URL: https://github.com/freeipa/freeipa/pull/320 Author: martbab Title: #320: add missing attribute to ipaca replica during CA topology update Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/320/head:pr320 git checkout pr320
From 96f60d0464b8956382892fc5f04bea1d5fc62b02 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 7 Dec 2016 13:47:14 +0100 Subject: [PATCH 1/2] Revert "upgrade: add replica bind DN group check interval to CA topology config" This reverts commit 8c6a10ceddb4fce9a3dd4a334e6804800b5c89f9 since it leads to errors in upgrade of first master. https://fedorahosted.org/freeipa/ticket/6508 --- install/share/ca-topology.uldif | 1 - 1 file changed, 1 deletion(-) diff --git a/install/share/ca-topology.uldif b/install/share/ca-topology.uldif index 8fe38e7..fea591b 100644 --- a/install/share/ca-topology.uldif +++ b/install/share/ca-topology.uldif @@ -12,4 +12,3 @@ default: cn: ca dn: cn=replica,cn=o\3Dipaca,cn=mapping tree,cn=config onlyifexist: nsds5replicabinddngroup: cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX -add: nsds5replicabinddngroupcheckinterval: 60 From 9f5df06ab38ac83da8b1cdf4fda2763828f57305 Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Wed, 7 Dec 2016 14:00:09 +0100 Subject: [PATCH 2/2] add missing attribute to ipaca replica during CA topology update 'nsds5replicabinddngroupcheckinterval' attribute was not properly added to 'o=ipaca' replica attribute during upgrade. The CA topology update plugin should now add it to the entry if it exists. https://fedorahosted.org/freeipa/ticket/6508 --- ipaserver/install/plugins/update_ca_topology.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ipaserver/install/plugins/update_ca_topology.py b/ipaserver/install/plugins/update_ca_topology.py index d76849b..f82926b 100644 --- a/ipaserver/install/plugins/update_ca_topology.py +++ b/ipaserver/install/plugins/update_ca_topology.py @@ -2,8 +2,10 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # +from ipalib import errors from ipalib import Registry from ipalib import Updater +from ipapython.dn import DN from ipaserver.install import certs, cainstance from ipaserver.install import ldapupdate from ipaplatform.paths import paths @@ -31,4 +33,24 @@ def execute(self, **options): ld.update([paths.CA_TOPOLOGY_ULDIF]) + ldap = self.api.Backend.ldap2 + + ca_replica_dn = DN( + ('cn', 'replica'), + ('cn', 'o=ipaca'), + ('cn', 'mapping tree'), + ('cn', 'config')) + + check_interval_attr = 'nsds5replicabinddngroupcheckinterval' + default_check_interval = ['60'] + + try: + ca_replica_entry = ldap.get_entry(ca_replica_dn) + except errors.NotFound: + pass + else: + if check_interval_attr not in ca_replica_entry: + ca_replica_entry[check_interval_attr] = default_check_interval + ldap.update_entry(ca_replica_entry) + return False, []
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
