|
|
f65af0 |
From e561f8bb163e68766b61bca72619a54cc5e8bc2d Mon Sep 17 00:00:00 2001
|
|
|
979ee0 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
979ee0 |
Date: Tue, 21 Aug 2018 11:37:17 +0200
|
|
|
979ee0 |
Subject: [PATCH] DS replication settings: fix regression with <3.3 master
|
|
|
979ee0 |
|
|
|
979ee0 |
Commit 811b0fdb4620938963f1a29d3fdd22257327562c introduced a regression
|
|
|
979ee0 |
when configuring replication with a master < 3.3
|
|
|
979ee0 |
Even if 389-ds schema is extended with nsds5ReplicaReleaseTimeout,
|
|
|
979ee0 |
nsds5ReplicaBackoffMax and nsDS5ReplicaBindDnGroupCheckInterval
|
|
|
979ee0 |
attributes, it will return UNWILLING_TO_PERFORM when a mod
|
|
|
979ee0 |
operation is performed on the cn=replica entry.
|
|
|
979ee0 |
|
|
|
979ee0 |
This patch ignores the error and logs a debug msg.
|
|
|
979ee0 |
|
|
|
979ee0 |
See: https://pagure.io/freeipa/issue/7617
|
|
|
979ee0 |
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
|
|
979ee0 |
---
|
|
|
979ee0 |
ipaserver/install/replication.py | 16 +++++++++++++++-
|
|
|
979ee0 |
1 file changed, 15 insertions(+), 1 deletion(-)
|
|
|
979ee0 |
|
|
|
979ee0 |
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
|
|
|
f65af0 |
index 78c4a43cc9b8d9a6740d26209f347f64b879743e..92a99cd9482f86d6820230479bf94c871669572e 100644
|
|
|
979ee0 |
--- a/ipaserver/install/replication.py
|
|
|
979ee0 |
+++ b/ipaserver/install/replication.py
|
|
|
f65af0 |
@@ -22,6 +22,7 @@ from __future__ import print_function, absolute_import
|
|
|
f65af0 |
import logging
|
|
|
979ee0 |
import itertools
|
|
|
979ee0 |
|
|
|
979ee0 |
+import re
|
|
|
979ee0 |
import six
|
|
|
979ee0 |
import time
|
|
|
979ee0 |
import datetime
|
|
|
f65af0 |
@@ -600,7 +601,20 @@ class ReplicationManager(object):
|
|
|
979ee0 |
r_conn.simple_bind(r_binddn, r_bindpw)
|
|
|
979ee0 |
else:
|
|
|
979ee0 |
r_conn.gssapi_bind()
|
|
|
979ee0 |
- self._finalize_replica_settings(r_conn)
|
|
|
979ee0 |
+ # If the remote server has 389-ds < 1.3, it does not
|
|
|
979ee0 |
+ # support the attributes we are trying to set.
|
|
|
979ee0 |
+ # Find which 389-ds is installed
|
|
|
979ee0 |
+ rootdse = r_conn.get_entry(DN(''), ['vendorVersion'])
|
|
|
979ee0 |
+ version = rootdse.single_value.get('vendorVersion')
|
|
|
979ee0 |
+ mo = re.search(r'(\d+)\.(\d+)\.(\d+)[\.\d]*', version)
|
|
|
979ee0 |
+ vendor_version = tuple(int(v) for v in mo.groups())
|
|
|
979ee0 |
+ if vendor_version >= (1, 3, 0):
|
|
|
979ee0 |
+ # 389-ds understands the replication attributes,
|
|
|
979ee0 |
+ # we can safely modify them
|
|
|
979ee0 |
+ self._finalize_replica_settings(r_conn)
|
|
|
979ee0 |
+ else:
|
|
|
f65af0 |
+ logger.debug("replication attributes not supported "
|
|
|
979ee0 |
+ "on remote master, skipping update.")
|
|
|
979ee0 |
r_conn.close()
|
|
|
979ee0 |
|
|
|
979ee0 |
def setup_chaining_backend(self, conn):
|
|
|
979ee0 |
--
|
|
|
979ee0 |
2.17.1
|
|
|
979ee0 |
|