From 405446b0f08551fa82fd0f6d71f219d68641732b Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Wed, 23 Nov 2016 16:58:39 +0100 Subject: [PATCH] replication: ensure bind DN group check interval is set on replica config This is a safeguard ensuring valid replica configuration against incorrectly upgraded masters lacking 'nsds5replicabinddngroupcheckinterval' attribute on their domain/ca topology config. https://fedorahosted.org/freeipa/ticket/6508 Reviewed-By: Florence Blanc-Renaud --- ipaserver/install/replication.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index b8b665267ea8debba9f0ce01f54a78cd67d88292..e9624894d7d1e745be8072268fa76d51a8c117e3 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -452,6 +452,12 @@ class ReplicationManager(object): if replica_groupdn not in binddn_groups: mod.append((ldap.MOD_ADD, 'nsds5replicabinddngroup', replica_groupdn)) + + if 'nsds5replicabinddngroupcheckinterval' not in entry: + mod.append( + (ldap.MOD_ADD, + 'nsds5replicabinddngroupcheckinterval', + '60')) if mod: conn.modify_s(dn, mod) -- 2.7.4