Handle updating replication agreements that lack nsDS5ReplicatedAttributeList

When updating from 2.x we need to add nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal if they aren't present. If nsDS5ReplicatedAttributeList is present and doesn't contain memberof then we want to add it. https://fedorahosted.org/freeipa/ticket/2594
2025-02-25 18:55:28 -06:00 · 2012-03-30 13:42:31 -04:00 · 2012-03-30 13:42:31 -04:00 · 16b38d39b3
commit 16b38d39b3
parent 56fa06fec4
1 changed files with 21 additions and 1 deletions
--- a/ipaserver/install/plugins/fix_replica_memberof.py
+++ b/ipaserver/install/plugins/fix_replica_memberof.py
@ -33,6 +33,12 @@ class update_replica_memberof(PreUpdate):
    order=MIDDLE

    def execute(self, **options):
+        totalexcludes = ('entryusn',
+                         'krblastsuccessfulauth',
+                         'krblastfailedauth',
+                         'krbloginfailedcount')
+        excludes = ('memberof', ) + totalexcludes
+
        # We need an IPAdmin connection to the backend
        conn = ipaldap.IPAdmin(api.env.host, ldapi=True, realm=api.env.realm)
        conn.do_external_bind(pwd.getpwuid(os.geteuid()).pw_name)
@ -43,7 +49,21 @@ class update_replica_memberof(PreUpdate):
        self.log.debug("Found %d agreement(s)" % len(entries))
        for replica in entries:
            self.log.debug(replica.description)
-            if 'memberof' not in replica.nsDS5ReplicatedAttributeList:
+            attrlist = replica.getValue('nsDS5ReplicatedAttributeList')
+            if attrlist is None:
+                self.log.debug("Adding nsDS5ReplicatedAttributeList and nsDS5ReplicatedAttributeListTotal")
+                current = replica.toDict()
+                # Need to add it altogether
+                replica.setValues('nsDS5ReplicatedAttributeList',
+                    '(objectclass=*) $ EXCLUDE %s' % " ".join(excludes))
+                replica.setValues('nsDS5ReplicatedAttributeListTotal',
+                    '(objectclass=*) $ EXCLUDE %s' % " ".join(totalexcludes))
+                try:
+                    repl.conn.updateEntry(replica.dn, current, replica.toDict())
+                    self.log.debug("Updated")
+                except Exception, e:
+                    self.log.error("Error caught updating replica: %s" % str(e))
+            elif 'memberof' not in attrlist.lower():
                self.log.debug("Attribute list needs updating")
                current = replica.toDict()
                replica.setValue('nsDS5ReplicatedAttributeList',