rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0149-Check-for-conflict-entries-before-raising-domain-lev.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   5239bb7aba634e6d066345637c5000ac7c33ed18
  2.   SOURCES
  3.   0149-Check-for-conflict-entries-before-raising-domain-lev.patch
Blob History Raw
34b659 
From 81a1bdae1743c4cd7aab296cb0a7474b9bd52b33 Mon Sep 17 00:00:00 2001
34b659 
From: Ludwig Krispenz <lkrispen@redhat.com>
34b659 
Date: Fri, 9 Dec 2016 15:04:21 +0100
34b659 
Subject: [PATCH] Check for conflict entries before raising domain level
34b659
34b659 
Checking of conflicts is not only done in topology container as
34b659 
tests showed it can occurs elsewhere
34b659
34b659 
https://fedorahosted.org/freeipa/ticket/6534
34b659
34b659 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
34b659 
---
34b659 
 ipaserver/plugins/domainlevel.py | 28 ++++++++++++++++++++++++++++
34b659 
 1 file changed, 28 insertions(+)
34b659
34b659 
diff --git a/ipaserver/plugins/domainlevel.py b/ipaserver/plugins/domainlevel.py
34b659 
index 23fa2a1b2f0f681ac215e96a651d688294df4b99..d8c508a64dd91a0a18e061d2af3080c8f1b38260 100644
34b659 
--- a/ipaserver/plugins/domainlevel.py
34b659 
+++ b/ipaserver/plugins/domainlevel.py
34b659 
@@ -48,6 +48,30 @@ def get_domainlevel_range(master_entry):
34b659 
         return DomainLevelRange(0, 0)
34b659
34b659
34b659 
+def check_conflict_entries(ldap, api, desired_value):
34b659 
+    """
34b659 
+    Check if conflict entries exist in topology subtree
34b659 
+    """
34b659 
+
34b659 
+    container_dn = DN(
34b659 
+        ('cn', 'ipa'),
34b659 
+        ('cn', 'etc'),
34b659 
+        api.env.basedn
34b659 
+    )
34b659 
+    conflict = "(nsds5replconflict=*)"
34b659 
+    subentry = "(|(objectclass=ldapsubentry)(objectclass=*))"
34b659 
+    try:
34b659 
+        ldap.get_entries(
34b659 
+            filter="(& %s %s)" % (conflict, subentry),
34b659 
+            base_dn=container_dn,
34b659 
+            scope=ldap.SCOPE_SUBTREE)
34b659 
+        message = _("Domain Level cannot be raised to {0}, "
34b659 
+                    "existing replication conflicts have to be resolved."
34b659 
+                    .format(desired_value))
34b659 
+        raise errors.InvalidDomainLevelError(reason=message)
34b659 
+    except errors.NotFound:
34b659 
+        pass
34b659 
+
34b659 
 def get_master_entries(ldap, api):
34b659 
     """
34b659 
     Returns list of LDAPEntries representing IPA masters.
34b659 
@@ -131,6 +155,10 @@ class domainlevel_set(Command):
34b659 
                             .format(desired_value, master['cn'][0]))
34b659 
                 raise errors.InvalidDomainLevelError(reason=message)
34b659
34b659 
+        # Check if conflict entries exist in topology subtree
34b659 
+        # should be resolved first
34b659 
+        check_conflict_entries(ldap, self.api, desired_value)
34b659 
+
34b659 
         current_entry.single_value['ipaDomainLevel'] = desired_value
34b659 
         ldap.update_entry(current_entry)
34b659
34b659 
--
34b659 
2.7.4
34b659

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation