[Freeipa-devel] [freeipa PR#3919][opened] [Backport][ipa-4-7] Do not run trust upgrade code if master lacks Samba bindings

t-woerner via FreeIPA-devel Wed, 20 Nov 2019 07:22:37 -0800

   URL: https://github.com/freeipa/freeipa/pull/3919
Author: t-woerner
 Title: #3919: [Backport][ipa-4-7] Do not run trust upgrade code if master 
lacks Samba bindings
Action: opened


PR body:
"""
This PR was opened automatically because PR #3910 was pushed to master and 
backport to ipa-4-7 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3919/head:pr3919
git checkout pr3919

From 40acc155242f45d804230bf65b8d5d50c0bc8f33 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Sun, 17 Nov 2019 19:37:03 +0200
Subject: [PATCH] Do not run trust upgrade code if master lacks Samba bindings

If a replica has no Samba bindings but there are trust agreements
configured on some trust controller, skip trust upgrade code on this
replica.

Resolves: https://pagure.io/freeipa/issue/8001
Signed-off-by: Alexander Bokovoy <aboko...@redhat.com>
---
 ipaserver/install/plugins/adtrust.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py
index fca83aa6df..d249bd2014 100644
--- a/ipaserver/install/plugins/adtrust.py
+++ b/ipaserver/install/plugins/adtrust.py
@@ -23,6 +23,8 @@
     def ndr_unpack(x):
         raise NotImplementedError
 
+    drsblobs = None
+
 logger = logging.getLogger(__name__)
 
 register = Registry()
@@ -632,6 +634,10 @@ def execute(self, **options):
             logger.debug('AD Trusts are not enabled on this server')
             return False, []
 
+        # If we have no Samba bindings, this master is not a trust controller
+        if drsblobs is None:
+            return False, []
+
         ldap = self.api.Backend.ldap2
         gidNumber = get_gidNumber(ldap, self.api.env)
         if gidNumber is None:

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

[Freeipa-devel] [freeipa PR#3919][opened] [Backport][ipa-4-7] Do not run trust upgrade code if master lacks Samba bindings

Reply via email to