Due to recent addition of ID range support to DsInstance, the class
could no longer be instantiated when realm_name was passed but
ID range parameters were not. This condition broke winsync agreements
creation in ipa-replica-manage.

Make sure that ID range computation in DsInstance does not crash in
this cases so that winsync replica can be created. Also convert --binddn
option of ipa-replica-manage script to IPA native DN type so that
setup_agreement does not crash.

https://fedorahosted.org/freeipa/ticket/2987
>From aabc9e05ebf7bb252213539d7d2e532e5323ce8d Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 13 Aug 2012 09:38:24 +0200
Subject: [PATCH] Fix winsync agreements creation

Due to recent addition of ID range support to DsInstance, the class
could no longer be instantiated when realm_name was passed but
ID range parameters were not. This condition broke winsync agreements
creation in ipa-replica-manage.

Make sure that ID range computation in DsInstance does not crash in
this cases so that winsync replica can be created. Also convert --binddn
option of ipa-replica-manage script to IPA native DN type so that
setup_agreement does not crash.

https://fedorahosted.org/freeipa/ticket/2987
---
 install/tools/ipa-replica-manage |  7 +++----
 ipapython/config.py              | 10 +++++++++-
 ipaserver/install/dsinstance.py  |  6 +++++-
 ipaserver/install/replication.py |  2 +-
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index b2e819d1e48d0cf56c5fbd2641ecf039a3b54dfc..cabc0106f4bf72f1aff1120ed4248453161dfeb0 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -31,6 +31,7 @@ from ipapython import version
 from ipalib import api, errors, util
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
+from ipapython.config import IPAOptionParser
 
 CACERT = "/etc/ipa/ca.crt"
 
@@ -48,16 +49,14 @@ commands = {
 }
 
 def parse_options():
-    from optparse import OptionParser
-
-    parser = OptionParser(version=version.VERSION)
+    parser = IPAOptionParser(version=version.VERSION)
     parser.add_option("-H", "--host", dest="host", help="starting host")
     parser.add_option("-p", "--password", dest="dirman_passwd", help="Directory Manager password")
     parser.add_option("-v", "--verbose", dest="verbose", action="store_true", default=False,
                       help="provide additional information")
     parser.add_option("-f", "--force", dest="force", action="store_true", default=False,
                       help="ignore some types of errors")
-    parser.add_option("--binddn", dest="binddn", default=None,
+    parser.add_option("--binddn", dest="binddn", default=None, type="dn",
                       help="Bind DN to use with remote server")
     parser.add_option("--bindpw", dest="bindpw", default=None,
                       help="Password for Bind DN to use with remote server")
diff --git a/ipapython/config.py b/ipapython/config.py
index 349c91767976ca5e157dddc560083ce8d81e733d..b9b0b4e3d0041f728e456e75b31184f9b217a66b 100644
--- a/ipapython/config.py
+++ b/ipapython/config.py
@@ -22,6 +22,7 @@ from optparse import Option, Values, OptionParser, IndentedHelpFormatter, Option
 from copy import copy
 from dns import resolver, rdatatype
 from dns.exception import DNSException
+from ipapython.dn import DN
 import dns.name
 
 import socket
@@ -59,15 +60,22 @@ def check_ip_option(option, opt, value):
     except Exception as e:
         raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e))
 
+def check_dn_option(option, opt, value):
+    try:
+        return DN(value)
+    except Exception, e:
+        raise OptionValueError("option %s: invalid DN: %s" % (opt, e))
+
 class IPAOption(Option):
     """
     optparse.Option subclass with support of options labeled as
     security-sensitive such as passwords.
     """
     ATTRS = Option.ATTRS + ["sensitive", "ip_local", "ip_netmask"]
-    TYPES = Option.TYPES + ("ip",)
+    TYPES = Option.TYPES + ("ip", "dn")
     TYPE_CHECKER = copy(Option.TYPE_CHECKER)
     TYPE_CHECKER["ip"] = check_ip_option
+    TYPE_CHECKER["dn"] = check_dn_option
 
 class IPAOptionParser(OptionParser):
     """
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bf66773812d20c8156bdf9addd5bb4537ea67956..5e6aa0512fc104bc955841afc881fbd2a5f2b8f9 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -313,6 +313,10 @@ class DsInstance(service.Service):
 
     def __setup_sub_dict(self):
         server_root = find_server_root()
+        try:
+            idrange_size = self.idmax - self.idstart + 1
+        except TypeError:
+            idrange_size = None
         self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
                              PASSWORD=self.dm_password,
                              RANDOM_PASSWORD=self.generate_random(),
@@ -323,7 +327,7 @@ class DsInstance(service.Service):
                              IDMAX=self.idmax, HOST=self.fqdn,
                              ESCAPED_SUFFIX=str(self.suffix),
                              GROUP=DS_GROUP,
-                             IDRANGE_SIZE=self.idmax-self.idstart+1
+                             IDRANGE_SIZE=idrange_size
                          )
 
     def __create_ds_user(self):
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 8fe73ca7790277ecb2eb41c5cbed3e0691ff9761..950e8ffc65795da4533612250725b7997a6f6e60 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -818,7 +818,7 @@ class ReplicationManager(object):
             ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert)
             ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
             ad_conn.start_tls_s()
-            ad_conn.simple_bind_s(ad_binddn, ad_pwd)
+            ad_conn.simple_bind_s(str(ad_binddn), ad_pwd)
             res = ad_conn.search_s("", ldap.SCOPE_BASE, '(objectClass=*)',
                                    ['defaultNamingContext'])
             for dn,entry in res:
-- 
1.7.11.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to