- Resolves: RHEL-95010 [RFE] Give warning when adding user with UID out of any ID range - Resolves: RHEL-93890 Include latest fixes in python3-ipatests package - Resolves: RHEL-93887 ipa idrange-add --help should be more clear about required options - Resolves: RHEL-93483 Unable to modify IPA config; --ipaconfigstring="" causes internal error - Resolves: RHEL-88834 kdb: ipadb_get_connection() succeeds but returns null LDAP context - Resolves: RHEL-68800 ipa-migrate with LDIF file from backup of remote server, fails with error 'change collided with another change'
67 lines
2.6 KiB
Diff
67 lines
2.6 KiB
Diff
From 5f632d9d7813f89d498cfb21c8472ff3cac2538a Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Tue, 29 Apr 2025 13:55:23 -0400
|
|
Subject: [PATCH] ipa-migrate - remove replication state information
|
|
|
|
Remove replication state information (happens when LDIFs are used).
|
|
State information is written like:
|
|
|
|
attribute;adcsn=<CSN>
|
|
|
|
But we also support ";binary" which should not be removed so special
|
|
handling is needed in that case.
|
|
|
|
Signed-off-by: Mark Reynolds <mareynol@redhat.com>
|
|
Fixes: https://pagure.io/freeipa/issue/9776
|
|
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
---
|
|
ipaserver/install/ipa_migrate.py | 16 ++++++++++++----
|
|
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
|
|
index 95ef0ac5adc830d04a6bb3a899b20aae86a77072..8ef0071f5c2edc1ce6cba780ac9a7d74122ea79d 100644
|
|
--- a/ipaserver/install/ipa_migrate.py
|
|
+++ b/ipaserver/install/ipa_migrate.py
|
|
@@ -202,6 +202,14 @@ def decode_attr_vals(entry_attrs):
|
|
decoded_attrs = {}
|
|
for attr in entry_attrs:
|
|
vals = ensure_list_str(entry_attrs[attr])
|
|
+ # Remove replication state data, but don't remove ";binary"
|
|
+ # e.g. userCertififccate;binary;adcsn=<CSN>
|
|
+ parts = attr.split(";")
|
|
+ if len(parts) > 1 and not attr.endswith(";binary"):
|
|
+ if parts[1] == "binary":
|
|
+ attr = parts[0] + ";binary"
|
|
+ else:
|
|
+ attr = parts[0]
|
|
decoded_attrs[attr] = vals
|
|
return decoded_attrs
|
|
|
|
@@ -269,19 +277,19 @@ class LDIFParser(ldif.LDIFParser):
|
|
if self.mc is None:
|
|
return
|
|
|
|
+ entry_attrs = decode_attr_vals(entry)
|
|
if self.get_realm:
|
|
# Get the realm from krb container
|
|
if DN(("cn", "kerberos"), self.mc.remote_suffix) in DN(dn):
|
|
# check objectclass krbrealmcontainer
|
|
oc_attr = 'objectClass'
|
|
- if 'objectclass' in entry:
|
|
+ if 'objectclass' in entry_attrs:
|
|
oc_attr = 'objectclass'
|
|
- if 'krbrealmcontainer' in ensure_list_str(entry[oc_attr]):
|
|
- self.mc.remote_realm = ensure_str(entry['cn'][0])
|
|
+ if 'krbrealmcontainer' in entry_attrs[oc_attr]:
|
|
+ self.mc.remote_realm = ensure_str(entry_attrs['cn'][0])
|
|
self.mc.log_debug("Found remote realm from ldif: "
|
|
f"{self.mc.remote_realm}")
|
|
else:
|
|
- entry_attrs = decode_attr_vals(entry)
|
|
self.mc.process_db_entry(entry_dn=dn, entry_attrs=entry_attrs)
|
|
|
|
|
|
--
|
|
2.49.0
|
|
|