|
 |
7e1b55 |
From 21574b261cf0d346da48e34c0a5383736ca8798b Mon Sep 17 00:00:00 2001
|
|
|
7e1b55 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
7e1b55 |
Date: Fri, 21 May 2021 14:56:32 +0200
|
|
|
7e1b55 |
Subject: [PATCH] Fix ipa-server-upgrade
|
|
|
7e1b55 |
|
|
|
7e1b55 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Francois Cami <fcami@redhat.com>
|
|
|
7e1b55 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
7e1b55 |
---
|
|
|
7e1b55 |
install/share/bootstrap-template.ldif | 2 +-
|
|
|
7e1b55 |
install/updates/73-subid.update | 2 +-
|
|
|
7e1b55 |
ipaserver/install/ldapupdate.py | 3 +++
|
|
|
7e1b55 |
3 files changed, 5 insertions(+), 2 deletions(-)
|
|
|
7e1b55 |
|
|
|
7e1b55 |
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
|
|
|
7e1b55 |
index 16f2ef822eaf56dd68d4140b22a607539645b151..325eb8450c786899e7b5e4ae2ef8978f42a8425b 100644
|
|
|
7e1b55 |
--- a/install/share/bootstrap-template.ldif
|
|
|
7e1b55 |
+++ b/install/share/bootstrap-template.ldif
|
|
|
7e1b55 |
@@ -491,7 +491,7 @@ cn: ${REALM}_subid_range
|
|
|
7e1b55 |
ipaBaseID: eval($SUBID_RANGE_START)
|
|
|
7e1b55 |
ipaIDRangeSize: eval($SUBID_RANGE_SIZE)
|
|
|
7e1b55 |
# HACK: RIDs to work around adtrust sidgen issue
|
|
|
7e1b55 |
-ipaBaseRID: eval($SUBID_RANGE_START - $IDRANGE_SIZE)
|
|
|
7e1b55 |
+ipaBaseRID: eval($SUBID_BASE_RID)
|
|
|
7e1b55 |
# 738065-838566 = IPA-SUB
|
|
|
7e1b55 |
ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH
|
|
|
7e1b55 |
# HACK: "ipa-local-subid" range type causes issues with older SSSD clients
|
|
|
7e1b55 |
diff --git a/install/updates/73-subid.update b/install/updates/73-subid.update
|
|
|
7e1b55 |
index e10703aa3f9528751233ddebe00b8c8c8fc5ed3f..890eb7f1f6f261af977f26b3457e765ee8e9791f 100644
|
|
|
7e1b55 |
--- a/install/updates/73-subid.update
|
|
|
7e1b55 |
+++ b/install/updates/73-subid.update
|
|
|
7e1b55 |
@@ -102,7 +102,7 @@ default: cn: ${REALM}_subid_range
|
|
|
7e1b55 |
default: ipaBaseID: $SUBID_RANGE_START
|
|
|
7e1b55 |
default: ipaIDRangeSize: $SUBID_RANGE_SIZE
|
|
|
7e1b55 |
# HACK: RIDs to work around adtrust sidgen issue
|
|
|
7e1b55 |
-default: ipaBaseRID: eval($SUBID_RANGE_START - $IDRANGE_SIZE)
|
|
|
7e1b55 |
+default: ipaBaseRID: eval($SUBID_BASE_RID)
|
|
|
7e1b55 |
default: ipaNTTrustedDomainSID: S-1-5-21-738065-838566-$DOMAIN_HASH
|
|
|
7e1b55 |
# HACK: "ipa-local-subid" range type causes issues with older SSSD clients
|
|
|
7e1b55 |
# see https://github.com/SSSD/sssd/issues/5571
|
|
|
7e1b55 |
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
|
|
|
7e1b55 |
index d0516dc3028366df5d03a960866abe72601aa4b6..06cb78e0b7dc2c82f0339c43228045d93b922288 100644
|
|
|
7e1b55 |
--- a/ipaserver/install/ldapupdate.py
|
|
|
7e1b55 |
+++ b/ipaserver/install/ldapupdate.py
|
|
|
7e1b55 |
@@ -59,8 +59,10 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
|
|
|
7e1b55 |
"""
|
|
|
7e1b55 |
if idstart is None:
|
|
|
7e1b55 |
idrange_size = None
|
|
|
7e1b55 |
+ subid_base_rid = None
|
|
|
7e1b55 |
else:
|
|
|
7e1b55 |
idrange_size = idmax - idstart + 1
|
|
|
7e1b55 |
+ subid_base_rid = constants.SUBID_RANGE_START - idrange_size
|
|
|
7e1b55 |
|
|
|
7e1b55 |
return dict(
|
|
|
7e1b55 |
REALM=realm,
|
|
|
7e1b55 |
@@ -81,6 +83,7 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None):
|
|
|
7e1b55 |
SUBID_RANGE_SIZE=constants.SUBID_RANGE_SIZE,
|
|
|
7e1b55 |
SUBID_RANGE_MAX=constants.SUBID_RANGE_MAX,
|
|
|
7e1b55 |
SUBID_DNA_THRESHOLD=constants.SUBID_DNA_THRESHOLD,
|
|
|
7e1b55 |
+ SUBID_BASE_RID=subid_base_rid,
|
|
|
7e1b55 |
DOMAIN_HASH=murmurhash3(domain, len(domain), 0xdeadbeef),
|
|
|
7e1b55 |
MAX_DOMAIN_LEVEL=constants.MAX_DOMAIN_LEVEL,
|
|
|
7e1b55 |
MIN_DOMAIN_LEVEL=constants.MIN_DOMAIN_LEVEL,
|
|
|
7e1b55 |
--
|
|
|
7e1b55 |
2.26.3
|
|
|
7e1b55 |
|