Move the compat plugin setup at the end of install

The compat plugin was causing deadlocks with the topology plugin. Move its setup at the end of the installation and remove the cn=topology,cn=ipa,cn=etc subtree from its scope. https://pagure.io/freeipa/issue/6821 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-16 18:35:01 -06:00 · 2017-04-13 09:15:47 +02:00 · 2017-04-13 09:15:47 +02:00 · ddbbb1c58e
commit ddbbb1c58e
parent 0c0af8cf7a
6 changed files with 98 additions and 106 deletions
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@ -65,7 +65,6 @@ dist_app_DATA =				\
 	opendnssec_conf.template	\
 	opendnssec_kasp.template	\
 	unique-attributes.ldif		\
-	schema_compat.uldif		\
 	ldapi.ldif			\
 	wsgi.py				\
 	repoint-managed-entries.ldif	\
--- a/install/updates/10-schema_compat.update
+++ b/install/updates/10-schema_compat.update
@ -1,93 +0,0 @@
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
-add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
-add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-# Fix for #4324 (regression of #1309)
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
-remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
-remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
-remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-
-# We need to add the value in a separate transaction
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
-add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
-add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-# Change padding for host and userCategory so the pad returns the same value
-# as the original, '' or -.
-dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
-replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
-default:objectClass: top
-default:objectClass: extensibleObject
-default:cn: computers
-default:schema-compat-container-group: cn=compat, $SUFFIX
-default:schema-compat-container-rdn: cn=computers
-default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
-default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
-default:schema-compat-entry-attribute: objectclass=device
-default:schema-compat-entry-attribute: objectclass=ieee802Device
-default:schema-compat-entry-attribute: cn=%{fqdn}
-default:schema-compat-entry-attribute: macAddress=%{macAddress}
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-remove: schema-compat-ignore-subtree: cn=changelog
-remove: schema-compat-ignore-subtree: o=ipaca
-add: schema-compat-restrict-subtree: $SUFFIX
-add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
-add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
-
-dn: cn=Schema Compatibility,cn=plugins,cn=config
-# We need to run schema-compat pre-bind callback before
-# other IPA pre-bind callbacks to make sure bind DN is
-# rewritten to the original entry if needed
-add:nsslapd-pluginprecedence: 40
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
-add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
-add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
-add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
-
-dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
-add:schema-compat-entry-attribute: uid=%{uid}
-replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
--- a/install/updates/80-schema_compat.update
+++ b/install/updates/80-schema_compat.update
@ -1,5 +1,6 @@
 #
-# Enable the Schema Compatibility plugin provided by slapi-nis.
+# Setup the Schema Compatibility plugin provided by slapi-nis.
+# This should be done after all other updates have been applied
 #
 # http://slapi-nis.fedorahosted.org/
 #
@ -126,3 +127,96 @@ default:schema-compat-entry-attribute: macAddress=%{macAddress}
 dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
 only:aci: (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )

+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+only:schema-compat-entry-rdn:%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
+add:schema-compat-entry-attribute: sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
+add:schema-compat-entry-attribute: sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+# Fix for #4324 (regression of #1309)
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref("ipaSudoRunAs","cn")
+remove:schema-compat-entry-attribute:sudoRunAsUser=%{ipaSudoRunAsExtUser}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%%%{ipaSudoRunAsExtUserGroup}
+remove:schema-compat-entry-attribute:sudoRunAsUser=%deref("ipaSudoRunAs","uid")
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%{ipaSudoRunAsExtGroup}
+remove:schema-compat-entry-attribute:sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+
+# We need to add the value in a separate transaction
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-entry-attribute: sudoRunAsGroup=%deref_f("ipaSudoRunAsGroup","(objectclass=posixGroup)","cn")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
+add: schema-compat-entry-attribute: sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
+add: schema-compat-entry-attribute: sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+# Change padding for host and userCategory so the pad returns the same value
+# as the original, '' or -.
+dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
+replace: schema-compat-entry-attribute:nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})::nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","%ifeq(\"hostCategory\",\"all\",\"\",\"-\")",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","%ifeq(\"userCategory\",\"all\",\"\",\"-\")"),%{nisDomainName:-})
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=computers, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: computers
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=computers
+default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
+default:schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
+default:schema-compat-entry-attribute: objectclass=device
+default:schema-compat-entry-attribute: objectclass=ieee802Device
+default:schema-compat-entry-attribute: cn=%{fqdn}
+default:schema-compat-entry-attribute: macAddress=%{macAddress}
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: sudoOrder=%{sudoOrder}
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+remove: schema-compat-ignore-subtree: cn=changelog
+remove: schema-compat-ignore-subtree: o=ipaca
+add: schema-compat-restrict-subtree: $SUFFIX
+add: schema-compat-restrict-subtree: cn=Schema Compatibility,cn=plugins,cn=config
+add: schema-compat-ignore-subtree: cn=dna,cn=ipa,cn=etc,$SUFFIX
+
+dn: cn=Schema Compatibility,cn=plugins,cn=config
+# We need to run schema-compat pre-bind callback before
+# other IPA pre-bind callbacks to make sure bind DN is
+# rewritten to the original entry if needed
+add:nsslapd-pluginprecedence: 40
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
+add:schema-compat-entry-attribute: %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:$DOMAIN:%{ipauniqueid}","")
+add:schema-compat-entry-attribute: ipaanchoruuid=%{ipaanchoruuid}
+add:schema-compat-entry-attribute: %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
+
+dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
+add:schema-compat-entry-attribute: uid=%{uid}
+replace:schema-compat-entry-rdn: uid=%{uid}::uid=%first("%{uid}")
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@ -9,7 +9,6 @@ app_DATA =				\
 	10-selinuxusermap.update	\
 	10-rootdse.update		\
 	10-uniqueness.update		\
-	10-schema_compat.update		\
 	19-managed-entries.update	\
 	20-aci.update			\
 	20-dna.update			\
@ -62,6 +61,7 @@ app_DATA =				\
 	73-custodia.update		\
 	73-winsync.update		\
 	73-certmap.update		\
+	80-schema_compat.update \
 	90-post_upgrade_plugins.update	\
 	$(NULL)

--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@ -236,7 +236,8 @@ class BasePathNamespace(object):
    HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
    NIS_ULDIF = "/usr/share/ipa/nis.uldif"
    NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
-    SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
+    SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
+    SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
    IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
    UPDATES_DIR = "/usr/share/ipa/updates/"
    DICT_WORDS = "/usr/share/dict/words"
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -38,7 +38,6 @@ from ipapython import dogtag
 from ipaserver.install import service
 from ipaserver.install import installutils
 from ipaserver.install import certs
-from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
 from ipaserver.install import upgradeinstance
@ -281,8 +280,6 @@ class DsInstance(service.Service):
        self.step("configuring Posix uid/gid generation",
                  self.__config_uidgid_gen)
        self.step("adding replication acis", self.__add_replication_acis)
-        self.step("enabling compatibility plugin",
-                  self.__enable_compat_plugin)
        self.step("activating sidgen plugin", self._add_sidgen_plugin)
        self.step("activating extdom plugin", self._add_extdom_plugin)
        self.step("tuning directory server", self.__tuning)
@ -706,12 +703,6 @@ class DsInstance(service.Service):
    def __add_winsync_module(self):
        self._ldap_mod("ipa-winsync-conf.ldif")

-    def __enable_compat_plugin(self):
-        ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password, sub_dict=self.sub_dict)
-        rv = ld.update([paths.SCHEMA_COMPAT_ULDIF])
-        if not rv:
-            raise RuntimeError("Enabling compatibility plugin failed")
-
    def __config_version_module(self):
        self._ldap_mod("version-conf.ldif")