The work done to create the ipa-csreplica-manage tool introduced a bug
in normal replication agreements setups which caused replicas to not
properly filter out attributes that absoluteley must not be replicated
around.
This patch should fix the issue.
Trac ticket TBC
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From d578ffa670128669c277e51a1a956840bc9f3680 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Wed, 4 Jan 2012 13:50:19 -0500
Subject: [PATCH] Fix replication setup
Changes to add a cs-replication management tool mistakenly always set a flag
that caused replicas to not add the list of attribute we exclude from
replication.
---
install/tools/ipa-csreplica-manage | 2 +-
ipaserver/install/replication.py | 28 +++++++++++++++++++---------
2 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 0178f18b3f3dc9010fcf21aab0570b325ab80337..ac39b70fa54e62ec1904784c6ceebd28c93cf804 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -334,7 +334,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
except Exception, e:
sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e)))
- repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True)
+ repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True, True)
print "Connected '%s' to '%s'" % (replica1, replica2)
def re_initialize(realm, options):
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index a139fd0fbe7168193dcfa6ba5f4d19f20d395c52..42241878e253da145aa6992eecc41bae3433ca7e 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -673,7 +673,9 @@ class ReplicationManager(object):
self.replica_config(conn, replica_id, repldn)
self.setup_changelog(conn)
- def setup_replication(self, r_hostname, r_port=389, r_sslport=636, r_binddn=None, r_bindpw=None, starttls=False):
+ def setup_replication(self, r_hostname, r_port=389, r_sslport=636,
+ r_binddn=None, r_bindpw=None, starttls=False,
+ is_cs_replica=False):
# note - there appears to be a bug in python-ldap - it does not
# allow connections using two different CA certs
if starttls:
@@ -698,14 +700,22 @@ class ReplicationManager(object):
self.basic_replication_setup(r_conn, r_id,
self.repl_man_dn, self.repl_man_passwd)
- self.setup_agreement(r_conn, self.conn.host, port=r_port,
- repl_man_dn=self.repl_man_dn,
- repl_man_passwd=self.repl_man_passwd,
- master=True)
- self.setup_agreement(self.conn, r_hostname, port=r_port,
- repl_man_dn=self.repl_man_dn,
- repl_man_passwd=self.repl_man_passwd,
- master=False)
+ if is_cs_replica:
+ self.setup_agreement(r_conn, self.conn.host, port=r_port,
+ repl_man_dn=self.repl_man_dn,
+ repl_man_passwd=self.repl_man_passwd,
+ master=True)
+ self.setup_agreement(self.conn, r_hostname, port=r_port,
+ repl_man_dn=self.repl_man_dn,
+ repl_man_passwd=self.repl_man_passwd,
+ master=False)
+ else:
+ self.setup_agreement(r_conn, self.conn.host, port=r_port,
+ repl_man_dn=self.repl_man_dn,
+ repl_man_passwd=self.repl_man_passwd)
+ self.setup_agreement(self.conn, r_hostname, port=r_port,
+ repl_man_dn=self.repl_man_dn,
+ repl_man_passwd=self.repl_man_passwd)
#Finally start replication
ret = self.start_replication(r_conn, master=True)
--
1.7.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
