Backport][ipa-4-5]DS replication settings: fix regression with <3.3 master Action: opened
PR body: """ This is a manual backport of PR #2263 on ipa-4-5 branch. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2284/head:pr2284 git checkout pr2284
From 16a75436213e4b50ea59daf7448bab1d467b6d06 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud <f...@redhat.com> Date: Tue, 21 Aug 2018 11:37:17 +0200 Subject: [PATCH] DS replication settings: fix regression with <3.3 master Commit 811b0fdb4620938963f1a29d3fdd22257327562c introduced a regression when configuring replication with a master < 3.3 Even if 389-ds schema is extended with nsds5ReplicaReleaseTimeout, nsds5ReplicaBackoffMax and nsDS5ReplicaBindDnGroupCheckInterval attributes, it will return UNWILLING_TO_PERFORM when a mod operation is performed on the cn=replica entry. This patch ignores the error and logs a debug msg. See: https://pagure.io/freeipa/issue/7617 Reviewed-By: Christian Heimes <chei...@redhat.com> --- ipaserver/install/replication.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index b60d96f76b..2310821969 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -21,6 +21,7 @@ import itertools +import re import six import time import datetime @@ -598,7 +599,20 @@ def finalize_replica_config(self, r_hostname, r_binddn=None, r_conn.simple_bind(r_binddn, r_bindpw) else: r_conn.gssapi_bind() - self._finalize_replica_settings(r_conn) + # If the remote server has 389-ds < 1.3, it does not + # support the attributes we are trying to set. + # Find which 389-ds is installed + rootdse = r_conn.get_entry(DN(''), ['vendorVersion']) + version = rootdse.single_value.get('vendorVersion') + mo = re.search(r'(\d+)\.(\d+)\.(\d+)[\.\d]*', version) + vendor_version = tuple(int(v) for v in mo.groups()) + if vendor_version >= (1, 3, 0): + # 389-ds understands the replication attributes, + # we can safely modify them + self._finalize_replica_settings(r_conn) + else: + root_logger.debug("replication attributes not supported " + "on remote master, skipping update.") r_conn.close() def setup_chaining_backend(self, conn):
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/AN5YPJGOMG4RMXCVQFLJACBSG67UV65J/