On Fri, 2012-01-13 at 10:10 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > A bug when creating replication agreements has caused memberOf to be
> > dropped from the exclusion list. This patch adds a tool that will find
> > and fix the agreements. It will be run when the package is installed so
> > end-users should never need to do anything, but it is harmless if run
> > multiple times.
> >
> > rob
> The wrong list attribute was being updated, this new patch updates 
> nsDS5ReplicatedAttributeList instead of nsDS5ReplicatedAttributeListTotal.
> rob

The script itself works fine. I would just remove:
+    config.add_standard_options(parser)
as these options are not used in the script anyway:
  --realm=REALM    Override default IPA realm
  --server=SERVER  Override default IPA server
  --domain=DOMAIN  Override default IPA DNS domain

The script install/tools/ipa-managed-entries has the same kind of error.

My main concern is if it is conceptually OK to create a separate script
for one-time fixes like this one. What if we find another problem with
replica agreements where we would need to update existing agreements?
Would we create another fix tool or enhance ipa-fixreplica? I am just
afraid that in time we would "pollute" our ipa-* tool collection with
one time fixes.

Maybe we could move this agreement fix to a plugin in ipa-ldap-updater
or create a more general tool for one-time fixes like this one. I am
thinking about something like this:
ipa-server-remedy [-l/--list]  [-u/--unit] [-d/--debug] [-t/--test]
When run without options it would run all remedy "plugins" to fix all
possible one-time errors. There would be also these options:
--list: list all remedy "plugins". In this case there would be just this
--unit: run just the chosen remedy "plugin"
--debug, --test: the same functionality as in your patch


Freeipa-devel mailing list

Reply via email to