From f0bd45fb0c1071006887dc10abac233d2756d951 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Thu, 13 Apr 2017 09:15:47 +0200
Subject: [PATCH] Move the compat plugin setup at the end of install
The compat plugin was causing deadlocks with the topology plugin. Move
its setup at the end of the installation and remove the
cn=topology,cn=ipa,cn=etc subtree from its scope.
https://pagure.io/freeipa/issue/6821
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
install/share/Makefile.am | 1 -
install/updates/10-schema_compat.update | 93 ---------------------
.../80-schema_compat.update} | 96 +++++++++++++++++++++-
install/updates/Makefile.am | 2 +-
ipaplatform/base/paths.py | 3 +-
ipaserver/install/dsinstance.py | 9 --
6 files changed, 98 insertions(+), 106 deletions(-)
delete mode 100644 install/updates/10-schema_compat.update
rename install/{share/schema_compat.uldif => updates/80-schema_compat.update} (55%)
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 9e539a3f30c2979de26575ba66bbb23fecd03a88..b27861da37153d77d693ce6e46340525bbd50173 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -65,7 +65,6 @@ dist_app_DATA = \
opendnssec_conf.template \
opendnssec_kasp.template \
unique-attributes.ldif \
- schema_compat.uldif \
ldapi.ldif \
wsgi.py \
repoint-managed-entries.ldif \
diff --git a/install/updates/10-schema_compat.update b/install/updates/10-schema_compat.update
deleted file mode 100644
index fbe8703407aacd75baf160630c20835a1b4ddc65..0000000000000000000000000000000000000000
--- a/install/updates/10-schema_compat.update
+++ /dev/null
@@ -1,93 +0,0 @@
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
-add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
-add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-# Fix for #4324 (regression of #1309)
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
-remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-
-# We need to add the value in a separate transaction
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-# Change padding for host and userCategory so the pad returns the same value
-# as the original, '' or -.
-dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
-replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
-default:objectClass: top
-default:objectClass: extensibleObject
-default:cn: computers
-default:schema-compat-container-group: cn=compat, $SUFFIX
-default:schema-compat-container-rdn: cn=computers
-default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
-default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
-default:schema-compat-entry-attribute: objectclass=device
-default:schema-compat-entry-attribute: objectclass=ieee802Device
-default:schema-compat-entry-attribute: cn=%{fqdn}
-default:schema-compat-entry-attribute: macAddress=%{macAddress}
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=Schema Compatibility,cn=plugins,cn=config
-# We need to run schema-compat pre-bind callback before
-# other IPA pre-bind callbacks to make sure bind DN is
-# rewritten to the original entry if needed
-add:nsslapd-pluginprecedence: 40
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: uid=%{uid}
-replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
diff --git a/install/share/schema_compat.uldif b/install/updates/80-schema_compat.update
similarity index 55%
rename from install/share/schema_compat.uldif
rename to install/updates/80-schema_compat.update
index 66f8ea1c31bc534b3ee134c6df6132f4318c81fc..06cbcab8ad809d95a907c161044ff91df827ebf3 100644
--- a/install/share/schema_compat.uldif
+++ b/install/updates/80-schema_compat.update
@@ -1,5 +1,6 @@
#
-# Enable the Schema Compatibility plugin provided by slapi-nis.
+# Setup the Schema Compatibility plugin provided by slapi-nis.
+# This should be done after all other updates have been applied
#
# http://slapi-nis.fedorahosted.org/
#
@@ -126,3 +127,96 @@ default:schema-compat-entry-attribute: macAddress=%{macAddress}
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
only:aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
+add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
+add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+# Fix for #4324 (regression of #1309)
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
+remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+
+# We need to add the value in a separate transaction
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+# Change padding for host and userCategory so the pad returns the same value
+# as the original, '' or -.
+dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
+replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=Schema Compatibility,cn=plugins,cn=config
+# We need to run schema-compat pre-bind callback before
+# other IPA pre-bind callbacks to make sure bind DN is
+# rewritten to the original entry if needed
+add:nsslapd-pluginprecedence: 40
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: uid=%{uid}
+replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 0ff0edb93abf4c4656b7504bd9ce8f774918fc2d..e18d01127b592a6c7941729d6160d10fb2d3e76c 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -9,7 +9,6 @@ app_DATA = \
10-selinuxusermap.update \
10-rootdse.update \
10-uniqueness.update \
- 10-schema_compat.update \
19-managed-entries.update \
20-aci.update \
20-dna.update \
@@ -62,6 +61,7 @@ app_DATA = \
73-custodia.update \
73-winsync.update \
73-certmap.update \
+ 80-schema_compat.update \
90-post_upgrade_plugins.update \
$(NULL)
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 9cf160fac483157b508dedac7a5fc26cb12c63a4..dbdd71ed0b4d69c1101db4aeb7d93152ab8aa730 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -236,7 +236,8 @@ class BasePathNamespace(object):
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
- SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+ SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
+ SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
UPDATES_DIR = "/usr/share/ipa/updates/"
DICT_WORDS = "/usr/share/dict/words"
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 99a1781ca4475805e9bf3b2bac3f26b5fb107a43..403fe8489fdd9e0dbf40dd4df3794b51185d45b9 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -38,7 +38,6 @@ from ipapython import dogtag
from ipaserver.install import service
from ipaserver.install import installutils
from ipaserver.install import certs
-from ipaserver.install import ldapupdate
from ipaserver.install import replication
from ipaserver.install import sysupgrade
from ipaserver.install import upgradeinstance
@@ -281,8 +280,6 @@ class DsInstance(service.Service):
self.step("configuring Posix uid/gid generation",
self.__config_uidgid_gen)
self.step("adding replication acis", self.__add_replication_acis)
- self.step("enabling compatibility plugin",
- self.__enable_compat_plugin)
self.step("activating sidgen plugin", self._add_sidgen_plugin)
self.step("activating extdom plugin", self._add_extdom_plugin)
self.step("tuning directory server", self.__tuning)
@@ -706,12 +703,6 @@ class DsInstance(service.Service):
def __add_winsync_module(self):
self._ldap_mod("ipa-winsync-conf.ldif")
- def __enable_compat_plugin(self):
- ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict)
- rv = ld.update([paths.SCHEMA_COMPAT_ULDIF])
- if not rv:
- raise RuntimeError("Enabling compatibility plugin failed")
-
def __config_version_module(self):
self._ldap_mod("version-conf.ldif")
--
2.12.2