rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport #5212 for deployment failures with 389-ds-base 1.4.4.6+

Browse Source
This commit is contained in:
Adam Williamson 2020-10-28 15:16:06 -07:00
parent deafacd653
commit f5ffc4abf3
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
5212.patch Normal file
View File

@ -0,0 +1,56 @@
From 2695789db45c2e7fe92e53a49521dc22fdffe317 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 28 Oct 2020 10:34:31 -0400
Subject: [PATCH] New validation efforts in 389-ds-base require that the
backend entry for a database be created before the mapping tree entry. This
enforces that the mapping tree entry (the suffix) actually belongs to an
existing backend.
For IPA we simply need to reverse the order of the backend vs mapping tree
creation in cainstance.py -> __create_ds_db()
Fixes: https://pagure.io/freeipa/issue/8558
---
ipaserver/install/cainstance.py | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index fca829de094..1c2fab1dffb 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1162,17 +1162,6 @@ def __create_ds_db(self):
backend = 'ipaca'
suffix = DN(('o', 'ipaca'))
- # replication
- dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
- entry = api.Backend.ldap2.make_entry(
- dn,
- objectclass=["top", "extensibleObject", "nsMappingTree"],
- cn=[suffix],
- )
- entry['nsslapd-state'] = ['Backend']
- entry['nsslapd-backend'] = [backend]
- api.Backend.ldap2.add_entry(entry)
-
# database
dn = DN(('cn', 'ipaca'), ('cn', 'ldbm database'), ('cn', 'plugins'),
('cn', 'config'))
@@ -1184,6 +1173,17 @@ def __create_ds_db(self):
entry['nsslapd-suffix'] = [suffix]
api.Backend.ldap2.add_entry(entry)
+ # replication
+ dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config'))
+ entry = api.Backend.ldap2.make_entry(
+ dn,
+ objectclass=["top", "extensibleObject", "nsMappingTree"],
+ cn=[suffix],
+ )
+ entry['nsslapd-state'] = ['Backend']
+ entry['nsslapd-backend'] = [backend]
+ api.Backend.ldap2.add_entry(entry)
+
def __setup_replication(self):
repl = replication.CAReplicationManager(self.realm, self.fqdn)
repl.setup_cs_replication(self.master_host)

8
freeipa.spec
View File

@ -161,7 +161,7 @@
Name: %{package_name} Name: %{package_name}
Version: %{IPA_VERSION} Version: %{IPA_VERSION}
Release: 6%{?dist} Release: 7%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
License: GPLv3+ License: GPLv3+
@ -171,6 +171,9 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.as
Patch0: freeipa-4.8.10-systemd-resolved.patch Patch0: freeipa-4.8.10-systemd-resolved.patch
Patch1: freeipa-4.8.10-systemd-resolved-configuration.patch Patch1: freeipa-4.8.10-systemd-resolved-configuration.patch
Patch2: freeipa-4.8.10-systemd-resolved-selinux-fixes.patch Patch2: freeipa-4.8.10-systemd-resolved-selinux-fixes.patch
# https://github.com/freeipa/freeipa/pull/5212
# Fix deployment errors with 389-ds-base 1.4.4.6+
Patch3: 5212.patch
# For the timestamp trick in patch application # For the timestamp trick in patch application
BuildRequires: diffstat BuildRequires: diffstat
@ -1542,6 +1545,9 @@ fi
%endif %endif
%changelog %changelog
* Wed Oct 28 2020 Adam Williamson <awilliam@redhat.com> - 4.8.10-7
- Backport #5212 for deployment failures with 389-ds-base 1.4.4.6+
* Tue Oct 13 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-6 * Tue Oct 13 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.10-6
- Handle sshd_config upgrade properly - Handle sshd_config upgrade properly
Fixes: rhbz#1887928 Fixes: rhbz#1887928