rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3c1392be1b
ipa/freeipa-3.0.0.pre1-036-fix-detection-of-deleted-masters.patch
Martin Kosek 3c91c125af Add missing 3.0.0 beta 2 development patches
2012-08-06 18:17:49 +02:00

63 lines
3.2 KiB
Diff
Raw Blame History

From 32c1aa45b3d41e15adb2ca8f8713e774046bc340 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Thu, 12 Jul 2012 15:04:03 -0400
Subject: [PATCH 36/79] Fix detection of deleted masters
When setting up agreements we need to be careful in not allowing to
'reconnect' a master that was previously completely deleted as it would
misses entries that are vital for proper functioning. This change in code
fixes 2 problems with the current approach.
1) it removes false positives when we are tryig to reconnect a replica that
was previosuly merely disconnected but was still part of the domain and just
replicating via a different topology and not a direct link
2) adds checks for entries that are deleted when an actual removal is
performed. so that we cannot 'reconnect' previously unrelated replicas when
one of the 2 has been permanently deleted from the masters tree.
Second part of ticket https://fedorahosted.org/freeipa/ticket/2925
---
install/tools/ipa-replica-manage | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index a039ccaa26976262d8f05ac068403b73c6ca735b..b095daf03aa0dfd7dd93f4809496467c83cfc5e3 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -401,18 +401,24 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
options.passsync, options.win_subtree,
options.cacert)
else:
- # First see if we already exist on the remote master. If so this was
- # a previously deleted connection.
+ # Check if the master entry exists for both servers.
+ # If one of the tree misses one of the entries, it means one of the
+ # replicas was fully deleted previously and needs to be reinstalled
+ # from scratch
try:
+ masters_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), (api.env.basedn))
+ master1_dn = str(DN(('cn', replica1), masters_dn))
+ master2_dn = str(DN(('cn', replica2), masters_dn))
+
+ repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
+ repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
+
repl2 = replication.ReplicationManager(realm, replica2, dirman_passwd)
- master_dn = repl2.replica_dn()
- binddn = str(DN(('krbprincipalname','ldap/%s@%s' % (replica1, api.env.realm)),(api.env.container_service),(api.env.basedn)))
- master = repl2.conn.getEntry(master_dn, ldap.SCOPE_BASE)
- binddns = master.getValues('nsDS5ReplicaBindDN')
- if binddns and binddn in binddns:
- sys.exit("You cannot connect to a previously deleted master")
+ repl2.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
+ repl2.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
+
except errors.NotFound:
- pass
+ sys.exit("You cannot connect to a previously deleted master")
repl1.setup_gssapi_replication(replica2, "cn=Directory Manager", dirman_passwd)
print "Connected '%s' to '%s'" % (replica1, replica2)
--
1.7.11.2
Reference in New Issue View Git Blame Copy Permalink