Hi, The replication related attributes nsds5replicalastupdatestart and nsds5replicalastupdateend have special behaviour implemented in 389, as follows:
In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which preserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 Note: This makes patch 236 obsolete. Note II: This is a short-term fix from my point of view. Ticket to resolve the underlying issue has been filed to 389: https://fedorahosted.org/389/ticket/47836 -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org
>From ed0344455144c9fa633c2b7a0c70c07ad72eb813 Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Tue, 1 Jul 2014 13:29:13 +0200 Subject: [PATCH] ipaldap: Override conversion of nsds5replicalastupdatestart and nsds5replicalastupdateend The replication related attributes nsds5replicalastupdatestart and nsds5replicalastupdateend have special behaviour implemented in 389, as follows: In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which perserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 --- ipapython/ipaldap.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py index 21706cff08a0d8be07db8a1b5fdb0367c10ad53d..18a25b4acdcd5a59b10088c0a9cdd38c535126fb 100644 --- a/ipapython/ipaldap.py +++ b/ipapython/ipaldap.py @@ -263,6 +263,8 @@ class IPASimpleLDAPObject(object): 'idnssoamname': DNSName, 'idnssoarname': DNSName, 'dnszoneidnsname': DNSName, + 'nsds5replicalastupdatestart': str, + 'nsds5replicalastupdateend': str, }) _SINGLE_VALUE_OVERRIDE = CIDict({ 'nsslapd-ssl-check-hostname': True, -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel