IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Handle principal not found errors when converting replication a greements

Browse Source 
There are times where one side or the other is missing its peers
krbprincipalname when converting from simple to GSSAPI replication. Ticket
1188 should address the cause of this.

This patch provides better information and handling should either side
be missing.

ticket 1044
This commit is contained in:
Rob Crittenden
2011-04-28 08:57:36 -04:00
committed by Martin Kosek
parent 8472dc26b7
commit 1dd7364b7b
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipaserver/install/replication.py
View File

@@ -441,6 +441,13 @@ class ReplicationManager:
a_pn = b.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_a)
b_pn = a.search_s(self.suffix, ldap.SCOPE_SUBTREE, filterstr=filter_b)
if a_pn is None:
logging.critical('Unable to find entry for %s on %s' % (filter_a, str(b)))
if b_pn is None:
logging.critical('Unable to find entry for %s on %s' % (filter_b, str(a)))
if a_pn is None or b_pn is None:
raise RuntimeError('Replication agreement cannot be converted')
# Add kerberos principal DNs as valid bindDNs for replication
try:
mod = [(ldap.MOD_ADD, "nsds5replicabinddn", b_pn[0].dn)]