From e380acdc1c15af63413b7ac0d27ddea513535a5d Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 9 Sep 2013 08:15:11 +0000 Subject: [PATCH] Fix nsslapdPlugin object class after initial replication. This is a workaround for . https://fedorahosted.org/freeipa/ticket/3915 --- install/share/Makefile.am | 1 + install/share/schema-update.ldif | 7 +++++++ ipaserver/install/dsinstance.py | 5 +++++ ipaserver/install/krbinstance.py | 11 ----------- 4 files changed, 13 insertions(+), 11 deletions(-) create mode 100644 install/share/schema-update.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 5fff55bd1..58d568959 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -68,6 +68,7 @@ app_DATA = \ copy-schema-to-ca.py \ upload-cacert.ldif \ sasl-mapping-fallback.ldif \ + schema-update.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/schema-update.ldif b/install/share/schema-update.ldif new file mode 100644 index 000000000..93ff79ebf --- /dev/null +++ b/install/share/schema-update.ldif @@ -0,0 +1,7 @@ +# FIXME: https://fedorahosted.org/389/ticket/47490 + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' ) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 06f9e3a4b..35b705281 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -346,6 +346,7 @@ class DsInstance(service.Service): self.__common_setup(True) self.step("setting up initial replication", self.__setup_replica) + self.step("updating schema", self.__update_schema) # See LDIFs for automember configuration during replica install self.step("setting Auto Member configuration", self.__add_replica_automember_config) self.step("enabling S4U2Proxy delegation", self.__setup_s4u2proxy) @@ -368,6 +369,10 @@ class DsInstance(service.Service): r_bindpw=self.dm_password) self.run_init_memberof = repl.needs_memberof_fixup() + def __update_schema(self): + # FIXME: https://fedorahosted.org/389/ticket/47490 + self._ldap_mod("schema-update.ldif") + def __enable(self): self.backup_state("enabled", self.is_enabled()) # At the end of the installation ipa-server-install will enable the diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 3c59db853..a16e4d5f0 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -252,17 +252,6 @@ class KrbInstance(service.Service): # we need to remove any existing SASL mappings in the directory as otherwise they # they may conflict. - # FIXME: https://fedorahosted.org/389/ticket/47490 - entry = self.admin_conn.get_entry( - DN(('cn', 'schema')), ['objectClasses']) - entry['objectClasses'].append( - "( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' " - "DESC 'Netscape defined objectclass' SUP top " - "MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ " - "nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) " - "X-ORIGIN 'Netscape Directory Server' )") - self.admin_conn.update_entry(entry) - try: res = self.admin_conn.get_entries( DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),