[Freeipa-devel] [PATCH 0129] correctly set LDAP bind related attributes when setting up replication

Tue, 19 Jan 2016 09:09:17 -0800 

Fixes https://fedorahosted.org/freeipa/ticket/5412

--
Martin^3 Babinsky

From def242b8bee504c8e7bc0acadfdbf179936ba9e2 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 19 Jan 2016 17:46:57 +0100
Subject: [PATCH] correctly set LDAP bind related attributes when setting up
 replication

when CA replica configures 'cn=replica,cn=o\=ipaca,cn=mapping tree,cn=config'
entry on remote master during replica installation, the 'nsds5replicabinddn'
and 'nsds5replicabinddngroup' attributes are not correctly updated when this
entry already existed on the master (e.g. when existing domain-level 0
topology was promoted to domain level 1). This patch ensures that these
attributes are always set correctly regardless of existence of the replica
entry.

https://fedorahosted.org/freeipa/ticket/5412
---
 ipaserver/install/replication.py | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 19592e21f32b2013225036b3ce692f6cdee15a73..49853905f4d61da28e935c00bd931951b3705798 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -435,13 +435,21 @@ class ReplicationManager(object):
 
         try:
             entry = conn.get_entry(dn)
-            managers = entry.get('nsDS5ReplicaBindDN')
-            for m in managers:
-                if replica_binddn == DN(m):
-                    return
-            # Add the new replication manager
-            mod = [(ldap.MOD_ADD, 'nsDS5ReplicaBindDN', replica_binddn)]
-            conn.modify_s(dn, mod)
+            managers = {DN(m) for m in entry.get('nsDS5ReplicaBindDN', [])}
+            binddn_groups = {
+                DN(p) for p in entry.get('nsds5replicabinddngroup', [])}
+
+            mod = []
+            if replica_binddn not in managers:
+                # Add the new replication manager
+                mod.append((ldap.MOD_ADD, 'nsDS5ReplicaBindDN',
+                            replica_binddn))
+
+            if replica_groupdn not in binddn_groups:
+                mod.append((ldap.MOD_ADD, 'nsds5replicabinddngroup',
+                            replica_groupdn))
+            if mod:
+                conn.modify_s(dn, mod)
 
             # replication is already configured
             return
-- 
2.5.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to