diff --git a/0004-Upgrade-fix-replica-agreement_rhbz#2216551.patch b/0004-Upgrade-fix-replica-agreement_rhbz#2216551.patch
index 34e672f..4d795e4 100644
--- a/0004-Upgrade-fix-replica-agreement_rhbz#2216551.patch
+++ b/0004-Upgrade-fix-replica-agreement_rhbz#2216551.patch
@@ -1,434 +1,171 @@
-
-<!DOCTYPE html>
-<html lang='en'>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <title>Commit - freeipa - d29b47512a39ada02fb371521994576cd9815a6c - Pagure.io</title>
-        <link rel="shortcut icon" type="image/vnd.microsoft.icon"
-        href="/theme/static/favicon.ico?version=5.13.3"/>
-    <link href="/theme/static/fedora-bootstrap-1.3.0/fedora-bootstrap.min.css?version=5.13.3"
-        type="text/css" rel="stylesheet" />
-    <link href="/theme/static/fonts/fonts.css?version=5.13.3"
-        rel="stylesheet" type="text/css" />
-    <link href="/theme/static/fonts/hack_fonts/css/hack-extended.min.css?version=5.13.3"
-        type="text/css" rel="stylesheet" />
-    <link href="/theme/static/theme.css?version=5.13.3"
-        type="text/css" rel="stylesheet" />
-
-    <link type="text/css" rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/font-awesome/font-awesome.css?version=5.13.3"/>
-    <link type="text/css" rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/pagure.css?version=5.13.3"/>
-<link rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/highlight.js/styles/github.css?version=5.13.3"/>
-<link rel="stylesheet" nonce="qdLhc1wjRNfkrQnukB32BzvfC" href="/static/vendor/diff2html/diff2html.css?version=5.13.3"/>
-
-  </head>
-  <body id="home">
-    
-    <!-- start masthead -->
-    <nav class="navbar navbar-light masthead p-0 navbar-expand">
-      <div class="container">
-        <a href="/" class="navbar-brand">
-        <img height="40" src="/theme/static/pagure-logo.png?version=5.13.3"
-             alt="pagure Logo" id="pagureLogo"/>
-        </a>
-        <ul class="navbar-nav ml-auto">
-
-          
-
-          <li class="nav-item">
-            <a class="btn btn-primary" href="/login/?next=https://pagure.io/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c">Log In</a>
-          </li>
-        </ul>
-      </div>
-    </nav>
-    <!-- close masthead-->
-
-    <div class="bodycontent">
-
-
-<div class="bg-light border border-bottom pt-3">
-  <div class="container">
-    <div class="row mb-3">
-      <div class="col-6">
-        <div class="row">
-        <div class="col-auto pr-0">
-            <h3>
-<i class="fa fa-calendar-o fa-rotate-270 text-muted"></i></h3>
-        </div>
-        <div class="col-auto pl-2">
-            <h3 class="mb-0">
-<a href="/freeipa"><strong>freeipa</strong></a>
-            </h3>
-        </div>
-        </div>
-      </div>
-      <div class="col-6 text-right">
-        <div class="btn-group">
-        <div class="btn-group">
-        <a href="#"
-            class="btn btn-sm dropdown-toggle btn-outline-primary"
-            data-toggle="dropdown" id="watch-button">
-          <i class="fa fa-clone fa-fw"></i>
-          <span>Clone</span>
-        </a>
-        <div class="dropdown-menu dropdown-menu-right">
-          <div class="m-3" id="source-dropdown">
-            <div>
-              <h5><strong>Source Code</strong></h5>
-
-              <div class="form-group">
-                <div class="input-group input-group-sm">
-                  <div class="input-group-prepend"><span class="input-group-text">GIT</span></div>
-                  <input class="form-control bg-white select-on-focus" type="text" value="https://pagure.io/freeipa.git" readonly>
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
-
-      </div>
-    </div>
-  </div>
-</div>
-
-<ul class="nav nav-tabs nav-small border-bottom-0">
-  <li class="nav-item mr-2 text-dark">
-    <a class="nav-link active" href="/freeipa">
-        <i class="fa fa-code fa-fw text-muted"></i>
-        <span class="d-none d-md-inline">Source</span>
-    </a>
-  </li>
-
-    <li class="nav-item mr-2 text-dark">
-        <a class="nav-link" href="/freeipa/issues">
-            <i class="fa fa-fw text-muted fa-exclamation-circle"></i>
-            <span class="d-none d-md-inline">Issues&nbsp;</span>
-            <span class="badge badge-secondary py-0 d-none d-md-inline">
-              986
-            </span>
-        </a>
-    </li>
-
-
-    <li class="nav-item mr-2 text-dark">
-    <a class="nav-link"  href="/freeipa/roadmap"
-      class="btn btn-outline-dark btn-sm">
-      <i class="fa fa-fw text-muted fa-map-signs"></i>
-      <span class="d-none d-md-inline">Roadmap&nbsp;</span>
-    </a>
-    </li>
-
-
-    <li class="nav-item mr-2 text-dark">
-      <a class="nav-link" href="/freeipa/stats">
-          <i class="fa fa-line-chart fa-fw text-muted"></i>
-          <span class="d-none d-md-inline">Stats</span>
-      </a>
-    </li>
-
-
-</ul>
-  </div>
-</div>
-
-<div class="container pt-5 repo-body-container">
-<div class="row">
-  <div class="col">
-<nav class="nav nav-tabs nav-sidetabs flex-column">
-  <a class=
-      "nav-link nowrap
-"
-      href="/freeipa">
-      <i class="fa fa-home text-muted fa-fw"></i>&nbsp;<span class="d-none d-md-inline">Overview</span>
-  </a>
-  <a class=
-    "nav-link nowrap
-"
-    href="/freeipa/tree">
-    <i class="fa fa-file-code-o text-muted fa-fw"></i>&nbsp;Files
-  </a>
-  <a class=
-    "nav-link nowrap
- active"
-    href="/freeipa/commits">
-    <i class="fa fa-list-alt text-muted fa-fw" data-glyph="spreadsheet"></i>&nbsp;Commits
-  </a>
-  <a class=
-    "nav-link nowrap
-"
-    href="/freeipa/branches">
-    <i class="fa fa-random text-muted fa-fw"></i>&nbsp;Branches
-  </a>
-  <a class=
-    "nav-link nowrap
-"
-    href="/freeipa/forks">
-    <i class="fa fa-code-fork text-muted fa-fw"></i>&nbsp;Forks
-  </a>
-  <a class=
-    "nav-link nowrap
-"
-    href="/freeipa/releases">
-    <i class="fa fa-tags text-muted fa-fw"></i>&nbsp;Releases
-  </a>
-</nav>  </div>
-  <div class="col-10">
-    <div class="d-flex">
-      <div>
-        <h4 class="font-weight-bold">
-        <span title="d29b47512a39ada02fb371521994576cd9815a6c"><code class="text-white bg-primary">d29b475</code></span>
-        <span>Upgrade: fix replica agreement</span>
-        </h4>
-        <h5 class="text-muted pt-1 mb-0">
-                Authored and Committed by <img class="avatar circle lazyload" src="https://seccdn.libravatar.org/avatar/1e52aaae9646f0f890f5f6c771cd060c66898d5fdf78e8a6021eb2b75e27ffe2?s=16&d=retro"/> <a title='Florence Blanc-Renaud' href='/user/frenaud' >frenaud</a>
-              <span title="2023-06-22 15:49:40 UTC" data-toggle="tooltip">7 days ago</span>
-          </h5>
-      </div>
-      <div class="ml-auto">
-          <div class="btn-group">
-              <a class="btn btn-outline-primary btn-sm" href="/freeipa/raw/d29b47512a39ada02fb371521994576cd9815a6c" title="View as raw">raw</a>
-              <a class="btn btn-outline-primary btn-sm" href="/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c.patch">patch</a>
-              <a class="btn btn-outline-primary  btn-sm" href="/freeipa/tree/d29b47512a39ada02fb371521994576cd9815a6c">tree</a>
-              <a class="btn btn-outline-primary btn-sm" title=356ec5cbfe0876686239f938bdf54892dc30571e href="/freeipa/c/356ec5cbfe0876686239f938bdf54892dc30571e">parent</a>
-            </div>
-      </div>
-    </div>
-
-    <div class="card border-0 mb-3">
-        <div class="card-header border-0 bg-white font-weight-bold p-0">
-            <a href="#commit-overview-collapse" data-toggle="collapse" data-target="#commit-overview-collapse">1 file changed.</a>
-            <span class="text-success">38 lines added</span>.
-            <span class="text-danger">42 lines removed</span>.
-        </div>
-        <div class="card-body p-0 collapse" id="commit-overview-collapse">
-            <div class="list-group ">
-<a href="#_1" class="list-group-item list-group-item-action">
-      <div class="d-flex">
-          <div class="font-weight-bold">
-            ipaserver/install/plugins/fix_replica_agreements.py
-          </div>
-          <div class="ml-auto font-weight-bold">
-              <span class="font-weight-bold btn btn-sm btn-outline-secondary border-0 disabled opacity-100">file modified</span>
-              <div class="btn-group">
-                  <span class="font-weight-bold btn btn-sm btn-success disabled opacity-100">+38</span>
-                  <span class="font-weight-bold btn btn-sm btn-danger disabled opacity-100">-42</span>
-                </div>
-          </div>
-      </div>
-    </a>                  </div>
-        </div>
-      </div>
-
-
-    <div class="m-y-1">
-        <pre class="commit_message_body">
-    Upgrade: fix replica agreement
-    
-    The upgrade checks the replication agreements to ensure that
-    some attributes are excluded from replication. The agreements
-    are stored in entries like
-    cn=serverToreplica,cn=replica,cn=_suffix_,cn=mapping tree,cn=config
-    but those entries are managed by the replication topology plugin
-    and should not be updated directly. The consequence is that the update
-    of the attributes fails and ipa-server-update prints an error message:
-    
-    Error caught updating nsDS5ReplicatedAttributeList: Server is unwilling
-    to perform: Entry and attributes are managed by topology <a href="http://plugin.No" rel="nofollow">plugin.No</a> direct
-    modifications allowed.
-    Error caught updating nsDS5ReplicatedAttributeListTotal: Server is
-    unwilling to perform: Entry and attributes are managed by topology
-    <a href="http://plugin.No" rel="nofollow">plugin.No</a> direct modifications allowed.
-    
-    The upgrade continues but the replication is not excluding
-    passwordgraceusertime.
-    
-    Instead of editing the agreements, perform the modifications on
-    the topology segments.
-    
-    Fixes: <a href="https://pagure.io/freeipa/issue/9385" rel="nofollow">https://pagure.io/freeipa/issue/9385</a>
-    Signed-off-by: Florence Blanc-Renaud &lt;flo@redhat.com&gt;
-    Reviewed-By: Rob Crittenden &lt;rcritten@redhat.com&gt;
-    
-        </pre>
-    </div>
-
-
-
-
-
-<section class="commit_diff">
-      <div class="card mt-3" id="_1">
-        <div class="card-header">
-            <div class="d-flex align-items-center">
-
-
-
-
-
-
-                    <div>
-                                            <a class="font-weight-bold ml-2" href="/freeipa/blob/d29b47512a39ada02fb371521994576cd9815a6c/f/ipaserver/install/plugins/fix_replica_agreements.py"
-                      title="View file as of d29b475">ipaserver/install/plugins/fix_replica_agreements.py</a>
-
-                    </div>
-                    <div class="d-flex align-items-center ml-auto">
-                                      <div class="btn btn-outline-secondary disabled opacity-100 border-0 font-weight-bold">file modified</div>
-
-                      <div class="btn-group">
-                  <span class="btn btn-success btn-sm font-weight-bold disabled opacity-100">+38</span>
-                  <span class="btn btn-danger btn-sm font-weight-bold disabled opacity-100">-42</span>
-                </div>
-
-                                    <a class="btn btn-outline-primary  btn-sm ml-2" href="/freeipa/blob/d29b47512a39ada02fb371521994576cd9815a6c/f/ipaserver/install/plugins/fix_replica_agreements.py"
-                title="View file as of d29b475">
-                <i class="fa fa-file-code-o fa-fw"></i>
-              </a>
-
-                                      <a href="diff2html_1" class="btn btn-sm btn-outline-primary diffcollapse ml-2" data-toggle="collapse" data-target="#diff2html_1">
-                  <i class="fa fa-fw fa-caret-up"></i>
-                </a>
-
-                    </div></div>
-        </div>
-        <div class="diff2html-output collapse show" data-diffno="1" id="diff2html_1"></div>
-
-      </div>
-      </section>
-
-
-  </div>
-</div>
-
-
-</div>
-    </div>
-
-        <div class="footer pt-4 text-white">
-        <div class="container">
-            <div class="d-flex align-items-center">
-                <div>
-                    <div>Powered by <a href="https://pagure.io/pagure" class="notblue">Pagure</a> 5.13.3</div>
-                    <div>
-                        <a href="https://docs.pagure.org/pagure/usage/index.html" class="notblue">Documentation</a> &bull;
-                        <a href="https://pagure.io/pagure/new_issue" class="notblue">File an Issue</a> &bull;
-                        <a href="/about">About</a> &bull;
-                        <a href="/ssh_info" class="notblue">SSH Hostkey/Fingerprint</a>
-                    </div>
-                </div>
-                <div class="ml-auto text-right">
-                    <div>&copy; Red Hat, Inc. and others.</div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-
-        <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/jquery/jquery.min.js?version=5.13.3"></script>
-
-    <script src="/static/vendor/bootstrap/bootstrap.bundle.min.js?version=5.13.3"></script>
-
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
-      $('[data-toggle="tooltip"]').tooltip({placement : 'bottom'});
-      $(".cancel_btn").click(function() {
-        history.back();
-      });
-    </script>
-
-<script type="text/javascript"  nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/lazyload/lazyload.min.js?version=5.13.3"></script>
-
-<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
-window.addEventListener("load", function(event) {
-    lazyload();
-});
-</script>
-
-<script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
-$("#giturl-toggle").on('click', function(event){
-  event.stopPropagation();
-  $("#giturl-more").toggle();
-  $("#giturl-toggle").hide();
-})
-
-$(".fork_project_btn").click(function() {
-  $('#fork_project').submit();
-});
-
-$(".select-on-focus").on("focus", function() {
-  $(this).select();
-});
-
-</script>
-
-
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/diff2html/diff2html.min.js?version=5.13.3"></script>
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/highlight.js/highlight.pack.js?version=5.13.3"></script>
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/highlight.js/spec.js?version=5.13.3"></script>
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC" src="/static/vendor/diff2html/diff2html-ui.min.js?version=5.13.3"></script>
-
-    <script type="text/javascript" nonce="qdLhc1wjRNfkrQnukB32BzvfC">
-      $(document).ready(function() {
-        $(".diffcollapse").click(function(e){
-          $(this).find("i").toggleClass("fa-caret-down fa-caret-up")
-        });
-      });
-      $(function(){
-        $('#diff_list_link').click(function(){
-          $('#diff_list').toggle();
-        });
-      });
-      $.ajax({
-        url: '/freeipa/c/d29b47512a39ada02fb371521994576cd9815a6c.diff?js=True' ,
-        type: 'GET',
-        dataType: 'json',
-        success: function(res) {
-          $(".diff2html-output").each(function(){
-          var diffString = res[$(this).attr("data-diffno")];
-          var diff2htmlUi = new Diff2HtmlUI({diff: diffString});
-            diff2htmlUi.draw('#diff2html_'+$(this).attr("data-diffno"), {inputFormat: 'diff'});
-          diff2htmlUi.highlightCode('#diff2html_'+$(this).attr("data-diffno"));
-
-          });
-        }
-      });
-
-      $.ajax({
-        url: '/pv/branches/commit/' ,
-        type: 'POST',
-        data: {
-          repo: "freeipa",
-          repouser: "",
-          namespace: "",
-          commit_id: "d29b47512a39ada02fb371521994576cd9815a6c",
-          csrf_token: "IjBlMjNjZTVhYTU0ZTdiNDg1ODAyM2E4YjRmM2NmZjBhZjkwZTM0ZjQi.F394iA.hp0mU_A319AwGFwaTxBoPMzh1VQ",
-        },
-        dataType: 'json',
-        success: function(res) {
-            if (res.branches.length == 0){
-                return;
-            }
-            var _br = '';
-            for (var i = 0; i < res.branches.length; ++i) {
-                if (_br.length > 0){
-                    _br += ', ';
-                }
-                _br += res.branches[i]
-            }
-            var el = $('#diff-file-1');
-            if (!el){
-                return;
-            }
-            el.before(
-                '<div class=""><i class="fa fa-code-fork"></i> '
-                + _br + '</div>');
-        }
-      });
-    </script>
-
-</body>
-</html>From 93d97b59600c15e5028ee39b0e98450544165158 Mon Sep 17 00:00:00 2001
+From d29b47512a39ada02fb371521994576cd9815a6c Mon Sep 17 00:00:00 2001
 From: Florence Blanc-Renaud <flo@redhat.com>
-Date: Jun 22 2023 15:49:40 +0000
-Subject: Integration tests: add a test to ipa-server-upgrade
+Date: Mon, 19 Jun 2023 10:36:29 +0200
+Subject: [PATCH] Upgrade: fix replica agreement
 
+The upgrade checks the replication agreements to ensure that
+some attributes are excluded from replication. The agreements
+are stored in entries like
+cn=serverToreplica,cn=replica,cn=_suffix_,cn=mapping tree,cn=config
+but those entries are managed by the replication topology plugin
+and should not be updated directly. The consequence is that the update
+of the attributes fails and ipa-server-update prints an error message:
+
+Error caught updating nsDS5ReplicatedAttributeList: Server is unwilling
+to perform: Entry and attributes are managed by topology plugin.No direct
+modifications allowed.
+Error caught updating nsDS5ReplicatedAttributeListTotal: Server is
+unwilling to perform: Entry and attributes are managed by topology
+plugin.No direct modifications allowed.
+
+The upgrade continues but the replication is not excluding
+passwordgraceusertime.
+
+Instead of editing the agreements, perform the modifications on
+the topology segments.
+
+Fixes: https://pagure.io/freeipa/issue/9385
+Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ .../install/plugins/fix_replica_agreements.py | 80 +++++++++----------
+ 1 file changed, 38 insertions(+), 42 deletions(-)
+
+diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py
+index c0cdd3eb1..d963753d0 100644
+--- a/ipaserver/install/plugins/fix_replica_agreements.py
++++ b/ipaserver/install/plugins/fix_replica_agreements.py
+@@ -22,6 +22,7 @@ import logging
+ from ipaserver.install import replication
+ from ipalib import Registry
+ from ipalib import Updater
++from ipalib import errors
+ 
+ logger = logging.getLogger(__name__)
+ 
+@@ -41,35 +42,42 @@ class update_replica_attribute_lists(Updater):
+     def execute(self, **options):
+         # We need an LDAPClient connection to the backend
+         logger.debug("Start replication agreement exclude list update task")
+-        conn = self.api.Backend.ldap2
+ 
+-        repl = replication.ReplicationManager(self.api.env.realm,
+-                                              self.api.env.host,
+-                                              None, conn=conn)
+-
+-        # We need to update only IPA replica agreements, not winsync
+-        ipa_replicas = repl.find_ipa_replication_agreements()
+-
+-        logger.debug("Found %d agreement(s)", len(ipa_replicas))
+-
+-        for replica in ipa_replicas:
+-            for desc in replica.get('description', []):
+-                logger.debug('%s', desc)
+-
+-            self._update_attr(repl, replica,
+-                'nsDS5ReplicatedAttributeList',
+-                replication.EXCLUDES, template=EXCLUDE_TEMPLATE)
+-            self._update_attr(repl, replica,
+-                'nsDS5ReplicatedAttributeListTotal',
+-                replication.TOTAL_EXCLUDES, template=EXCLUDE_TEMPLATE)
+-            self._update_attr(repl, replica,
+-                'nsds5ReplicaStripAttrs', replication.STRIP_ATTRS)
++        # Find suffixes
++        suffixes = self.api.Command.topologysuffix_find()['result']
++        for suffix in suffixes:
++            suffix_name = suffix['cn'][0]
++            # Find segments
++            sgmts = self.api.Command.topologysegment_find(
++                suffix_name, all=True)['result']
++            for segment in sgmts:
++                updates = {}
++                updates = self._update_attr(
++                    segment, updates,
++                    'nsds5replicatedattributelist',
++                    replication.EXCLUDES, template=EXCLUDE_TEMPLATE)
++                updates = self._update_attr(
++                    segment, updates,
++                    'nsds5replicatedattributelisttotal',
++                    replication.TOTAL_EXCLUDES, template=EXCLUDE_TEMPLATE)
++                updates = self._update_attr(
++                    segment, updates,
++                    'nsds5replicastripattrs', replication.STRIP_ATTRS)
++                if updates:
++                    try:
++                        self.api.Command.topologysegment_mod(
++                            suffix_name, segment['cn'][0],
++                            **updates)
++                    except errors.EmptyModlist:
++                        # No update done
++                        logger.debug("No update required for the segment %s",
++                                     segment['cn'][0])
+ 
+         logger.debug("Done updating agreements")
+ 
+         return False, []  # No restart, no updates
+ 
+-    def _update_attr(self, repl, replica, attribute, values, template='%s'):
++    def _update_attr(self, segment, updates, attribute, values, template='%s'):
+         """Add or update an attribute of a replication agreement
+ 
+         If the attribute doesn't already exist, it is added and set to
+@@ -77,27 +85,21 @@ class update_replica_attribute_lists(Updater):
+         If the attribute does exist, `values` missing from it are just
+         appended to the end, also space-separated.
+ 
+-        :param repl: Replication manager
+-        :param replica: Replica agreement
++        :param: updates: dict containing the updates
++        :param segment: dict containing segment information
+         :param attribute: Attribute to add or update
+         :param values: List of values the attribute should hold
+         :param template: Template to use when adding attribute
+         """
+-        attrlist = replica.single_value.get(attribute)
++        attrlist = segment.get(attribute)
+         if attrlist is None:
+             logger.debug("Adding %s", attribute)
+ 
+             # Need to add it altogether
+-            replica[attribute] = [template % " ".join(values)]
+-
+-            try:
+-                repl.conn.update_entry(replica)
+-                logger.debug("Updated")
+-            except Exception as e:
+-                logger.error("Error caught updating replica: %s", str(e))
++            updates[attribute] = template % " ".join(values)
+ 
+         else:
+-            attrlist_normalized = attrlist.lower().split()
++            attrlist_normalized = attrlist[0].lower().split()
+             missing = [a for a in values
+                 if a.lower() not in attrlist_normalized]
+ 
+@@ -105,14 +107,8 @@ class update_replica_attribute_lists(Updater):
+                 logger.debug("%s needs updating (missing: %s)", attribute,
+                              ', '.join(missing))
+ 
+-                replica[attribute] = [
+-                    '%s %s' % (attrlist, ' '.join(missing))]
++                updates[attribute] = '%s %s' % (attrlist[0], ' '.join(missing))
+ 
+-                try:
+-                    repl.conn.update_entry(replica)
+-                    logger.debug("Updated %s", attribute)
+-                except Exception as e:
+-                    logger.error("Error caught updating %s: %s",
+-                                 attribute, str(e))
+             else:
+                 logger.debug("%s: No update necessary", attribute)
++        return updates
+-- 
+2.41.0
+
+From 93d97b59600c15e5028ee39b0e98450544165158 Mon Sep 17 00:00:00 2001
+From: Florence Blanc-Renaud <flo@redhat.com>
+Date: Mon, 19 Jun 2023 10:36:59 +0200
+Subject: [PATCH] Integration tests: add a test to ipa-server-upgrade
 
 Add an integration test ensuring that the upgrade
 properly updates the attributes to be excluded from
@@ -437,11 +174,12 @@ replication.
 Related: https://pagure.io/freeipa/issue/9385
 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
-
 ---
+ .../test_simple_replication.py                | 30 +++++++++++++++++++
+ 1 file changed, 30 insertions(+)
 
 diff --git a/ipatests/test_integration/test_simple_replication.py b/ipatests/test_integration/test_simple_replication.py
-index 17092a4..d1e65ef 100644
+index 17092a499..d1e65ef7c 100644
 --- a/ipatests/test_integration/test_simple_replication.py
 +++ b/ipatests/test_integration/test_simple_replication.py
 @@ -23,8 +23,10 @@ import pytest
@@ -490,4 +228,6 @@ index 17092a4..d1e65ef 100644
      def test_replica_removal(self):
          """Test replica removal"""
          result = self.master.run_command(['ipa-replica-manage', 'list'])
+-- 
+2.41.0
 
diff --git a/ipa.spec b/ipa.spec
index 9dfc118..6ecf9cf 100644
--- a/ipa.spec
+++ b/ipa.spec
@@ -189,7 +189,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        4%{?rc_version:.%rc_version}%{?dist}
+Release:        5%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPLv3+
@@ -1729,6 +1729,10 @@ fi
 %endif
 
 %changelog
+* Mon Jul 17 2023 Rafael Jeffman <rjeffman@redhat.com> - 4.9.12-5
+- Upgrade: fix replica agreement, fix backported patch
+  Related: RHBZ#2216551
+
 * Fri Jun 30 2023 Rafael Jeffman <rjeffman@redhat.com> - 4.9.12-4
 - kdb: Use-krb5_pac_full_sign_compat() when available
   Resolves: RHBZ#2176406
