The work done to create the ipa-csreplica-manage tool introduced a bug in normal replication agreements setups which caused replicas to not properly filter out attributes that absoluteley must not be replicated around.
This patch should fix the issue. Trac ticket TBC Simo. -- Simo Sorce * Red Hat, Inc * New York
>From d578ffa670128669c277e51a1a956840bc9f3680 Mon Sep 17 00:00:00 2001 From: Simo Sorce <sso...@redhat.com> Date: Wed, 4 Jan 2012 13:50:19 -0500 Subject: [PATCH] Fix replication setup Changes to add a cs-replication management tool mistakenly always set a flag that caused replicas to not add the list of attribute we exclude from replication. --- install/tools/ipa-csreplica-manage | 2 +- ipaserver/install/replication.py | 28 +++++++++++++++++++--------- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 0178f18b3f3dc9010fcf21aab0570b325ab80337..ac39b70fa54e62ec1904784c6ceebd28c93cf804 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -334,7 +334,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): except Exception, e: sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e))) - repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True) + repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True, True) print "Connected '%s' to '%s'" % (replica1, replica2) def re_initialize(realm, options): diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index a139fd0fbe7168193dcfa6ba5f4d19f20d395c52..42241878e253da145aa6992eecc41bae3433ca7e 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -673,7 +673,9 @@ class ReplicationManager(object): self.replica_config(conn, replica_id, repldn) self.setup_changelog(conn) - def setup_replication(self, r_hostname, r_port=389, r_sslport=636, r_binddn=None, r_bindpw=None, starttls=False): + def setup_replication(self, r_hostname, r_port=389, r_sslport=636, + r_binddn=None, r_bindpw=None, starttls=False, + is_cs_replica=False): # note - there appears to be a bug in python-ldap - it does not # allow connections using two different CA certs if starttls: @@ -698,14 +700,22 @@ class ReplicationManager(object): self.basic_replication_setup(r_conn, r_id, self.repl_man_dn, self.repl_man_passwd) - self.setup_agreement(r_conn, self.conn.host, port=r_port, - repl_man_dn=self.repl_man_dn, - repl_man_passwd=self.repl_man_passwd, - master=True) - self.setup_agreement(self.conn, r_hostname, port=r_port, - repl_man_dn=self.repl_man_dn, - repl_man_passwd=self.repl_man_passwd, - master=False) + if is_cs_replica: + self.setup_agreement(r_conn, self.conn.host, port=r_port, + repl_man_dn=self.repl_man_dn, + repl_man_passwd=self.repl_man_passwd, + master=True) + self.setup_agreement(self.conn, r_hostname, port=r_port, + repl_man_dn=self.repl_man_dn, + repl_man_passwd=self.repl_man_passwd, + master=False) + else: + self.setup_agreement(r_conn, self.conn.host, port=r_port, + repl_man_dn=self.repl_man_dn, + repl_man_passwd=self.repl_man_passwd) + self.setup_agreement(self.conn, r_hostname, port=r_port, + repl_man_dn=self.repl_man_dn, + repl_man_passwd=self.repl_man_passwd) #Finally start replication ret = self.start_replication(r_conn, master=True) -- 1.7.7.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel