This fixes issue with the remove statement, which causes LDAP error, when the updater is trying to remove value from nonexistent entry.

Reproducer: apply my patch mbasti-0256, install the IPA server without the DNS subsystem.


Patch attached.
https://fedorahosted.org/freeipa/ticket/4904

--
Martin Basti

From 0b23dd82c194809dfae0d541172751d6e4999143 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 25 May 2015 14:57:04 +0200
Subject: [PATCH] Server Upgrade: fix remove statement

If value does not exists then do not update entry. Otherwise, together with
nonexistent entry, the LDAP decode error will be raised.

https://fedorahosted.org/freeipa/ticket/4904
---
 ipaserver/install/ldapupdate.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 2f5bcc748eb546b4dad7e1aeeb7a2882a40d8d35..5fca37695f1da76b76f7c545fe8d1a5dccab90cb 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -648,9 +648,10 @@ class LDAPUpdate:
                     entry_values.remove(update_value)
                 except ValueError:
                     self.warning("remove: '%s' not in %s", update_value, attr)
-                    pass
-                entry[attr] = entry_values
-                self.debug('remove: updated value %s', safe_output(attr, entry_values))
+                else:
+                    entry[attr] = entry_values
+                    self.debug('remove: updated value %s', safe_output(
+                        attr, entry_values))
             elif action == 'add':
                 self.debug("add: '%s' to %s, current value %s", safe_output(attr, update_value), attr, safe_output(attr, entry_values))
                 # Remove it, ignoring errors so we can blindly add it later
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to