Disable replication version plugin by default.

The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.

When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.

Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.

ticket 918

daemons/ipa-slapi-plugins/ipa-version/version-conf.ldif

@@ -7,7 +7,7 @@ cn: IPA Version Replication
 nsslapd-pluginpath: libipa_repl_version
 nsslapd-plugininitfunc: repl_version_plugin_init
 nsslapd-plugintype: preoperation
-nsslapd-pluginenabled: on
+nsslapd-pluginenabled: off
 nsslapd-pluginid: ipa_repl_version
 nsslapd-pluginversion: 1.0
 nsslapd-pluginvendor: Red Hat, Inc.

install/tools/ipa-replica-prepare

@@ -29,7 +29,7 @@ from optparse import OptionParser
 from ipapython import ipautil
 from ipaserver.install import bindinstance, dsinstance, installutils, certs
 from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr
-from ipaserver.install.replication import check_replication_plugin
+from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
 from ipalib import api, errors, util
@@ -296,6 +296,8 @@ def main():
         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
 
     print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host)
+    enable_replication_version_checking(api.env.host, api.env.realm,
+        dirman_password)
 
     subject_base = get_subject_base(api.env.host, dirman_password, util.realm_to_suffix(api.env.realm))
 

ipaserver/install/dsinstance.py

@@ -289,6 +289,10 @@ class DsInstance(service.Service):
 
 
     def __setup_replica(self):
+        replication.enable_replication_version_checking(self.fqdn,
+            self.realm_name,
+            self.dm_password)
+
         repl = replication.ReplicationManager(self.realm_name,
                                               self.fqdn,
                                               self.dm_password)

ipaserver/install/replication.py

@@ -22,6 +22,7 @@ import time, logging
 import os
 import ldap
 from ipaserver import ipaldap
+from ipaserver.install.service import restart
 from ldap import modlist
 from ipalib import util
 from ipalib import errors
@@ -53,6 +54,26 @@ def check_replication_plugin():
 
     return True
 
+def enable_replication_version_checking(hostname, realm, dirman_passwd):
+    """
+    Check the replication version checking plugin. If it is not
+    enabled then enable it and restart 389-ds. If it is enabled
+    the do nothing.
+    """
+    conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT)
+    if dirman_passwd:
+        conn.do_simple_bind(bindpw=dirman_passwd)
+    else:
+        conn.sasl_interactive_bind_s('', SASL_AUTH)
+    entry = conn.search_s('cn=IPA Version Replication,cn=plugins,cn=config', ldap.SCOPE_BASE, 'objectclass=*')
+    if entry[0].getValue('nsslapd-pluginenabled') == 'off':
+        conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 'nsslapd-pluginenabled', 'on')])
+        conn.unbind()
+        serverid = "-".join(realm.split("."))
+        restart("dirsrv", instance_name=serverid)
+    else:
+        conn.unbind()
+
 class ReplicationManager:
     """Manage replication agreements between DS servers, and sync
     agreements with Windows servers"""