subject:"\[Freeipa\-devel\] \[freeipa PR#324\]\[synchronized\] Check for conflict entries before raising domain level"

[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level

2016-12-13 Thread tbordaz

   URL: https://github.com/freeipa/freeipa/pull/324
Author: tbordaz
 Title: #324: Check for conflict entries before raising domain level
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/324/head:pr324
git checkout pr324
From 94d592d557795cdf05f3fd3679ea7fcc9ed7f153 Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz 
Date: Fri, 9 Dec 2016 15:04:21 +0100
Subject: [PATCH] Check for conflict entries before raising domain level

Checking of conflicts is not only done in topology container as
tests showed it can occurs elsewhere

https://fedorahosted.org/freeipa/ticket/6534
---
 ipaserver/plugins/domainlevel.py | 28 
 1 file changed, 28 insertions(+)

diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py
index 42603d7..e1f0251 100644
--- a/ipaserver/plugins/domainlevel.py
+++ b/ipaserver/plugins/domainlevel.py
@@ -48,6 +48,30 @@ def get_domainlevel_range(master_entry):
 return DomainLevelRange(0, 0)
 
 
+def check_conflict_entries(ldap, api, desired_value):
+"""
+Check if conflict entries exist in topology subtree
+"""
+
+container_dn = DN(
+('cn', 'ipa'),
+('cn', 'etc'),
+api.env.basedn
+)
+conflict="(nsds5replconflict=*)"
+subentry="(|(objectclass=ldapsubentry)(objectclass=*))"
+try:
+ldap.get_entries(
+filter="(& %s %s)" % (conflict, subentry),
+base_dn=container_dn,
+scope=ldap.SCOPE_SUBTREE)
+message = _("Domain Level cannot be raised to {0}, "
+"existing replication conflicts have to be resolved."
+.format(desired_value))
+raise errors.InvalidDomainLevelError(reason=message)
+except errors.NotFound:
+pass
+
 def get_master_entries(ldap, api):
 """
 Returns list of LDAPEntries representing IPA masters.
@@ -131,6 +155,10 @@ def execute(self, *args, **options):
 .format(desired_value, master['cn'][0]))
 raise errors.InvalidDomainLevelError(reason=message)
 
+# Check if conflict entries exist in topology subtree
+# should be resolved first
+check_conflict_entries(ldap, self.api, desired_value)
+
 current_entry.single_value['ipaDomainLevel'] = desired_value
 ldap.update_entry(current_entry)
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level

2016-12-12 Thread tbordaz

   URL: https://github.com/freeipa/freeipa/pull/324
Author: tbordaz
 Title: #324: Check for conflict entries before raising domain level
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/324/head:pr324
git checkout pr324
From 5e544ae0477cda154996b158960006878d1a09dc Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz 
Date: Fri, 9 Dec 2016 15:04:21 +0100
Subject: [PATCH] Check for conflict entries before raising domain level

Checking of conflicts is not only done in topology container as
tests showed it can occurs elsewhere

https://fedorahosted.org/freeipa/ticket/6534
---
 ipaserver/plugins/domainlevel.py | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py
index 42603d7..749dce3 100644
--- a/ipaserver/plugins/domainlevel.py
+++ b/ipaserver/plugins/domainlevel.py
@@ -48,6 +48,29 @@ def get_domainlevel_range(master_entry):
 return DomainLevelRange(0, 0)
 
 
+def check_conflict_entries(ldap, api, desired_value):
+"""
+Check if conflict entries exist in topology subtree
+"""
+
+container_dn = DN(
+('cn', 'ipa'),
+('cn', 'etc'),
+api.env.basedn
+)
+
+try:
+ldap.get_entries(
+filter="(&(nsds5replconflict=*)(|(objectclass=ldapsubentry)(objectclass=*)))",
+base_dn=container_dn,
+scope=ldap.SCOPE_SUBTREE)
+message = _("Domain Level cannot be raised to {0}, "
+"existing replication conflicts have to be resolved."
+.format(desired_value))
+raise errors.InvalidDomainLevelError(reason=message)
+except errors.NotFound:
+pass
+
 def get_master_entries(ldap, api):
 """
 Returns list of LDAPEntries representing IPA masters.
@@ -131,6 +154,9 @@ def execute(self, *args, **options):
 .format(desired_value, master['cn'][0]))
 raise errors.InvalidDomainLevelError(reason=message)
 
+# Check if conflict entries exist in topology subtree, should be resolved first
+check_conflict_entries(ldap, self.api, desired_value)
+
 current_entry.single_value['ipaDomainLevel'] = desired_value
 ldap.update_entry(current_entry)
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level

[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level

2 matches

Site Navigation

Mail list logo

Footer information