Do not run trust upgrade code if master lacks Samba bindings

If a replica has no Samba bindings but there are trust agreements
configured on some trust controller, skip trust upgrade code on this
replica.

Resolves: https://pagure.io/freeipa/issue/8001
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Thomas Woerner <twoerner@redhat.com>
This commit is contained in:
Alexander Bokovoy 2019-11-17 19:37:03 +02:00 committed by Thomas Woerner
parent 7893fb9cb1
commit ba466a8021

View File

@ -24,6 +24,8 @@ except ImportError:
def ndr_unpack(x):
raise NotImplementedError
drsblobs = None
logger = logging.getLogger(__name__)
register = Registry()
@ -633,6 +635,10 @@ class update_tdo_to_new_layout(Updater):
logger.debug('AD Trusts are not enabled on this server')
return False, []
# If we have no Samba bindings, this master is not a trust controller
if drsblobs is None:
return False, []
ldap = self.api.Backend.ldap2
gidNumber = get_gidNumber(ldap, self.api.env)
if gidNumber is None: