Short term fix for https://fedorahosted.org/freeipa/ticket/4826

--
Martin^3 Babinsky
From fe39a50a0469880a9f574c893b82b8e52642aac7 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Fri, 7 Aug 2015 15:44:57 +0200
Subject: [PATCH] idranges: raise an error when local IPA ID range is being
 modified

also show the message about the way UID/GID ranges are managed in FreeIPA in
the idrange-mod's help message

https://fedorahosted.org/freeipa/ticket/4826
---
 ipalib/plugins/idrange.py | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index fb198d79d4c14ffd5f7dc633c9f01a1465ff01d7..2860cf10683633b53df689b94cc67e04349730ea 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -670,7 +670,19 @@ class idrange_show(LDAPRetrieve):
 
 @register()
 class idrange_mod(LDAPUpdate):
-    __doc__ = _('Modify ID range.')
+    __doc__ = _("""Modify ID range.
+
+    WARNING:
+
+    DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
+    local domain. Currently the DNA plugin *cannot* be reconfigured itself based
+    on the local ranges set via this family of commands.
+
+    Manual configuration change has to be done in the DNA plugin configuration for
+    the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
+    IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
+    modified to match the new range.
+    """)
 
     msg_summary = _('Modified ID range "%(value)s"')
 
@@ -688,6 +700,13 @@ class idrange_mod(LDAPUpdate):
         except errors.NotFound:
             self.obj.handle_not_found(*keys)
 
+        if old_attrs['iparangetype'][0] == 'ipa-local':
+            raise errors.ExecutionError(
+                message=_('This command can not be used to change ID '
+                          'allocation for local IPA domain. Run '
+                          '`ipa help idranges` for more information')
+            )
+
         is_set = lambda x: (x in entry_attrs) and (entry_attrs[x] is not None)
         in_updated_attrs = lambda x:\
             (x in entry_attrs and entry_attrs[x] is not None) or\
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to