Hi,

With Domain Level 1 and above, the usage of ipa-replica-manage commands
that alter the replica topology is deprecated. Following commands
are prohibited:

* connect
* disconnect
* del

Upon executing any of these commands, users are pointed out to the
ipa topologysegment-* replacements.

Part of: https://fedorahosted.org/freeipa/ticket/4302
>From e96c3b045ced1773def444ffee9a45f813abb954 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 2 Jun 2015 14:06:26 +0200
Subject: [PATCH] ipa-replica-manage: Do not allow topology altering commands
 from DL 1

With Domain Level 1 and above, the usage of ipa-replica-manage commands
that alter the replica topology is deprecated. Following commands
are prohibited:

* connect
* disconnect
* del

Upon executing any of these commands, users are pointed out to the
ipa topologysegment-* replacements.

Part of: https://fedorahosted.org/freeipa/ticket/4302
---
 install/tools/ipa-replica-manage | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 0d2688e6d73b1591c5e386656b7198c20d71558a..a27360c002433e5f1b8133b98055cb757468ad0a 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -747,12 +747,6 @@ def del_master(realm, hostname, options):
     try:
         if bindinstance.dns_container_exists(options.host, thisrepl.suffix,
                                              dm_password=options.dirman_passwd):
-            if options.dirman_passwd:
-                api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
-                                          bind_pw=options.dirman_passwd)
-            else:
-                ccache = krbV.default_context().default_ccache()
-                api.Backend.ldap2.connect(ccache=ccache)
             bind = bindinstance.BindInstance()
             bind.remove_master_dns_records(hostname, realm, realm.lower())
             bind.remove_ipa_ca_dns_records(hostname, realm.lower())
@@ -1209,6 +1203,22 @@ def main():
 
     options.dirman_passwd = dirman_passwd
 
+    # Initialize the LDAP connection
+    if options.dirman_passwd:
+        api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
+                                  bind_pw=options.dirman_passwd)
+    else:
+        ccache = krbV.default_context().default_ccache()
+        api.Backend.ldap2.connect(ccache=ccache)
+
+    # Check the domain level
+    if args[0] in ("connect", "disconnect", "del"):
+        domainlevel = api.Command['domainlevel_get']().get('result', 0)
+        if domainlevel > 0:
+            sys.exit("The {0} command is deprecated with domain level 1. "
+                     "Please use ipa topologysegment-* commands to manage "
+                     "IPA replication topology.".format(args[0]))
+
     if args[0] == "list":
         replica = None
         if len(args) == 2:
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to