[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level
URL: https://github.com/freeipa/freeipa/pull/324 Author: tbordaz Title: #324: Check for conflict entries before raising domain level Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/324/head:pr324 git checkout pr324 From 94d592d557795cdf05f3fd3679ea7fcc9ed7f153 Mon Sep 17 00:00:00 2001 From: Ludwig KrispenzDate: Fri, 9 Dec 2016 15:04:21 +0100 Subject: [PATCH] Check for conflict entries before raising domain level Checking of conflicts is not only done in topology container as tests showed it can occurs elsewhere https://fedorahosted.org/freeipa/ticket/6534 --- ipaserver/plugins/domainlevel.py | 28 1 file changed, 28 insertions(+) diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py index 42603d7..e1f0251 100644 --- a/ipaserver/plugins/domainlevel.py +++ b/ipaserver/plugins/domainlevel.py @@ -48,6 +48,30 @@ def get_domainlevel_range(master_entry): return DomainLevelRange(0, 0) +def check_conflict_entries(ldap, api, desired_value): +""" +Check if conflict entries exist in topology subtree +""" + +container_dn = DN( +('cn', 'ipa'), +('cn', 'etc'), +api.env.basedn +) +conflict="(nsds5replconflict=*)" +subentry="(|(objectclass=ldapsubentry)(objectclass=*))" +try: +ldap.get_entries( +filter="(& %s %s)" % (conflict, subentry), +base_dn=container_dn, +scope=ldap.SCOPE_SUBTREE) +message = _("Domain Level cannot be raised to {0}, " +"existing replication conflicts have to be resolved." +.format(desired_value)) +raise errors.InvalidDomainLevelError(reason=message) +except errors.NotFound: +pass + def get_master_entries(ldap, api): """ Returns list of LDAPEntries representing IPA masters. @@ -131,6 +155,10 @@ def execute(self, *args, **options): .format(desired_value, master['cn'][0])) raise errors.InvalidDomainLevelError(reason=message) +# Check if conflict entries exist in topology subtree +# should be resolved first +check_conflict_entries(ldap, self.api, desired_value) + current_entry.single_value['ipaDomainLevel'] = desired_value ldap.update_entry(current_entry) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#324][synchronized] Check for conflict entries before raising domain level
URL: https://github.com/freeipa/freeipa/pull/324 Author: tbordaz Title: #324: Check for conflict entries before raising domain level Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/324/head:pr324 git checkout pr324 From 5e544ae0477cda154996b158960006878d1a09dc Mon Sep 17 00:00:00 2001 From: Ludwig KrispenzDate: Fri, 9 Dec 2016 15:04:21 +0100 Subject: [PATCH] Check for conflict entries before raising domain level Checking of conflicts is not only done in topology container as tests showed it can occurs elsewhere https://fedorahosted.org/freeipa/ticket/6534 --- ipaserver/plugins/domainlevel.py | 26 ++ 1 file changed, 26 insertions(+) diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py index 42603d7..749dce3 100644 --- a/ipaserver/plugins/domainlevel.py +++ b/ipaserver/plugins/domainlevel.py @@ -48,6 +48,29 @@ def get_domainlevel_range(master_entry): return DomainLevelRange(0, 0) +def check_conflict_entries(ldap, api, desired_value): +""" +Check if conflict entries exist in topology subtree +""" + +container_dn = DN( +('cn', 'ipa'), +('cn', 'etc'), +api.env.basedn +) + +try: +ldap.get_entries( +filter="(&(nsds5replconflict=*)(|(objectclass=ldapsubentry)(objectclass=*)))", +base_dn=container_dn, +scope=ldap.SCOPE_SUBTREE) +message = _("Domain Level cannot be raised to {0}, " +"existing replication conflicts have to be resolved." +.format(desired_value)) +raise errors.InvalidDomainLevelError(reason=message) +except errors.NotFound: +pass + def get_master_entries(ldap, api): """ Returns list of LDAPEntries representing IPA masters. @@ -131,6 +154,9 @@ def execute(self, *args, **options): .format(desired_value, master['cn'][0])) raise errors.InvalidDomainLevelError(reason=message) +# Check if conflict entries exist in topology subtree, should be resolved first +check_conflict_entries(ldap, self.api, desired_value) + current_entry.single_value['ipaDomainLevel'] = desired_value ldap.update_entry(current_entry) -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code