[Freeipa-devel] [PATCH] 778 dns: fix privileges' memberof during dns install

Petr Vobornik Fri, 17 Oct 2014 04:31:00 -0700

Permissions with member attrs pointing to privileges are created beforethe privileges.


Run memberof plugin task to fix other ends of the relationships.


https://fedorahosted.org/freeipa/ticket/4637
--
Petr Vobornik

From 65b5331ff693688225d06f023e357ff4bf87ec2c Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Fri, 17 Oct 2014 13:24:49 +0200
Subject: [PATCH] dns: fix privileges' memberof during dns install

Permissions with member attrs pointing to privileges are created before the privileges.

Run memberof plugin task to fix other ends of the relationships.

https://fedorahosted.org/freeipa/ticket/4637
---
 ipaserver/install/bindinstance.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 636e04f5ee40d250f7fe8bd01578924669571bae..d964daf22650e18818cb419d2a9a89607ced7a61 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -23,6 +23,7 @@ import pwd
 import netaddr
 import re
 import sys
+import time
 
 import ldap
 
@@ -674,6 +675,35 @@ class BindInstance(service.Service):
 
     def __setup_dns_container(self):
         self._ldap_mod("dns.ldif", self.sub_dict)
+        self.__fix_dns_privilege_members()
+
+    def __fix_dns_privilege_members(self):
+        ldap = api.Backend.ldap2
+
+        cn = 'Update PBAC memberOf %s' % time.time()
+        task_dn = DN(('cn', cn), ('cn', 'memberof task'), ('cn', 'tasks'),
+                     ('cn', 'config'))
+        basedn = DN(api.env.container_privilege, api.env.basedn)
+        entry = ldap.make_entry(
+            task_dn,
+            objectclass=['top', 'extensibleObject'],
+            cn=[cn],
+            basedn=[basedn],
+            filter=['(objectclass=*)'],
+            ttl=[10])
+        ldap.add_entry(entry)
+
+        start_time = time.time()
+        while True:
+            try:
+                task = ldap.get_entry(task_dn)
+            except errors.NotFound:
+                break
+            if 'nstaskexitcode' in task:
+                break
+            time.sleep(1)
+            if time.time() > (start_time + 60):
+                raise errors.TaskTimeout(task='memberof', task_dn=task_dn)
 
     def __setup_zone(self):
         # Always use force=True as named is not set up yet
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 778 dns: fix privileges' memberof during dns install

Reply via email to