replication: ensure bind DN group check interval is set on replica config

This is a safeguard ensuring valid replica configuration against incorrectly upgraded masters lacking 'nsds5replicabinddngroupcheckinterval' attribute on their domain/ca topology config. https://fedorahosted.org/freeipa/ticket/6508 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-11-23 16:58:39 +01:00
parent 8c6a10cedd
commit 9502ee5fb8
1 changed files with 6 additions and 0 deletions
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -454,6 +454,12 @@ class ReplicationManager(object):
            if replica_groupdn not in binddn_groups:
                mod.append((ldap.MOD_ADD, 'nsds5replicabinddngroup',
                            replica_groupdn))
+
+            if 'nsds5replicabinddngroupcheckinterval' not in entry:
+                mod.append(
+                    (ldap.MOD_ADD,
+                     'nsds5replicabinddngroupcheckinterval',
+                     '60'))
            if mod:
                conn.modify_s(dn, mod)