replication: ensure bind DN group check interval is set on replica config

This is a safeguard ensuring valid replica configuration against incorrectly
upgraded masters lacking 'nsds5replicabinddngroupcheckinterval' attribute on
their domain/ca topology config.

https://fedorahosted.org/freeipa/ticket/6508

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Martin Babinsky 2016-11-23 16:58:39 +01:00 committed by Martin Basti
parent 73d0d03891
commit 266b9d9c6c

View File

@ -456,6 +456,12 @@ class ReplicationManager(object):
if self.repl_man_group_dn not in binddn_groups:
mod.append((ldap.MOD_ADD, 'nsds5replicabinddngroup',
self.repl_man_group_dn))
if 'nsds5replicabinddngroupcheckinterval' not in entry:
mod.append(
(ldap.MOD_ADD,
'nsds5replicabinddngroupcheckinterval',
'60'))
if mod:
conn.modify_s(dn, mod)