On 07/02/2014 08:14 AM, Jan Cholasta wrote:
On 1.7.2014 16:45, Tomas Babej wrote:
Hi,

The replication related attributes nsds5replicalastupdatestart and
nsds5replicalastupdateend have special behaviour implemented in 389,
as follows:

In case they are explicitly requested for and not set, 0 is returned.

However, 0 is not a valid value for LDAP Generalized time. Thus
we need to add these attributes to the _SYNTAX_OVERRIDE dictionary,
overriding their conversion to datetime and converting them to
string instead, which preserves the old behaviour expected by the
replication codebase.

https://fedorahosted.org/freeipa/ticket/4350

Note: This makes patch 236 obsolete.
Note II: This is a short-term fix from my point of view. Ticket to
resolve the underlying issue has been filed to 389:

https://fedorahosted.org/389/ticket/47836

It should be unicode, not str, if you want old behavior.


Since Tomáš is on vacation now, I made the change and tested it.

As Rob noted in the other patch thread, this problem also appears in `ipa-replica-manage list -v <host>`, where it's not benign as in the install case (the command aborts). The ipa-replica-manage list case will also fail on nsds5replicalastinit{start,end} conversion (note "init" instead of "update").

Updated patch attached.

--
Petr³

From bc47e379bd50f4fef117b411d20b1c6c1c3da51c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 1 Jul 2014 13:29:13 +0200
Subject: [PATCH] ipaldap: Override conversion of
 nsds5replicalast{update,init}{start,end}

The replication related attributes with generalized time syntax have
special behaviour implemented in 389, as follows:

In case they are explicitly requested for and not set, 0 is returned.

However, 0 is not a valid value for LDAP Generalized time. Thus
we need to add these attributes to the _SYNTAX_OVERRIDE dictionary,
overriding their conversion to datetime and converting them to
string instead, which perserves the old behaviour expected by the
replication codebase.

https://fedorahosted.org/freeipa/ticket/4350
---
 ipapython/ipaldap.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipapython/ipaldap.py b/ipapython/ipaldap.py
index 21706cff08a0d8be07db8a1b5fdb0367c10ad53d..44918c39a131b1c19338dd198a27777275539624 100644
--- a/ipapython/ipaldap.py
+++ b/ipapython/ipaldap.py
@@ -263,6 +263,10 @@ class IPASimpleLDAPObject(object):
         'idnssoamname':    DNSName,
         'idnssoarname':    DNSName,
         'dnszoneidnsname': DNSName,
+        'nsds5replicalastupdatestart': unicode,
+        'nsds5replicalastupdateend': unicode,
+        'nsds5replicalastinitstart': unicode,
+        'nsds5replicalastinitend': unicode,
     })
     _SINGLE_VALUE_OVERRIDE = CIDict({
         'nsslapd-ssl-check-hostname': True,
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to