Hello,
I've transformed Thierry's and Ludwig's findings of bz 1167964 [1] and
ticket  4794 [2] into patches.

I wonder if the mgrpRFC822MailMember and nsViewFilter issue(patch 794)
should be solved on 389's side rather than on FreeIPA's?

Also is the increase of nsslapd-sasl-max-buffer-size necessary? With
these two patches, replication appears to work fine for me. Tested with
F21 FreeIPA 4.1.x-GIT-something and ipa-server-3.0.0-42.el6.x86_64

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1167964
[2] https://fedorahosted.org/freeipa/ticket/4794
--
Petr Vobornik



From d9a7ba3ea575127bd9caefb72db3236f1a25544b Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 4 Dec 2014 18:23:34 +0100
Subject: [PATCH] add schema control exceptions for mgrpRFC822MailMember and
 nsViewFilter

to allow repliacation between IPA 3.0 and IPA 4.1

https://fedorahosted.org/freeipa/ticket/4794
---
 install/updates/10-config.update | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index 30fafbf9e93279633cc5760104fb68456720d2b3..a1d10214983d6f048f6327cc4449cef26d83f894 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -68,3 +68,11 @@ only:nsslapd-sasl-max-buffer-size:2097152
 # setting, password migration fails
 dn: cn=config
 only:nsslapd-allow-hashed-passwords:on
+
+# Fix replication from old(IPA < 3.1) servers
+dn: cn=supplierUpdatePolicy,cn=replSchema,cn=config
+default:objectClass:top
+default:objectClass:nsSchemaPolicy
+default:cn: supplierUpdatePolicy
+add:schemaUpdateAttributeAccept: mgrpRFC822MailMember
+add:schemaUpdateAttributeAccept: nsViewFilter
-- 
1.9.3

From f16a67f1749f7d6a53531aa8481ba8f42d44ea5e Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 4 Dec 2014 17:30:20 +0100
Subject: [PATCH] revert removal of cn attribute from idnsRecord

The removal, which was done in IPA-3.2, causes replication issues between IPA < 3.2 and IPA 4.1. Because IPA 4.1 adds two more attributes.

https://fedorahosted.org/freeipa/ticket/4794
---
 install/share/60ipadns.ldif | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/share/60ipadns.ldif b/install/share/60ipadns.ldif
index 678a5b483f7abbd0df2907513577573109297943..8fd0bb9e7c10f56c1d1c45b6ec9e8f1f9f7e7cef 100644
--- a/install/share/60ipadns.ldif
+++ b/install/share/60ipadns.ldif
@@ -63,7 +63,7 @@ attributeTypes: ( 2.16.840.1.113730.3.8.5.25 NAME 'idnsSecKeyRevoke' DESC 'DNSKE
 attributeTypes: ( 2.16.840.1.113730.3.8.5.26 NAME 'idnsSecKeySep' DESC 'DNSKEY SEP flag (equivalent to bit 15): RFC 4035' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
 attributeTypes: ( 2.16.840.1.113730.3.8.5.27 NAME 'idnsSecAlgorithm' DESC 'DNSKEY algorithm: string used as mnemonic' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v4.1' )
 attributeTypes: ( 2.16.840.1.113730.3.8.5.28 NAME 'idnsSecKeyRef' DESC 'PKCS#11 URI of the key' EQUALITY caseExactMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v4.1' )
-objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord ) )
+objectClasses: ( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $ idnsAllowDynUpdate $ dNSTTL $ dNSClass $ aRecord $ aAAARecord $ a6Record $ nSRecord $ cNAMERecord $ pTRRecord $ sRVRecord $ tXTRecord $ mXRecord $ mDRecord $ hInfoRecord $ mInfoRecord $ aFSDBRecord $ SigRecord $ KeyRecord $ LocRecord $ nXTRecord $ nAPTRRecord $ kXRecord $ certRecord $ dNameRecord $ dSRecord $ sSHFPRecord $ rRSIGRecord $ nSECRecord $ DLVRecord $ TLSARecord ) )
 objectClasses: ( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $ idnsSOAmName $ idnsSOArName $ idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $ idnsSOAminimum ) MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $ idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $ idnsSecInlineSigning $ nSEC3PARAMRecord ) )
 objectClasses: ( 2.16.840.1.113730.3.8.6.2 NAME 'idnsConfigObject' DESC 'DNS global config options' STRUCTURAL MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR $ idnsZoneRefresh $ idnsPersistentSearch ) )
 objectClasses: ( 2.16.840.1.113730.3.8.12.18 NAME 'ipaDNSZone' SUP top AUXILIARY MUST idnsName MAY managedBy X-ORIGIN 'IPA v3' )
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to